search

advanced-security / maven-dependency-submission-action

GitHub Action for submitting Maven dependencies
MIT License
48 stars 24 forks source link

v4.0.1 Issue - ReferenceError #67

Closed Supermarcel10 closed 9 months ago

Supermarcel10 commented 9 months ago

Running maven-dependency-submission-action throws an error and fails the check. This seems like some form of issue with the ESM file within the action itself.

# Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
    - name: Update dependency graph
      uses: advanced-security/maven-dependency-submission-action@v4.0.1

Error Output:

Run advanced-security/maven-dependency-submission-action@v4.0.1
ReferenceError: require is not defined in ES module scope, you can use import instead
This file is being treated as an ES module because it has a '.js' file extension and '/home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/dist/package.json' contains "type": "module". To treat it as a CommonJS script, rename it to use the '.cjs' file extension.
    at eval (eval at 5178 (file:///home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/node_modules/@vercel/ncc/dist/ncc/@@notfound.js:1:1), <anonymous>:1:1)
    at Object.5178 (file:///home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/node_modules/@vercel/ncc/dist/ncc/@@notfound.js:1:1)
    at __nccwpck_require__ (file:///home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/webpack/bootstrap:21:1)
    at file:///home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/dist/index.js:30938:35
    at file:///home/runner/work/_actions/advanced-security/maven-dependency-submission-action/v4.0.1/dist/index.js:30986:3
    at ModuleJob.run (node:internal/modules/esm/module_job:217:25)
    at ModuleLoader.import (node:internal/modules/esm/loader:316:24)
    at loadESM (node:internal/process/esm_loader:34:7)
    at handleMainPromise (node:internal/modules/run_main:66:12)
ecki commented 9 months ago

I have the same issue. And is there some guidance how to run this in a dependabot verification build without actually submitting that branch? My validation build did not catch it since i dont run it for those https://github.com/seeburger-ag/bis-resources/commit/5ffad39566fc7339da39f2373b28977fe93dc656

BTW: I think it is a good idea to pull this release to keep dependabot from corrupting more workflows.

ghost commented 9 months ago

Duplicate of #65

Supermarcel10 commented 9 months ago

Closed since duplicate of #65