Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot crashes while attempting to make changes to submodules when updating NPM packages #11327

Open
1 task done
stazz opened this issue Jan 17, 2025 · 0 comments
Open
1 task done

Dependabot crashes while attempting to make changes to submodules when updating NPM packages #11327

stazz opened this issue Jan 17, 2025 · 0 comments
Labels
L: dart:pub Dart packages via pub L: docker Docker containers L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler T: bug 🐞 Something isn't working

Comments

@stazz
Copy link

stazz commented Jan 17, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

npm

Package manager version

1.22.22

Language version

Node 22

Manifest location and content before the Dependabot update

There is one /yarn.lock file. It contains dependencies from:

  • Top-level package.json file
  • Various package.json files within code/* directories as yarn workspaces
  • Variosu package.json files within lib/* directrories, each directory being git submodule. I think this is the key information, as this is what causes problems.

dependabot.yml content

I'm using Dependabot in private repo, so cannot link it. But here are relevant contents:

version: 2
updates:
  - package-ecosystem: "gitsubmodule"
  # ... irrelevant, git submodule auto-update is working fine
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "sunday"
      time: "23:00"
      timezone: "UTC"
    commit-message:
      prefix: "<snip>"
    groups:
      production-dependencies:
        dependency-type: "production"
      development-dependencies:
        dependency-type: "development"
    reviewers:
      <snip>
    assignees:
      <snip>
  - package-ecosystem: "docker"
    # ... irrelevant, docker update is working fine

Updated dependency

Any dependency which needs updating in this repo /yarn.lock file, but is defined in package.json which is located within git submodule. The change must be so that it causes modifications also in package.json (e.g. strict version string without ^ prefix).

What you expected to see, versus what you actually saw

I expected the dependency part of git submodule definition to be left out.

Instead Dependabot action crashes (not full log, but what I think is relevant part. I can provide full log if needed as well):

updater | 2025/01/16 19:43:59 INFO <job_949132108> Started process PID: 1850 with command: node /opt/npm_and_yarn/run.js
  proxy | 2025/01/16 19:44:00 [043] GET [https://registry.yarnpkg.com:443/@pulumi%2faws-native](https://registry.yarnpkg.com/@pulumi%2faws-native)
2025/01/16 19:44:00 [043] 200 [https://registry.yarnpkg.com:443/@pulumi%2faws-native](https://registry.yarnpkg.com/@pulumi%2faws-native)
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1850 completed with status: pid 1850 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 2.75 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1862 with command: {} git status --untracked-files all --porcelain v1 . {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1862 completed with status: pid 1862 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.02 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1869 with command: {} git status --untracked-files all --porcelain v1 .yarn/cache {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1869 completed with status: pid 1869 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1875 with command: {} git status --untracked-files all --porcelain v1 .yarn/install-state.gz {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1875 completed with status: pid 1875 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1881 with command: {} git status --untracked-files\=all --ignored\=no --short . {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1881 completed with status: pid 1881 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1889 with command: {} git log -1 --pretty="%h% B" {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1889 completed with status: pid 1889 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1896 with command: {} git add /home/dependabot/dependabot-updater/repo {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1896 completed with status: pid 1896 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1903 with command: {} git commit -m "Updating @pulumi/aws-native" {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1903 completed with status: pid 1903 exit 1
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1911 with command: {} git log -1 --pretty="%h% B" {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1911 completed with status: pid 1911 exit 0
2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1918 with command: {} git reset --hard 364490d749e1aca3992214852cf821bd6f1617b3 {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1918 completed with status: pid 1918 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1924 with command: {} git clean -fx . {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1924 completed with status: pid 1924 exit 0
updater | 2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 INFO <job_949132108> Started process PID: 1930 with command: {} git stash clear {}
updater | 2025/01/16 19:44:02 INFO <job_949132108> Process PID: 1930 completed with status: pid 1930 exit 0
2025/01/16 19:44:02 INFO <job_949132108> Total execution time: 0.01 seconds
updater | 2025/01/16 19:44:02 ERROR <job_949132108> On branch main
Your branch is ahead of 'origin/main' by 1 commit.
  (use "git push" to publish your local commits)

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
  (commit or discard the untracked or modified content in submodules)
	modified:   lib/lib-infra (modified content)

no changes added to commit (use "git add" and/or "git commit -a")
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/shared_helpers.rb:482:in `run_shell_command'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace/git.rb:157:in `block in run_shell_command'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace/git.rb:157:in `chdir'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace/git.rb:157:in `run_shell_command'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace/git.rb:133:in `commit'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace/git.rb:59:in `store_change'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/common/lib/dependabot/workspace.rb:43:in `store_change'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:167:in `validate_call_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:109:in `block in create_validator_slow_skip_block_type'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:427:in `store_changes'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation_2_7.rb:968:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation_2_7.rb:968:in `block in create_validator_method_medium1'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:108:in `block in compile_all_dependency_changes_for'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:62:in `each'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:62:in `compile_all_dependency_changes_for'
updater | 2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:149:in `block in dependency_change'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:146:in `each'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:146:in `filter_map'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:146:in `dependency_change'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:114:in `perform'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `bind_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `validate_call'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:45:in `block in perform_job'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace/tracer.rb:37:in `block in in_span'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace.rb:70:in `block in with_span'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/context.rb:87:in `with_value'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace.rb:70:in `with_span'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.4.0/lib/opentelemetry/trace/tracer.rb:37:in `in_span'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in `perform_job'
2025/01/16 19:44:02 ERROR <job_949132108> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in `run'
2025/01/16 19:44:02 ERROR <job_949132108> bin/update_files.rb:46:in `<main>'
  proxy | 2025/01/16 19:44:02 [045] POST /update_jobs/949132108/record_update_job_unknown_error
  proxy | 2025/01/16 19:44:02 [045] 204 /update_jobs/949132108/record_update_job_unknown_error
  proxy | 2025/01/16 19:44:02 [047] POST /update_jobs/949132108/record_update_job_error
  proxy | 2025/01/16 19:44:02 [047] 204 /update_jobs/949132108/record_update_job_error
  proxy | 2025/01/16 19:44:02 [049] POST /update_jobs/949132108/record_update_job_unknown_error
  proxy | 2025/01/16 19:44:02 [049] 204 /update_jobs/949132108/record_update_job_unknown_error
  proxy | 2025/01/16 19:44:02 [051] POST /update_jobs/949132108/increment_metric
  proxy | 2025/01/16 19:44:02 [051] 204 /update_jobs/949132108/increment_metric
  proxy | 2025/01/16 19:44:02 [053] PATCH /update_jobs/949132108/mark_as_processed
  proxy | 2025/01/16 19:44:02 [053] 204 /update_jobs/949132108/mark_as_processed
updater | 2025/01/16 19:44:02 INFO Results:
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+---------------+
|    Errors     |
+---------------+
| unknown_error |
+---------------+
Failure running container 59f1ddf4c3b7227754553130d2e79b0c27117c06f4540108e20d96b2720e8cde

Native package manager behavior

Not applicable for us - we use strict version specs everywhere, so native manager never updates them.

Images of the diff or a link to the PR, issue, or logs

Everything is in private repos, so unfortunately can not share anything.

Smallest manifest that reproduces the issue

I guess with a file structure like this:

// File /package.json
{
  "name": "@repro/main",
  "private": true,
  "type": "module",
  "workspaces": [
    "submodule",
  ]
}
# File .gitmodules
[submodule "submodule"]
	path = submodule
	url = <url>
// File /submodule/package.json
{
  "name": "@repro/submodule",
  "private": true,
  "type": "module",
  "dependencies": {
    "@pulumi/faws-native": "1.22.0"
  }
}

Running Dependabot on this git submodule -enabled setup should result in the same error I am getting. Notice that the version spec in the /submodule/package.json must be fixed in order for Dependabot to attempt to update it and result in crash.
@stazz stazz added the T: bug 🐞 Something isn't working label Jan 17, 2025
@github-actions github-actions bot added L: dart:pub Dart packages via pub L: docker Docker containers L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler labels Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: dart:pub Dart packages via pub L: docker Docker containers L: git:submodules Git submodules L: javascript L: ruby:bundler RubyGems via bundler T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stazz