Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested alia…

…ses not supported (#10292) * Handles nested dependencies issues and adds relevant test cases
dependabot · Jul 26, 2024 · f97969f · f97969f
1 parent 0014240
commit f97969f
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 0 deletions.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
@@ -80,6 +80,7 @@ def updated_lockfile_reponse(response)
           /401 Unauthorized - GET (?<url>.*) - unauthenticated: User cannot be authenticated with the token provided./
         NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
         EOVERRIDE = /EOVERRIDE\n *.* Override for (?<deps>.*) conflicts with direct dependency/
+        NESTED_ALIAS = /nested aliases not supported/
 
         # TODO: look into fixing this in npm, seems like a bug in the git
         # downloader introduced in npm 7
@@ -531,6 +532,11 @@ def handle_npm_updater_error(error)
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          if error_message.match(NESTED_ALIAS)
+            msg = "Nested aliases are not supported in NPM versions earlier than 6.9.0."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise error
         end
         # rubocop:enable Metrics/AbcSize

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
@@ -788,4 +788,24 @@
       expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
     end
   end
+
+  context "with a dependency with nested aliases not supported" do
+    let(:files) { project_dependency_files("npm/simple_with_nested_deps") }
+    let(:dependency_name) { "express" }
+    let(:version) { "4.19.2" }
+    let(:previous_version) { "^4.17.1" }
+    let(:requirements) do
+      [{
+        file: "package.json",
+        requirement: "^4.17.1",
+        groups: ["devDependencies"],
+        source: nil
+      }]
+    end
+    let(:previous_requirements) { requirements }
+
+    it "raises a helpful error" do
+      expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
+    end
+  end
 end
diff --git a/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json
diff --git a/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json
@@ -0,0 +1,26 @@
+{
+  "name": "xyz",
+  "version": "0.36.1",
+  "type": "module",
+  "description": "xxx",
+  "repository": "git+https://github.com/waltfy/PROTO_TEST.git",
+  "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
+  "bugs": "https://github.com/waltfy/PROTO_TEST/issues",
+  "author": "",
+  "contributors": [],
+  "engines": {
+    "node": ">=12"
+  },
+  "main": "generators/app/index.js",
+  "typings": "generators/app/index.d.ts",
+  "files": [
+    "/generators"
+  ],
+  "keywords": [],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json && npm run copy:templates"
+  },
+  "dependencies": {
+    "@docusaurus/theme-search-algolia": "^2.0.0-beta.9"
+  }
+}