From b8dbaddadedc1200dad56939ee62631bbd5188b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”> Date: Mon, 20 Jan 2025 15:39:41 +0000 Subject: [PATCH 1/5] enabling alias parsing in pnpm_workspace_yaml --- .../dependabot/npm_and_yarn/file_fetcher.rb | 2 +- .../npm_and_yarn/file_fetcher_spec.rb | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb index a066c5527c0..6e285c0f095 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb @@ -645,7 +645,7 @@ def parsed_shrinkwrap def parsed_pnpm_workspace_yaml return {} unless pnpm_workspace_yaml - YAML.safe_load(T.must(T.must(pnpm_workspace_yaml).content)) + YAML.safe_load(T.must(T.must(pnpm_workspace_yaml).content), aliases: true) rescue Psych::SyntaxError raise Dependabot::DependencyFileNotParseable, T.must(pnpm_workspace_yaml).path end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 3756b2c9c58..5fe1d1031bc 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -2021,6 +2021,49 @@ end end + context "with an unparseable package.json file" do + let(:source) do + Dependabot::Source.new( + provider: "github", + repo: "gocardless/bump", + directory: "/" + ) + end + let(:file_fetcher) { described_class.new(source: source, credentials: credentials) } + let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } + + before do + allow(file_fetcher).to receive(:pnpm_workspace_yaml).and_return(pnpm_workspace_yaml) + end + + context "when pnpm_workspace_yaml is nil" do + let(:pnpm_workspace_yaml) { nil } + + it "returns an empty hash" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({}) + end + end + + context "when pnpm_workspace_yaml is present" do + context "when the content is valid YAML" do + let(:content) { "---\npackages:\n - 'packages/*'\n" } + + it "parses the YAML content" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*"] }) + end + end + end + + context "when pnpm_workspace_yaml is present with aliases" do + let(:content) { "---\npackages:\n - &default 'packages/*'\n - *default\n" } + let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } + + it "parses the YAML content with aliases" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*", "packages/*"] }) + end + end + end + context "with package.json file just including a dummy string" do before do allow(file_fetcher_instance).to receive(:commit).and_return("sha") From e17c6cabff70e33d2e754a7a4722059df6c68b80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”> Date: Mon, 20 Jan 2025 15:48:45 +0000 Subject: [PATCH 2/5] context message updated. --- npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 5fe1d1031bc..5506f02c3cc 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -2021,7 +2021,7 @@ end end - context "with an unparseable package.json file" do + context "with an pnpm_workspace_yaml" do let(:source) do Dependabot::Source.new( provider: "github", From f558828fb47fcf02b15a6a3e91d67a75c5e630e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”> Date: Tue, 21 Jan 2025 14:47:21 +0000 Subject: [PATCH 3/5] Adding bad alias check. --- .../dependabot/npm_and_yarn/file_fetcher.rb | 2 +- .../npm_and_yarn/file_fetcher_spec.rb | 26 ++++++++++++++----- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb index 6e285c0f095..6cbeb14509e 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb @@ -646,7 +646,7 @@ def parsed_pnpm_workspace_yaml return {} unless pnpm_workspace_yaml YAML.safe_load(T.must(T.must(pnpm_workspace_yaml).content), aliases: true) - rescue Psych::SyntaxError + rescue Psych::SyntaxError, Psych::BadAlias raise Dependabot::DependencyFileNotParseable, T.must(pnpm_workspace_yaml).path end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 5506f02c3cc..acac846ae82 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -2044,17 +2044,15 @@ end end - context "when pnpm_workspace_yaml is present" do - context "when the content is valid YAML" do - let(:content) { "---\npackages:\n - 'packages/*'\n" } + context "when the content is valid YAML" do + let(:content) { "---\npackages:\n - 'packages/*'\n" } - it "parses the YAML content" do - expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*"] }) - end + it "parses the YAML content" do + expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*"] }) end end - context "when pnpm_workspace_yaml is present with aliases" do + context "when the content contains valid alias" do let(:content) { "---\npackages:\n - &default 'packages/*'\n - *default\n" } let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } @@ -2062,6 +2060,20 @@ expect(file_fetcher.send(:parsed_pnpm_workspace_yaml)).to eq({ "packages" => ["packages/*", "packages/*"] }) end end + + context "when the content contains invalid alias (BadAlias)" do + let(:content) { "---\npackages:\n - &id 'packages/*'\n - *id" } # Invalid alias reference + + before do + allow(YAML).to receive(:safe_load).and_raise(Psych::BadAlias) + end + + it "raises a DependencyFileNotParseable error" do + expect do + file_fetcher.send(:parsed_pnpm_workspace_yaml) + end.to raise_error(Dependabot::DependencyFileNotParseable) + end + end end context "with package.json file just including a dummy string" do From c6e37c1efaa3a8210e84ecc3c577b4ad47764a3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”> Date: Tue, 21 Jan 2025 14:57:13 +0000 Subject: [PATCH 4/5] Updating context message. --- .../spec/dependabot/npm_and_yarn/file_fetcher_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index acac846ae82..0713f09494a 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -2021,7 +2021,7 @@ end end - context "with an pnpm_workspace_yaml" do + context "with a pnpm_workspace_yaml" do let(:source) do Dependabot::Source.new( provider: "github", @@ -2036,7 +2036,7 @@ allow(file_fetcher).to receive(:pnpm_workspace_yaml).and_return(pnpm_workspace_yaml) end - context "when pnpm_workspace_yaml is nil" do + context "when the content is nil" do let(:pnpm_workspace_yaml) { nil } it "returns an empty hash" do From 7c379703bb97572e17bc05b8f34935390c32f145 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”> Date: Tue, 21 Jan 2025 14:58:32 +0000 Subject: [PATCH 5/5] Updating context message. --- .../spec/dependabot/npm_and_yarn/file_fetcher_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 0713f09494a..b3939dd7848 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -2036,7 +2036,7 @@ allow(file_fetcher).to receive(:pnpm_workspace_yaml).and_return(pnpm_workspace_yaml) end - context "when the content is nil" do + context "when it's content is nil" do let(:pnpm_workspace_yaml) { nil } it "returns an empty hash" do @@ -2044,7 +2044,7 @@ end end - context "when the content is valid YAML" do + context "when it's content is valid YAML" do let(:content) { "---\npackages:\n - 'packages/*'\n" } it "parses the YAML content" do @@ -2052,7 +2052,7 @@ end end - context "when the content contains valid alias" do + context "when it's content contains valid alias" do let(:content) { "---\npackages:\n - &default 'packages/*'\n - *default\n" } let(:pnpm_workspace_yaml) { Dependabot::DependencyFile.new(name: "pnpm-workspace.yaml", content: content) } @@ -2061,7 +2061,7 @@ end end - context "when the content contains invalid alias (BadAlias)" do + context "when it's content contains invalid alias (BadAlias)" do let(:content) { "---\npackages:\n - &id 'packages/*'\n - *id" } # Invalid alias reference before do