Skip to content

Commit

Permalink
Fixes Dependabot-SharedHelpers-HelperSubprocessFailed (#10308)
Browse files Browse the repository at this point in the history
* Adds exception handling and adds test cases
  • Loading branch information
sachin-sandhu authored Jul 30, 2024
1 parent f3cf981 commit df3fa65
Show file tree
Hide file tree
Showing 11 changed files with 391 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,12 @@ def updated_lockfile_reponse(response)
NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
EOVERRIDE = /EOVERRIDE\n *.* Override for (?<deps>.*) conflicts with direct dependency/
NESTED_ALIAS = /nested aliases not supported/
PEER_DEPS_PATTERNS = T.let([/Cannot read properties of null/,
/ERESOLVE overriding peer dependency/].freeze, T::Array[Regexp])

ERROR_E401 = /code E401/
ERROR_E403 = /code E403/
ERROR_EAI_AGAIN = /request to (?<url>.*) failed, reason: getaddrinfo EAI_AGAIN/

# TODO: look into fixing this in npm, seems like a bug in the git
# downloader introduced in npm 7
Expand Down Expand Up @@ -397,6 +403,20 @@ def handle_npm_updater_error(error)
Dependabot.logger.warn("NPM : " + error.message)

error_message = error.message

# message groups which are related to peer dependency resolution failure. Peer deps can be updated
# with --legacy-peer-deps flag, but it is not recommended as the flag can mess up dependency resolution
# and introduce breaking changes. So we let the update fail.
peerdep_group = Regexp.union(PEER_DEPS_PATTERNS)
if error_message.match(peerdep_group)
raise Dependabot::DependencyFileNotResolvable,
"Error while updating peer dependency."
end

if error_message.match?(ERROR_E401) || error_message.match?(ERROR_E403)
raise Dependabot::PrivateSourceAuthenticationFailure, error_message
end

if error_message.match?(MISSING_PACKAGE)
package_name = T.must(error_message.match(MISSING_PACKAGE))
.named_captures["package_req"]
Expand Down Expand Up @@ -520,6 +540,11 @@ def handle_npm_updater_error(error)
raise Dependabot::PrivateSourceAuthenticationFailure, msg
end

if (git_source = error_message.match(ERROR_EAI_AGAIN))
msg = "Network Error. Access to #{git_source.named_captures.fetch('url')} failed."
raise Dependabot::PrivateSourceTimedOut, msg
end

if (registry_source = error_message.match(INVALID_AUTH_TOKEN) ||
error_message.match(MISSING_AUTH_TOKEN)) &&
T.must(registry_source.named_captures.fetch("url")).include?(NPM_PACKAGE_REGISTRY)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -767,6 +767,32 @@
expect { updated_npm_lock }.to raise_error(Dependabot::PrivateSourceAuthenticationFailure)
end
end

context "with a dependency with no access and E401 error" do
let(:response) { "code E401\nnpm ERR! Incorrect or missing password.\nnpm ERR!" }

it "raises a helpful error" do
expect { updated_npm_lock }.to raise_error(Dependabot::PrivateSourceAuthenticationFailure) do |error|
expect(error.message)
.to include(
"code E401"
)
end
end
end

context "with a registry with access that results in eai access code failure" do
let(:response) { "\n. request to https://registry.npmjs.org/next failed, reason: getaddrinfo EAI_AGAIN ." }

it "raises a helpful error" do
expect { updated_npm_lock }.to raise_error(Dependabot::PrivateSourceTimedOut) do |error|
expect(error.message)
.to include(
"Network Error. Access to https://registry.npmjs.org/next failed"
)
end
end
end
end

context "with a override that conflicts with direct dependency" do
Expand Down Expand Up @@ -808,4 +834,49 @@
expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
end
end

context "with a dependency with no access" do
let(:files) { project_dependency_files("npm/simple_with_no_access") }
let(:dependency_name) { "typescript" }
let(:version) { "5.5.4" }
let(:previous_version) { "^5.1.5" }
let(:requirements) do
[{
file: "package.json",
requirement: "^5.1.5",
groups: ["devDependencies"],
source: nil
}]
end
let(:previous_requirements) { requirements }

it "raises a helpful error" do
expect { updated_npm_lock_content }.to raise_error(Dependabot::PrivateSourceAuthenticationFailure)
end
end

context "with a peer dependency that is unresolved" do
let(:files) { project_dependency_files("npm/simple_with_peer_deps") }
let(:dependency_name) { "eslint" }
let(:version) { "9.8.0" }
let(:previous_version) { "^8.43.0" }
let(:requirements) do
[{
file: "package.json",
requirement: "^8.43.0",
groups: ["devDependencies"],
source: nil
}]
end
let(:previous_requirements) { requirements }

it "raises a helpful error" do
expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable) do |error|
expect(error.message)
.to include(
"Error while updating peer dependency."
)
end
end
end
end

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"version": "1.0.0",
"description": "<PROJECT_DESCRIPTION>",
"main": "index.js",
"scripts": {

},
"repository": {
"type": "git",
"url": "git@gxyz/<REPOSITORY_NAME>.git"
},
"keywords": [
"api",
"npm",
"obp"
],
"author": "abc",
"dependencies": {
"joi": "17.9.2",
"pg": "8.11.1",
"pg-promise": "11.5.0",
"typeorm": "0.3.6"
},
"devDependencies": {
"@typescript-eslint/eslint-plugin": "5.60.0",
"@typescript-eslint/parser": "5.60.0",
"eslint": "8.43.0",
"eslint-config-prettier": "8.5.0",
"eslint-plugin-deprecation": "1.4.1",
"eslint-plugin-prettier": "4.2.1"
},
"eslintConfig": {
}
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"version": "1.0.0",
"description": "<PROJECT_DESCRIPTION>",
"main": "index.js",
"scripts": {

},
"repository": {
"type": "git",
"url": "git@gxyz/<REPOSITORY_NAME>.git"
},
"keywords": [
"api",
"npm",
"obp"
],
"author": "athena",
"dependencies": {
"@aws-sdk/signature-v4-crt": "3.88.0",
"@nbm/api-toolkit": "^6.0.0",
"@nbm/event-notifier": "^3.0.0",
"aws-lambda-multipart-parser": "0.1.3",
"axios": "1.4.0",
"class-transformer": "0.5.1",
"joi": "17.9.2",
"pg": "8.11.1",
"pg-promise": "11.5.0",
"typeorm": "0.3.6"
},
"devDependencies": {
"@typescript-eslint/eslint-plugin": "5.60.0",
"@typescript-eslint/parser": "5.60.0",
"eslint": "8.43.0",
"eslint-config-prettier": "8.5.0",
"eslint-plugin-deprecation": "1.4.1",
"eslint-plugin-prettier": "4.2.1"
},
"eslintConfig": {
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
audit=true
audit-level=critical
color=true
package-lock=true
save-prefix=^
strict-ssl=false
registry=https://registry.npmjs.org
@nbm:registry=https://npm.pkg.com/

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"version": "1.0.0",
"description": "<PROJECT_DESCRIPTION>",
"main": "index.js",
"scripts": {

},
"repository": {
"type": "git",
"url": "git@gxyz/<REPOSITORY_NAME>.git"
},
"keywords": [
"api",
"npm",
"obp"
],
"author": "abc",
"dependencies": {
"@aws-sdk/signature-v4-crt": "3.88.0",
"@nbm/api-toolkit": "^6.0.0",
"@nbm/event-notifier": "^3.0.0",
"aws-lambda-multipart-parser": "0.1.3",
"axios": "1.4.0",
"class-transformer": "0.5.1",
"joi": "17.9.2",
"pg": "8.11.1",
"pg-promise": "11.5.0",
"typeorm": "0.3.6"
},
"devDependencies": {
"@typescript-eslint/eslint-plugin": "5.60.0",
"@typescript-eslint/parser": "5.60.0",
"eslint": "8.43.0",
"eslint-config-prettier": "8.5.0",
"eslint-plugin-deprecation": "1.4.1",
"eslint-plugin-prettier": "4.2.1"
},
"eslintConfig": {
}
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit df3fa65

Please sign in to comment.