adds exception handler on invalid deps in manifest file

dependabot · Jan 23, 2025 · ce02a8b · ce02a8b
1 parent 1f66768
commit ce02a8b
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
@@ -453,6 +453,11 @@ def path_dependency_details_from_manifest(file)
 
         resolution_deps = resolution_objects.flat_map(&:to_a)
                                             .map do |path, value|
+          # skip dependencies that contain invalid values such as inline comments, null, etc.
+          # These values are usually in form of string arrays, so we can skip these deps.
+
+          raise Dependabot::DependencyFileNotParseable, file.path unless value.is_a?(String)
+
           convert_dependency_path_to_name(path, value)
         end