search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Dependabot fails to parse `mix.exs` that contains default `heroicons` specification for new Phoenix projects #10186

Open jamilbk opened 4 months ago

jamilbk commented 4 months ago

Is there an existing issue for this?

Package ecosystem

mix

Package manager version

No response

Language version

elixir 1.17.1

Manifest location and content before the Dependabot update

./mix.lock

dependabot.yml content

version: 2
updates:
  - package-ecosystem: mix
    directory: ./
    schedule:
      interval: weekly
  - package-ecosystem: npm
    directory: assets
    schedule:
      interval: weekly

Updated dependency

No response

What you expected to see, versus what you actually saw

Error: 5 INFO <job_854155748> Handled error whilst updating heroicons: dependency_file_not_resolvable {:message=>"** (ArgumentError) errors were found at the given arguments:\n\n  * 1st argument: invalid external representation of a term\n\n    :erlang.binary_to_term(\"\\n18:38:25.250 [error] GenServer Hex.Registry.Server terminating\\n** (Mix.Error) Package hexpm/thousand_island not prefetched, please report this issue\\n    (mix 1.14.4) lib/mix.ex:513: Mix.raise/2\\n    (stdlib 3.17) gen_server.erl:721: :gen_server.try_handle_call/4\\n    (stdlib 3.17) gen_server.erl:750: :gen_server.handle_msg/6\\n    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\nLast message (from #PID<0.483.0>): {:outer_checksum, \\\"hexpm\\\", \\\"thousand_island\\\", \\\"1.3.5\\\"}\\nState: %{closing_fun: nil, ets: nil, fetched: MapSet.new([]), path: nil, pending: MapSet.new([]), waiting: %{}}\\nClient #PID<0.483.0> is alive\\n\\n    (stdlib 3.17) gen.erl:233: :gen.do_call/4\\n    (elixir 1.14.4) lib/gen_server.ex:1035: GenServer.call/3\\n    (hex 2.0.6) lib/hex/scm.ex:397: Hex.SCM.fetch/3\\n    (elixir 1.14.4) lib/task/supervised.ex:89: Task.Supervised.invoke_mfa/2\\n    (elixir 1.14.4) lib/task/supervised.ex:34: Task.Supervised.reply/4\\n    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\n\\n18:38:25.261 [error] Task #PID<0.488.0> started from :hex_fetcher terminating\\n** (stop) exited in: GenServer.call(Hex.Registry.Server, {:outer_checksum, \\\"hexpm\\\", \\\"postgrex\\\", \\\"0.18.0\\\"}, 60000)\\n    ** (EXIT) an exception was raised:\\n        ** (Mix.Error) Package hexpm/thousand_island not prefetched, please report this issue\\n            (mix 1.14.4) lib/mix.ex:513: Mix.raise/2\\n            (stdlib 3.17) gen_server.erl:721: :gen_server.try_handle_call/4\\n            (stdlib 3.17) gen_server.erl:750: :gen_server.handle_msg/6\\n            (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\n    (elixir 1.14.4) lib/gen_server.ex:1038: GenServer.call/3\\n    (hex 2.0.6) lib/hex/scm.ex:397: Hex.SCM.fetch/3\\n    (elixir 1.14.4) lib/task/supervised.ex:89: Task.Supervised.invoke_mfa/2\\n    (elixir 1.14.4) lib/task/supervised.ex:34: Task.Supervised.reply/4\\n    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\nFunction: #Function<8.5041617/0 in Hex.SCM.prefetch/1>\\n    Args: []\\n\\n18:38:25.261 [error] Task #PID<0.483.0> started from :hex_fetcher terminating\\n** (stop) exited in: GenServer.call(Hex.Registry.Server, {:outer_checksum, \\\"hexpm\\\", \\\"thousand_island\\\", \\\"1.3.5\\\"}, 60000)\\n    ** (EXIT) an exception was raised:\\n        ** (Mix.Error) Package hexpm/thousand_island not prefetched, please report this issue\\n            (mix 1.14.4) lib/mix.ex:513: Mix.raise/2\\n            (stdlib 3.17) gen_server.erl:721: :gen_server.try_handle_call/4\\n            (stdlib 3.17) gen_server.erl:750: :gen_server.handle_msg/6\\n            (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\n    (elixir 1.14.4) lib/gen_server.ex:1038: GenServer.call/3\\n    (hex 2.0.6) lib/hex/scm.ex:397: Hex.SCM.fetch/3\\n    (elixir 1.14.4) lib/task/supervised.ex:89: Task.Supervised.invoke_mfa/2\\n    (elixir 1.14.4) lib/task/supervised.ex:34: Task.Supervised.reply/4\\n    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\nFunction: #Function<8.5041617/0 in Hex.SCM.prefetch/1>\\n    Args: []\\n\\n18:38:25.261 [error] Task #PID<0.489.0> started from :hex_fetcher terminating\\n** (stop) exited in: GenServer.call(Hex.Registry.Server, {:outer_checksum, \\\"hexpm\\\", \\\"logger_json\\\", \\\"6.0.3\\\"}, 60000)\\n    ** (EXIT) an exception was raised:\\n        ** (Mix.Error) Package hexpm/thousand_island not prefetched, please report this issue\\n            (mix 1.14.4) lib/mix.ex:513: Mix.raise/2\\n            (stdlib 3.17) gen_server.erl:721: :gen_server.try_handle_call/4\\n            (stdlib 3.17) gen_server.erl:750: :gen_server.handle_msg/6\\n            (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\n    (elixir 1.14.4) lib/gen_server.ex:1038: GenServer.call/3\\n    (hex 2.0.6) lib/hex/scm.ex:397: Hex.SCM.fetch/3\\n    (elixir 1.14.4) lib/task/supervised.ex:89: Task.Supervised.invoke_mfa/2\\n    (elixir 1.14.4) lib/task/supervised.ex:34: Task.Supervised.reply/4\\n    (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3\\nFunction: #Function<8.5041617/0 in Hex.SCM.prefetch/1>\\n    Args: []\\n\\n18:38:25.261 [error] Task #PID<0.484.0> started from :hex_fetcher terminating\\n** (stop) exited in: GenServer.call(Hex.Regist\" <> ...)\n    /opt/hex/lib/run.exs:11: DependencyHelper.main/0"}

Expected to see Dependabot successfully update our mix dependencies.

Native package manager behavior

* Updating heroicons (https://github.com/tailwindlabs/heroicons.git - v2.1.1)
remote: Total 0 (delta 0), reused 0 (delta 0), pack-reused 0        
Resolving Hex dependencies...
Resolution completed in 0.082s
Unchanged:
  bandit 1.5.5
  castore 1.0.8
  db_connection 2.7.0
  decimal 2.1.1
  dns_cluster 0.1.3
  ecto 3.11.2
  ecto_sql 3.11.3
  esbuild 0.8.1
  file_system 1.0.0
  floki 0.36.2
  geolix 2.0.0
  geolix_adapter_mmdb2 0.6.0
  hpax 0.2.0
  jason 1.4.3
  logger_json 6.0.3
  mime 2.0.6
  mmdb2_decoder 3.0.1
  phoenix 1.7.14
  phoenix_ecto 4.6.2
  phoenix_html 4.1.1
  phoenix_live_dashboard 0.8.4
  phoenix_live_reload 1.5.3
  phoenix_live_view 0.20.17
  phoenix_pubsub 2.1.3
  phoenix_template 1.0.4
  plug 1.16.1
  plug_crypto 2.1.0
  postgrex 0.18.0
  tailwind 0.2.3
  telemetry 1.2.1
  telemetry_metrics 1.0.0
  telemetry_poller 1.1.0
  thousand_island 1.3.5
  ua_parser 1.9.1
  websock 0.5.3
  websock_adapter 0.5.6
  yamerl 0.10.0

Images of the diff or a link to the PR, issue, or logs

https://github.com/firezone/probe/actions/runs/9879658164/job/27286355765

Smallest manifest that reproduces the issue

I this is reproducible using the following steps:

  1. Generate a new Elixir/Phoenix project: mix phx.new deps-bug
  2. Install assets: cd deps-bug && mix setup
  3. Add a basic dependabot file: 
    version: 2
updates:
- package-ecosystem: mix
directory: ./
schedule:
  interval: weekly
  4. Commit and push to main.

Dependabot is not able to parse the heroicons deps string.

patrickespake commented 4 months ago

+1

jeffwidman commented 4 months ago

Hey folks, The Hex/Mix parsers is very much a community-supported updater... If you're interested in trying to submit a PR fixing this, I'm happy to answer any questions about how to get a dev environment / debugger going (start here), but afraid that otherwise this is unlikely to get fixed until someone from the community steps up. I wish we had time to fix all the issues, but with limited engineering hours we have to focus on the problems that affect the most users.

@patrickespake Please see: https://github.com/dependabot/dependabot-core?tab=readme-ov-file#no-1-comments