Revert "Add more helpful error messaging when a vulnerable dependency cannot be upgraded"

npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb

@@ -96,19 +96,13 @@ def requirements_update_strategy
       end
 
       def conflicting_dependencies
-        conflicts = ConflictingDependencyResolver.new(
+        ConflictingDependencyResolver.new(
           dependency_files: dependency_files,
           credentials: credentials
         ).conflicting_dependencies(
           dependency: dependency,
           target_version: lowest_security_fix_version
         )
-
-        vulnerable = vulnerability_audit.select do |v|
-          !v["fix_available"] && v["explanation"]
-        end
-
-        conflicts + vulnerable
       end
 
       private

npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/vulnerability_auditor.rb

@@ -21,7 +21,6 @@ def initialize(dependency_files:, credentials:, allow_removal: false)
           @allow_removal = allow_removal
         end
 
-        # rubocop:disable Metrics/MethodLength
         # Finds any dependencies in the `package-lock.json` or `npm-shrinkwrap.json` that have
         # a subdependency on the given dependency that is locked to a vuln version range.
         #
@@ -42,7 +41,6 @@ def initialize(dependency_files:, credentials:, allow_removal: false)
         #       dependency on the blocking dependency
         #   * :top_level_ancestors [Array<String>] the names of all top-level dependencies with a transitive
         #     dependency on the dependency
-        #   * :explanation [String] an explanation for why the project failed the vulnerability auditor run
         def audit(dependency:, security_advisories:)
           fix_unavailable = {
             "dependency_name" => dependency.name,
@@ -76,36 +74,21 @@ def audit(dependency:, security_advisories:)
               function: "npm:vulnerabilityAuditor",
               args: [Dir.pwd, vuln_versions]
             )
-
-            validation_result = validate_audit_result(audit_result, security_advisories)
-            unless viable_audit_result?(validation_result)
-              fix_unavailable["explanation"] = explain_fix_unavailable(validation_result, dependency)
-              return fix_unavailable
-            end
+            return fix_unavailable unless viable_audit_result?(audit_result, security_advisories)
 
             audit_result
           end
         rescue SharedHelpers::HelperSubprocessFailed => e
           log_helper_subprocess_failure(dependency, e)
           fix_unavailable
         end
-        # rubocop:enable Metrics/MethodLength
 
         private
 
         attr_reader :dependency_files, :credentials
 
-        def explain_fix_unavailable(validation_result, dependency)
-          case validation_result
-          when :fix_unavailable, :dependency_still_vulnerable, :downgrades_dependencies
-            "No patched version available for #{dependency.name}"
-          when :vulnerable_dependency_removed
-            "#{dependency.name} was removed in the update. Dependabot is not able to " \
-              "deal with this yet, but you can still upgrade manually."
-          end
-        end
-
-        def viable_audit_result?(validation_result)
+        def viable_audit_result?(audit_result, security_advisories)
+          validation_result = validate_audit_result(audit_result, security_advisories)
           return true if validation_result == :viable
 
           Dependabot.logger.info("VulnerabilityAuditor: audit result not viable: #{validation_result}")

npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/vulnerability_auditor_spec.rb

@@ -110,11 +110,7 @@
 
           expect(Dependabot.logger).to receive(:info).with(/audit result not viable: vulnerable_dependency_removed/i)
           expect(subject.audit(dependency: dependency, security_advisories: security_advisories)).
-            to include(
-              "fix_available" => false,
-              "explanation" => "#{dependency.name} was removed in the update. "\
-                "Dependabot is not able to deal with this yet, but you can still upgrade manually."
-            )
+            to include("fix_available" => false)
         end
       end
     end
@@ -141,10 +137,7 @@
 
         expect(Dependabot.logger).to receive(:info).with(/audit result not viable: dependency_still_vulnerable/i)
         expect(subject.audit(dependency: dependency, security_advisories: security_advisories)).
-          to include(
-            "fix_available" => false,
-            "explanation" => "No patched version available for #{dependency.name}"
-          )
+          to include("fix_available" => false)
       end
     end
 
@@ -179,10 +172,7 @@
 
         expect(Dependabot.logger).to receive(:info).with(/audit result not viable: downgrades_dependencies/i)
         expect(subject.audit(dependency: dependency, security_advisories: security_advisories)).
-          to include(
-            "fix_available" => false,
-            "explanation" => "No patched version available for #{dependency.name}"
-          )
+          to include("fix_available" => false)
       end
     end