yarn2 workspace monorepo: Can't handle workspace: dependencies.

[fjakobs]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

yarn

Package manager version

3.2.1

Language version

Node.js 16.x

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/packages/databricks-sdk-js"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "@databricks/*"          
  - package-ecosystem: "npm"
    directory: "/packages/databricks-vscode"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "@databricks/*"    
  - package-ecosystem: "npm"
    directory: "/packages/databricks-vscode-types"
    ignore:
      - dependency-name: "@databricks/*"    
    schedule:
      interval: "daily"

Updated dependency

No response

What you expected to see, versus what you actually saw

I'm using the yarn workspace feature to manage a mono repo with several node.js packages. The different packages define dependencies to each other in the form of workspace: links:

"@databricks/databricks-sdk": "workspace:^",

Dependabot failes to resolve these dependencies and instead tries to look them up on npm, which results in the following error:

 Dependabot can't authenticate to a private package registry
The following private package registry was used and caused the update to fail: registry.npmjs.org.

From the logs:

  proxy | 2022/11/08 17:06:26 [036] GET https://registry.npmjs.org:443/@databricks%2Fdatabricks-sdk
  proxy | 2022/11/08 17:06:26 [036] 404 https://registry.npmjs.org:443/@databricks%2Fdatabricks-sdk
  proxy | 2022/11/08 17:06:26 [038] GET https://www.npmjs.com:443/package/@databricks/databricks-sdk
  proxy | 2022/11/08 17:06:27 [038] 302 https://www.npmjs.com:443/package/@databricks/databricks-sdk
  proxy | 2022/11/08 17:06:27 [040] GET https://www.npmjs.com:443/login?next=%2Fpackage%2F%40databricks%2Fdatabricks-sdk
  proxy | 2022/11/08 17:06:27 [040] 429 https://www.npmjs.com:443/login?next=%2Fpackage%2F%40databricks%2Fdatabricks-sdk
updater | INFO <job_504761053> Handled error whilst updating @databricks/databricks-sdk: private_source_authentication_failure {:source=>"registry.npmjs.org"}

This is not a surprise since the package doesn't exist on NPM.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[fjakobs]

Creating a new ticket instead of re-opening #3702

[vluoto]

For what it's worth, we are experiencing similar issues with pnpm where entries such as

"@organisation/modulemcmoduleface": "workspace:*",

result in

and

updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +--------------------------------------------------------------------------+
updater | |                      Dependencies failed to update                       |
updater | +----------------------------------+---------------------------------------+
updater | | @organisation/modulemcmoduleface | private_source_authentication_failure |
updater | +----------------------------------+---------------------------------------+

in logs.

We also tried ignoring said dependency with

ignore:
  - dependency-name: "@organisation/modulemcmoduleface"

to no avail.