From f97969f076b6e58cda3e5e87ff6f2e5c26e2a755 Mon Sep 17 00:00:00 2001
From: "S.Sandhu" <167903774+sachin-sandhu@users.noreply.github.com>
Date: Fri, 26 Jul 2024 16:14:45 -0400
Subject: [PATCH] Fixes Dependabot::SharedHelpers::HelperSubprocessFailed -
 nested aliases not supported (#10292)

* Handles nested dependencies issues and adds relevant test cases
---
 .../file_updater/npm_lockfile_updater.rb      |  6 +++++
 .../file_updater/npm_lockfile_updater_spec.rb | 20 ++++++++++++++
 .../simple_with_nested_deps/package-lock.json | 26 +++++++++++++++++++
 .../npm/simple_with_nested_deps/package.json  | 26 +++++++++++++++++++
 4 files changed, 78 insertions(+)
 create mode 100644 npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json
 create mode 100644 npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
index 417b2d91a18..63c84c5b195 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
@@ -80,6 +80,7 @@ def updated_lockfile_reponse(response)
           /401 Unauthorized - GET (?<url>.*) - unauthenticated: User cannot be authenticated with the token provided./
         NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
         EOVERRIDE = /EOVERRIDE\n *.* Override for (?<deps>.*) conflicts with direct dependency/
+        NESTED_ALIAS = /nested aliases not supported/
 
         # TODO: look into fixing this in npm, seems like a bug in the git
         # downloader introduced in npm 7
@@ -531,6 +532,11 @@ def handle_npm_updater_error(error)
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          if error_message.match(NESTED_ALIAS)
+            msg = "Nested aliases are not supported in NPM versions earlier than 6.9.0."
+            raise Dependabot::DependencyFileNotResolvable, msg
+          end
+
           raise error
         end
         # rubocop:enable Metrics/AbcSize
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
index 2a419d5c3ae..6f3b5b73d59 100644
--- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
+++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
@@ -788,4 +788,24 @@
       expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
     end
   end
+
+  context "with a dependency with nested aliases not supported" do
+    let(:files) { project_dependency_files("npm/simple_with_nested_deps") }
+    let(:dependency_name) { "express" }
+    let(:version) { "4.19.2" }
+    let(:previous_version) { "^4.17.1" }
+    let(:requirements) do
+      [{
+        file: "package.json",
+        requirement: "^4.17.1",
+        groups: ["devDependencies"],
+        source: nil
+      }]
+    end
+    let(:previous_requirements) { requirements }
+
+    it "raises a helpful error" do
+      expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
+    end
+  end
 end
diff --git a/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json
new file mode 100644
index 00000000000..d04edcadc0a
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package-lock.json
@@ -0,0 +1,26 @@
+{
+  "name": "xyz",
+  "version": "0.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@docusaurus/theme-search-algolia": {
+      "version": "2.0.0-beta.9",
+      "dependencies": {
+        "react-loadable": {
+          "version": "npm:@docusaurus/react-loadable@5.5.2",
+          "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-5.5.2.tgz",
+          "integrity": "sha512-A3dYjdBGuy0IGT+wyLIGIKLRE+sAk1iNk0f1HjNDysO7u8lhL4N3VEm+FAubmJbAztn94F7MxBTPmnixbiyFdQ==",
+          "requires": {
+            "@types/react": "*"
+          }
+        }
+      }
+    },
+    "express": {
+      "version": "4.17.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
+      "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g=="
+    }
+  }
+}
\ No newline at end of file
diff --git a/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json
new file mode 100644
index 00000000000..e0c03b254fe
--- /dev/null
+++ b/npm_and_yarn/spec/fixtures/projects/npm/simple_with_nested_deps/package.json
@@ -0,0 +1,26 @@
+{
+  "name": "xyz",
+  "version": "0.36.1",
+  "type": "module",
+  "description": "xxx",
+  "repository": "git+https://github.com/waltfy/PROTO_TEST.git",
+  "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
+  "bugs": "https://github.com/waltfy/PROTO_TEST/issues",
+  "author": "",
+  "contributors": [],
+  "engines": {
+    "node": ">=12"
+  },
+  "main": "generators/app/index.js",
+  "typings": "generators/app/index.d.ts",
+  "files": [
+    "/generators"
+  ],
+  "keywords": [],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json && npm run copy:templates"
+  },
+  "dependencies": {
+    "@docusaurus/theme-search-algolia": "^2.0.0-beta.9"
+  }
+}