package_managers: yarn: _resolve_package: Initialize 'name' & 'version'

Although impossible (with the assert_never sink) CodeQL still reports them as potentially being uninitialized. Resolves: https://github.com/containerbuildsystem/cachi2/security/code-scanning/170 Resolves: https://github.com/containerbuildsystem/cachi2/security/code-scanning/169 Signed-off-by: Erik Skultety <eskultet@redhat.com>
containerbuildsystem · Aug 1, 2024 · 05e8654 · 05e8654
1 parent 36b011c
commit 05e8654
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/cachi2/core/package_managers/yarn/resolver.py b/cachi2/core/package_managers/yarn/resolver.py
@@ -285,6 +285,8 @@ def log_for_locator(msg: str, *args: Any, level: int = logging.DEBUG) -> None:
 
         locator = package.parsed_locator
         checksum = package.checksum
+        name = None
+        version = None
 
         if isinstance(locator, NpmLocator):
             # npm dependencies have reliable names and versions in yarn info output