Problems with npm-packages

[RobinDink]

Hey,

first off I think it would be a good idea to expand the documentation for npm support. Which is basically setting "package_manager" to "npm_and_yarn" instead of "nuget" in the update.rb. However, even though the bot correctly recognizes outdated npm-packages, I'm still getting some weird error:

Any idea on how to fix this?

Cheers, Robin

[Bertk]

I use the following pipeline snippet for npm_and_yarn PRs and this work for public repository (dependabot default - no .npmrc).

pool:
  vmImage: 'Ubuntu-16.04'

steps:
- task: UseRubyVersion@0
  inputs:
    versionSpec: '=2.6.5'

- script: |
    gem install bundler
    bundle install --retry=3 --jobs=4
  displayName: 'bundle install'

- script: |
    echo ---------------
    export DEPENDABOT_NATIVE_HELPERS_PATH="$(pwd)/native-helpers"
    mkdir -p $DEPENDABOT_NATIVE_HELPERS_PATH/{terraform,python,dep,go_modules,hex,composer,npm_and_yarn}
    export PATH="$PATH:$DEPENDABOT_NATIVE_HELPERS_PATH/terraform/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/python/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/dep/bin"
    export MIX_HOME="$DEPENDABOT_NATIVE_HELPERS_PATH/hex/mix"
     cp -r $(bundle show dependabot-npm_and_yarn)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/
    ls -Rl $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers
    echo ---------------
    $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn
    bundle exec ruby ./update.rb
  env:
      SYSTEM_ACCESSTOKEN: $(DependabotToken)
      GITHUB_ACCESS_TOKEN: $(GithubToken)
      NPM_ACCESS_Token: $(NpmToken)

Using a Azure DevOps artifact feed will create this error message:

/opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:317:in `check_npm_response': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): pkgs.dev.azure.com/XXXXXXX/_packaging/XXXXXXX/npm/registry (Dependabot::PrivateSourceAuthenticationFailure)
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:271:in `npm_details'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:99:in `valid_npm_details?'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:33:in `latest_version_from_registry'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:170:in `latest_released_version'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:197:in `latest_version_details'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:22:in `latest_version'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:27:in `latest_resolvable_version'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:72:in `preferred_resolvable_version'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:63:in `updated_requirements'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:248:in `requirements_up_to_date?'
    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:31:in `up_to_date?'
    from ./update.rb:74:in `block in <main>'
    from ./update.rb:65:in `each'
    from ./update.rb:65:in `<main>'

[RobinDink]

Using a Azure DevOps artifact feed will create this error message:

/opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:317:in `check_npm_response': The following source could not be reached as it requires authentication (and any provided details were invalid or lacked the required permissions): pkgs.dev.azure.com/XXXXXXX/_packaging/XXXXXXX/npm/registry (Dependabot::PrivateSourceAuthenticationFailure)
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:271:in `npm_details'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:99:in `valid_npm_details?'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb:33:in `latest_version_from_registry'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:170:in `latest_released_version'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:197:in `latest_version_details'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:22:in `latest_version'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:27:in `latest_resolvable_version'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:72:in `preferred_resolvable_version'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.116.6/lib/dependabot/npm_and_yarn/update_checker.rb:63:in `updated_requirements'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:248:in `requirements_up_to_date?'
  from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.116.6/lib/dependabot/update_checkers/base.rb:31:in `up_to_date?'
  from ./update.rb:74:in `block in <main>'
  from ./update.rb:65:in `each'
  from ./update.rb:65:in `<main>'

I am getting the same error message, any idea how to fix this?

[cbb-it-minds]

not sure if related to @BertK but using kinda the same setup and I am currently stuck with:

020-02-17T18:31:33.6545842Z ========================== Starting Command Output ===========================
2020-02-17T18:31:33.6563409Z [command]/bin/bash --noprofile --norc /home/vsts/work/_temp/abca52c1-dd2c-43d3-9542-aa0503565b72.sh
2020-02-17T18:31:33.9801041Z cp: target '/home/vsts/work/1/s/native-helpers/npm_and_yarn/helpers' is not a directory
2020-02-17T18:31:33.9806836Z ls: cannot access '/home/vsts/work/1/s/native-helpers/npm_and_yarn/helpers': No such file or directory
2020-02-17T18:31:33.9807717Z /home/vsts/work/_temp/abca52c1-dd2c-43d3-9542-aa0503565b72.sh: line 8: /home/vsts/work/1/s/native-helpers/npm_and_yarn/helpers/build: No such file or directory
2020-02-17T18:31:37.4080008Z Fetching npm_and_yarn dependency files for landsprutte/DependabotTest/_git/DependabotTest
2020-02-17T18:31:37.4080751Z Parsing dependencies information
2020-02-17T18:31:39.8885490Z   - Updating @testing-library/jest-dom (from 4.2.4)… 
2020-02-17T18:31:39.9263193Z #<Dependabot::NpmAndYarn::FileUpdater:0x0000557d9473f480>/opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:117:in `rescue in run_helper_subprocess': Dependabot::SharedHelpers::HelperSubprocessFailed
2020-02-17T18:31:39.9264076Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:85:in `run_helper_subprocess'
2020-02-17T18:31:39.9264511Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:151:in `run_npm_top_level_updater'
2020-02-17T18:31:39.9264990Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:139:in `block in run_npm_updater'
2020-02-17T18:31:39.9265408Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:143:in `with_git_configured'
2020-02-17T18:31:39.9265839Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:137:in `run_npm_updater'
2020-02-17T18:31:39.9266234Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:115:in `run_current_npm_update'
2020-02-17T18:31:39.9266640Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:35:in `block (2 levels) in updated_lockfile_content'
2020-02-17T18:31:39.9267243Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `chdir'
2020-02-17T18:31:39.9267640Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `block in updated_lockfile_content'
2020-02-17T18:31:39.9268060Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
2020-02-17T18:31:39.9268416Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `chdir'
2020-02-17T18:31:39.9268830Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
2020-02-17T18:31:39.9269160Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
2020-02-17T18:31:39.9269527Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
2020-02-17T18:31:39.9269955Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile_content'
2020-02-17T18:31:39.9270339Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
2020-02-17T18:31:39.9270751Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
2020-02-17T18:31:39.9271223Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
2020-02-17T18:31:39.9271624Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
2020-02-17T18:31:39.9272002Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
2020-02-17T18:31:39.9272375Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
2020-02-17T18:31:39.9272709Z    from ./update-script.rb:169:in `block in <main>'
2020-02-17T18:31:39.9272997Z    from ./update-script.rb:129:in `each'
2020-02-17T18:31:39.9273324Z    from ./update-script.rb:129:in `<main>'
2020-02-17T18:31:39.9273787Z /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/json/common.rb:156:in `parse': 767: unexpected token at '' (JSON::ParserError)
2020-02-17T18:31:39.9274121Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/json/common.rb:156:in `parse'
2020-02-17T18:31:39.9274521Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:109:in `run_helper_subprocess'
2020-02-17T18:31:39.9274912Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:151:in `run_npm_top_level_updater'
2020-02-17T18:31:39.9275302Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:139:in `block in run_npm_updater'
2020-02-17T18:31:39.9275703Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:143:in `with_git_configured'
2020-02-17T18:31:39.9276168Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:137:in `run_npm_updater'
2020-02-17T18:31:39.9276596Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:115:in `run_current_npm_update'
2020-02-17T18:31:39.9276998Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:35:in `block (2 levels) in updated_lockfile_content'
2020-02-17T18:31:39.9277407Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `chdir'
2020-02-17T18:31:39.9277806Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:34:in `block in updated_lockfile_content'
2020-02-17T18:31:39.9278195Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block (2 levels) in in_a_temporary_directory'
2020-02-17T18:31:39.9278590Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `chdir'
2020-02-17T18:31:39.9278962Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:37:in `block in in_a_temporary_directory'
2020-02-17T18:31:39.9279316Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/2.6.0/tmpdir.rb:93:in `mktmpdir'
2020-02-17T18:31:39.9279680Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-common-0.113.28/lib/dependabot/shared_helpers.rb:34:in `in_a_temporary_directory'
2020-02-17T18:31:39.9280139Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile_content'
2020-02-17T18:31:39.9280801Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:187:in `updated_package_lock_content'
2020-02-17T18:31:39.9281861Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:120:in `package_lock_changed?'
2020-02-17T18:31:39.9282870Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:149:in `block in updated_lockfiles'
2020-02-17T18:31:39.9283414Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `each'
2020-02-17T18:31:39.9284038Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:148:in `updated_lockfiles'
2020-02-17T18:31:39.9284585Z    from /opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/dependabot-npm_and_yarn-0.113.28/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
2020-02-17T18:31:39.9285014Z    from ./update-script.rb:169:in `block in <main>'
2020-02-17T18:31:39.9285482Z    from ./update-script.rb:129:in `each'
2020-02-17T18:31:39.9285900Z    from ./update-script.rb:129:in `<main>'
2020-02-17T18:31:39.9430820Z ##[error]Bash exited with code '1'.
2020-02-17T18:31:39.9441193Z ##[section]Finishing: Update dependencies

[wizgob]

To use NPM with azure artifacts, you need:

• to add a credential

  {
  "type" => "npm_registry",
  "registry" => "YOUR_ORG.pkgs.visualstudio.com/_packaging/YOUR_FEED/npm/registry/",
  "token" => "YOUR_FEED:" + ENV["SYSTEM_ACCESSTOKEN"]
  }

• to install the tools in the YAML

  export DEPENDABOT_NATIVE_HELPERS_PATH="$(pwd)/native-helpers"
  mkdir -p $DEPENDABOT_NATIVE_HELPERS_PATH/{terraform,python,dep,go_modules,hex,composer,npm_and_yarn}
  export PATH="$PATH:$DEPENDABOT_NATIVE_HELPERS_PATH/terraform/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/python/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/go_modules/bin:$DEPENDABOT_NATIVE_HELPERS_PATH/dep/bin"
  export MIX_HOME="$DEPENDABOT_NATIVE_HELPERS_PATH/hex/mix"
  cp -r $(bundle show dependabot-npm_and_yarn)/helpers $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers
  $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn/helpers/build $DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn
  
  bundle exec ruby ./update.rb

I creates a PR with all the changes : #4

[RobinDink]

Thanks to @wizgob my pipeline now avoids the above mentioned error. Hitting another wall right now:

/opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/response/raise_error.rb:16:in `on_complete': GET https://api.github.com/repos/angular/angular/contents/: 403 - API rate limit exceeded for <ip adress>. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) // See: https://developer.github.com/v3/#rate-limiting (Octokit::TooManyRequests)
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/response.rb:12:in `block in call'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/response.rb:62:in `on_complete'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/response.rb:11:in `call'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/middleware/follow_redirects.rb:73:in `perform_with_redirection'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/middleware/follow_redirects.rb:61:in `call'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/request/retry.rb:148:in `call'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/rack_builder.rb:153:in `build_response'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/connection.rb:492:in `run_request'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/faraday-1.0.0/lib/faraday/connection.rb:198:in `get'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/sawyer-0.8.2/lib/sawyer/agent.rb:94:in `call'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/connection.rb:156:in `request'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/connection.rb:19:in `get'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/octokit-4.16.0/lib/octokit/client/contents.rb:36:in `contents'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/clients/github_with_retries.rb:95:in `public_send'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/clients/github_with_retries.rb:95:in `block in method_missing'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/clients/github_with_retries.rb:115:in `retry_connection_failures'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/clients/github_with_retries.rb:92:in `method_missing'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:261:in `fetch_github_file_list'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:243:in `fetch_dependency_file_list'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:238:in `dependency_file_list'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:139:in `changelog_from_ref'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:127:in `default_branch_changelog'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:87:in `changelog'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base/changelog_finder.rb:34:in `changelog_url'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/metadata_finders/base.rb:40:in `changelog_url'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator/message_builder.rb:500:in `changelog_url'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator/message_builder.rb:355:in `changelog_cascade'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator/message_builder.rb:309:in `metadata_cascades_for_dep'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator/message_builder.rb:288:in `metadata_cascades'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator/message_builder.rb:47:in `pr_message'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator.rb:142:in `azure_creator'
    from /opt/hostedtoolcache/Ruby/2.7.0/x64/lib/ruby/gems/2.7.0/gems/dependabot-common-0.115.3/lib/dependabot/pull_request_creator.rb:75:in `create'
    from ./update.rb:90:in `block in <main>'
    from ./update.rb:38:in `each'
    from ./update.rb:38:in `<main>'

[wizgob]

You need to add a github api token to fix this one.

First you need to create a new Personnal access token with the scope 'public_repo' on https://github.com/settings/tokens

Then copy the token and add it to your script in the credentials array:

{
  "type" => "git_source",
  "host" => "github.com",
  "username" => "x-access-token",
  "password" => "YOUR_GITHUB_ACCESS_TOKEN"
}

[RobinDink]

You need to add a github api token to fix this one.

First you need to create a new Personnal access token with the scope 'public_repo' on https://github.com/settings/tokens

Then copy the token and add it to your script in the credentials array:

{
  "type" => "git_source",
  "host" => "github.com",
  "username" => "x-access-token",
  "password" => "YOUR_GITHUB_ACCESS_TOKEN"
}

Works like a charm! Thank you, you're the MVP.