dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

version is nil, crashes humanized_version #10312

Open bmulholland opened 4 months ago

bmulholland commented 4 months ago

Is there an existing issue for this?

Package ecosystem

pnpm, just switched from yarn

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

package.json

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

updater | 2024/07/30 09:54:19 INFO Creating a pull request for 'all-packages' proxy | 2024/07/30 09:54:19 [739] POST /update_jobs/862454551/record_update_job_unknown_error proxy | 2024/07/30 09:54:19 [739] 204 /update_jobs/862454551/record_update_job_unknown_error proxy | 2024/07/30 09:54:19 [741] POST /update_jobs/862454551/record_update_job_error proxy | 2024/07/30 09:54:19 [741] 204 /update_jobs/862454551/record_update_job_error proxy | 2024/07/30 09:54:19 [743] POST /update_jobs/862454551/increment_metric proxy | 2024/07/30 09:54:19 [743] 204 /update_jobs/862454551/increment_metric proxy | 2024/07/30 09:54:19 [745] POST /update_jobs/862454551/record_update_job_unknown_error proxy | 2024/07/30 09:54:20 [745] 204 /update_jobs/862454551/record_update_job_unknown_error updater | 2024/07/30 09:54:20 ERROR Error processing job (TypeError) 2024/07/30 09:54:20 ERROR Passed nil into T.must 2024/07/30 09:54:20 ERROR /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/_types.rb:222:in must' 2024/07/30 09:54:20 ERROR <job_862454551> /home/dependabot/common/lib/dependabot/dependency.rb:231:inhumanized_version' 2024/07/30 09:54:20 ERROR /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation_2_7.rb:919:in bind_call' 2024/07/30 09:54:20 ERROR <job_862454551> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11444/lib/types/private/methods/call_validation_2_7.rb:919:inblock in create_validator_method_medium0'

This line, from the logs above, looks suspicious:

updater | 2024/07/30 09:54:16 INFO <job_862454551> Skipping vue-infinite-loading as it has already been updated to

(I didn't cut that off, that's the end of the line)

package.json for that is "vue-infinite-loading": "github:nvitius/vue-infinite-loading#next",

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/recitalsoftware/recital-frontend/actions/runs/10160118930/job/28095785090

Smallest manifest that reproduces the issue

No response

bmulholland commented 4 months ago

Confirmed it was "vue-infinite-loading": "github:nvitius/vue-infinite-loading#next",

I changed to the published version next and that fixed dependabot. So the above is a reliable repro.