peijianju
commented
3 years ago could be related to this https://github.com/dependabot/dependabot-script/issues/416
Open peijianju opened 3 years ago
peijianju
commented
3 years ago could be related to this https://github.com/dependabot/dependabot-script/issues/416
LanceTheDev
commented
3 years ago We experience the same problems, but also with composer:
The cause seems to be a change of composer location. When I exec into the docker container, there is no path /opt/composer/helpers/bin/run, but only /opt/composer/helpers/v1/bin/run and /opt/composer/helpers/v2/bin/run. Any help would be appreciated.
timbru31
commented
3 years ago I think this PR is the culprit: https://github.com/dependabot/dependabot-core/pull/2971 it moved npm to npm6
timbru31
commented
3 years ago Updating the dependabot-omnibus dependency in the Gemfile solves the issue. (remember to use the correct Bundler version: bundle _1.17.3_ update
jrs40492
commented
3 years ago Updating the
dependabot-omnibusdependency in the Gemfile solves the issue. (remember to use the correct Bundler version:bundle _1.17.3_ update
Tried updating dependabot-omnibus to 0.130.2 and running with bundler 1.17.3 but that errors out on trying to install commonmarker which is a dependency of dependabot-omnibus
nachogarcia
commented
3 years ago Changing the dependabot-omnibus in the Gemfile to 0.130.2 and doing bundle _1.17.3_ install and bundle _1.17.3_ update worked for me.
MassivDash
commented
3 years ago I struggled getting dependbot going on Azure Dev Ops Pipeline, I had very similar issues with npm and yarn, in the beginning I tried to get it going on Ruby bundle, but I could not just seem to set the paths for npm helpers correctly (plus the npm and other bins), according to docs you need to build and copy those. Finally I got it going using docker and latest image dependabot-omnibus (~> 0.152.1). It has all the paths and bins set up, just pass the vars to the docker container
do-nat
commented
3 years ago I struggled getting dependbot going on Azure Dev Ops Pipeline, I had very similar issues with npm and yarn, in the beginning I tried to get it going on Ruby bundle, but I could not just seem to set the paths for npm helpers correctly (plus the npm and other bins), according to docs you need to build and copy those. Finally I got it going using docker and latest image
dependabot-omnibus (~> 0.152.1). It has all the paths and bins set up, just pass the vars to the docker container
how did you get it running with the docker container?
If I'm using the docker container as well as the lastest omnibus as you mentioned, I still get the error ...
usr/lib/ruby/gems/2.7.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
/usr/lib/ruby/gems/2.7.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
warning: parser/current is loading parser/ruby27, which recognizes
warning: 2.7.3-compliant syntax, but you are running 2.7.1.
warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
/usr/lib/ruby/2.7.0/json/common.rb:156:in `parse': 783: unexpected token at '' (JSON::ParserError)
from /usr/lib/ruby/2.7.0/json/common.rb:156:in `parse'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/clients/azure.rb:53:in `fetch_commit'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:73:in `commit'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:360:in `_full_specification_for'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:370:in `_fetch_file_content'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-maven-0.152.1/lib/dependabot/maven/file_fetcher.rb:32:in `pom'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-maven-0.152.1/lib/dependabot/maven/file_fetcher.rb:25:in `fetch_files'
from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:65:in `files'
from ./generic-update-script.rb:154:in `<main>'I struggled getting dependbot going on Azure Dev Ops Pipeline, I had very similar issues with npm and yarn, in the beginning I tried to get it going on Ruby bundle, but I could not just seem to set the paths for npm helpers correctly (plus the npm and other bins), according to docs you need to build and copy those. Finally I got it going using docker and latest image
dependabot-omnibus (~> 0.152.1). It has all the paths and bins set up, just pass the vars to the docker containerhow did you get it running with the docker container?
If I'm using the docker container as well as the lastest omnibus as you mentioned, I still get the error ...
usr/lib/ruby/gems/2.7.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated /usr/lib/ruby/gems/2.7.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated warning: parser/current is loading parser/ruby27, which recognizes warning: 2.7.3-compliant syntax, but you are running 2.7.1. warning: please see https://github.com/whitequark/parser#compatibility-with-ruby-mri. /usr/lib/ruby/2.7.0/json/common.rb:156:in `parse': 783: unexpected token at '' (JSON::ParserError) from /usr/lib/ruby/2.7.0/json/common.rb:156:in `parse' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/clients/azure.rb:53:in `fetch_commit' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:73:in `commit' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:360:in `_full_specification_for' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:370:in `_fetch_file_content' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:140:in `fetch_file_from_host' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-maven-0.152.1/lib/dependabot/maven/file_fetcher.rb:32:in `pom' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-maven-0.152.1/lib/dependabot/maven/file_fetcher.rb:25:in `fetch_files' from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.152.1/lib/dependabot/file_fetchers/base.rb:65:in `files' from ./generic-update-script.rb:154:in `<main>'
So I have set up the dependobot as a seperate (standalone) project, project consists of pipeline yaml, dockerfile, gemfile and gemfile lock and the update scripts from this project https://github.com/tinglesoftware/dependabot-azure-devops. I had made some changes for security reasons and in this project implementation there is a npm private registry bug that does not allow me to connect to private npm registry, so semi fixed / hacked that in the update-script.rb ( I also gave an issue, but no reply so far).
trigger:
- none
pool:
vmImage: 'Ubuntu-20.04'
steps:
- script: |
mkdir repo
git clone https://$(AZURE_ACCESS_TOKEN)@dev.azure.com/$(AZURE_ORGANIZATION)/$(AZURE_PROJECT)/_git/$(AZURE_REPOSITORY) repo
cd repo
git checkout $(DEPENDABOT_TARGET_BRANCH)
git pull
displayName: 'Create and checkout git project'
- script: |
docker build -f Dockerfile -t dependobot .
displayName: Build dependobot with project
- script: |
docker run --rm -t \
-e GITHUB_ACCESS_TOKEN=$(GITHUB_ACCESS_TOKEN) \
-e AZURE_PROTOCOL=$(AZURE_PROTOCOL) \
-e AZURE_HOST=$(AZURE_HOSTNAME) \
-e AZURE_PORT=$(AZURE_PORT) \
-e AZURE_ACCESS_TOKEN=$(AZURE_ACCESS_TOKEN) \
-e AZURE_ORGANIZATION=$(AZURE_ORGANIZATION) \
-e AZURE_PROJECT=$(AZURE_PROJECT) \
-e AZURE_REPOSITORY=$(AZURE_REPOSITORY) \
-e DEPENDABOT_PACKAGE_MANAGER=$(DEPENDABOT_PACKAGE_MANAGER) \
-e DEPENDABOT_NPM_CREDENTIALS=$(DEPENDABOT_NPM_CREDENTIALS) \
-e DEPENDABOT_TARGET_BRANCH=$(DEPENDABOT_TARGET_BRANCH) \
-e DEPENDABOT_VERSIONING_STRATEGY=$(DEPENDABOT_VERSIONING_STRATEGY) \
-e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=$(DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT) \
-e DEPENDABOT_VERSIONING_STRATEGY=$(DEPENDABOT_VERSIONING_STRATEGY) \
-e DEPENDABOT_SEC_ONLY=$(DEPENDABOT_SEC_ONLY) \
-e DEPENDABOT_DIRECTORY=$DEPENDABOT_DIRECTORY \
dependobot
env:
GITHUB_ACCESS_TOKEN: $(GITHUB_ACCESS_TOKEN)
AZURE_ACCESS_TOKEN: $(AZURE_ACCESS_TOKEN)
AZURE_ORGANIZATION: $(AZURE_ORGANIZATION)
AZURE_PROJECT: $(AZURE_PROJECT)
AZURE_REPOSITORY: $(AZURE_REPOSITORY)
DEPENDABOT_PACKAGE_MANAGER: $(DEPENDABOT_PACKAGE_MANAGER)
DEPENDABOT_TARGET_BRANCH: $(DEPENDABOT_TARGET_BRANCH)
DEPENDABOT_VERSIONING_STRATEGY: $(DEPENDABOT_VERSIONING_STRATEGY)
DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT: $(DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT)
AZURE_PROTOCOL: $(AZURE_PROTOCOL)
AZURE_HOST: $(AZURE_HOST)
AZURE_PORT: $(AZURE_PORT)
DEPENDABOT_NPM_CREDENTIALS: $(DEPENDABOT_NPM_CREDENTIALS)
DEPENDABOT_SEC_ONLY: $(DEPENDABOT_SEC_ONLY)
displayName: 'Execute dependobot script'Whats its important is to copy the repo, scrtipts, gemlock.file into container, I do this with following Dockerfile
FROM dependabot/dependabot-core:0.155.0
# Copy the Gemfile and Gemfile.lock
ARG CODE_DIR=/home/dependabot/dependabot-script
RUN mkdir -p ${CODE_DIR}
COPY --chown=dependabot:dependabot Gemfile Gemfile.lock ${CODE_DIR}/
WORKDIR ${CODE_DIR}
# Install dependencies
RUN bundle config set --local path "vendor" \
&& bundle install --jobs 4 --retry 3
# Copy the Ruby scripts
COPY --chown=dependabot:dependabot update.rb ${CODE_DIR}
COPY --chown=dependabot:dependabot azure_helpers.rb ${CODE_DIR}
# Copy the repository
COPY --chown=dependabot:dependabot ./repo/ ${CODE_DIR}
# Run update script
ENTRYPOINT ["bundle", "exec", "ruby", "./update.rb"]
caugner
commented
2 years ago This is still an issue, and I'm currently experiencing this with dependabot-gitlab.
ianbunag
commented
2 years ago This has recently surfaced in Github's dependabot alerts. We have detected this as the most recent alerts show Dependabot::DependencyFileNotParseable errors. I have tried running dependabot-script locally for package manager npm_and_yarn with the following error logs:
/Users/retracted/.rvm/rubies/ruby-3.0.0/lib/ruby/3.0.0/json/common.rb:216:in `parse': 809: unexpected token at '' (JSON::ParserError)
from /Users/retracted/.rvm/rubies/ruby-3.0.0/lib/ruby/3.0.0/json/common.rb:216:in `parse'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb:197:in `parse_package_lock'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb:56:in `npm_lockfile_details'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb:27:in `block in lockfile_details'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb:24:in `each'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb:24:in `lockfile_details'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:96:in `build_dependency'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:74:in `block (3 levels) in manifest_dependencies'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:70:in `each'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:70:in `block (2 levels) in manifest_dependencies'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:68:in `each'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:68:in `block in manifest_dependencies'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:62:in `each'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:62:in `manifest_dependencies'
from /Users/retracted/.rvm/gems/ruby-3.0.0/gems/dependabot-npm_and_yarn-0.142.0/lib/dependabot/npm_and_yarn/file_parser.rb:41:in `parse'
from ./generic-update-script.rb:167:in `<main>'I have also confirmed that the bug is not due to updates in the package-lock.json file as the following dependabot-script runs result in the same error:
Dependabot::DependencyFileNotParseable error
AurimasNav
commented
2 years ago same issue:
2022-06-12T07:06:18.3167374Z ##[section]Starting: react-frontend
2022-06-12T07:06:18.3176921Z ==============================================================================
2022-06-12T07:06:18.3177262Z Task : Dependabot
2022-06-12T07:06:18.3177602Z Description : Automatically update dependencies and vulnerabilities in your code
2022-06-12T07:06:18.3177913Z Version : 1.6.202
2022-06-12T07:06:18.3178156Z Author : Tingle Software
2022-06-12T07:06:18.3178541Z Help : For help please visit https://github.com/tinglesoftware/dependabot-azure-devops
2022-06-12T07:06:18.3178963Z ==============================================================================
2022-06-12T07:06:18.4910315Z [command]/usr/bin/docker run --rm -i -e DEPENDABOT_PACKAGE_MANAGER=npm -e DEPENDABOT_FAIL_ON_EXCEPTION=true -e DEPENDABOT_EXCLUDE_REQUIREMENTS_TO_UNLOCK= -e AZURE_PROTOCOL=https -e AZURE_HOSTNAME=dev.azure.com -e AZURE_ORGANIZATION=<org> -e AZURE_PROJECT=<project> -e AZURE_REPOSITORY=react-frontend -e AZURE_ACCESS_TOKEN=*** -e AZURE_SET_AUTO_COMPLETE=true -e AZURE_MERGE_STRATEGY=1 -e DEPENDABOT_VERSIONING_STRATEGY=auto -e DEPENDABOT_OPEN_PULL_REQUESTS_LIMIT=50 -e DEPENDABOT_EXTRA_CREDENTIALS=*** -e GITHUB_ACCESS_TOKEN=*** -e AZURE_AUTO_APPROVE_PR=false tingle/dependabot-azure-devops:0.6
2022-06-12T07:06:21.1432312Z warning: parser/current is loading parser/ruby27, which recognizes2.7.6-compliant syntax, but you are running 2.7.5.
2022-06-12T07:06:21.1434525Z Please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.
2022-06-12T07:06:21.8171089Z GitHub access token has been provided.
2022-06-12T07:06:21.8177426Z Using hostname = 'dev.azure.com', protocol = 'https', port = '443'.
2022-06-12T07:06:21.8178120Z Using 'https://dev.azure.com:443/' as API endpoint
2022-06-12T07:06:21.8178773Z Fetching npm_and_yarn dependency files for <org>/<project>/_git/react-frontend
2022-06-12T07:06:21.8179310Z Targeting 'default' branch under '/' directory
2022-06-12T07:06:21.8179812Z Using 'bump_versions' requirements update strategy
2022-06-12T07:06:21.8180179Z Parsing dependencies information
2022-06-12T07:06:28.2132784Z Checking if @craco/craco 6.4.3 needs updating
2022-06-12T07:06:28.2133308Z No update needed for @craco/craco 6.4.3
2022-06-12T07:06:28.2133748Z Checking if @emotion/react 11.9.0 needs updating
2022-06-12T07:06:28.2134168Z No update needed for @emotion/react 11.9.0
2022-06-12T07:06:28.2134635Z Checking if @emotion/styled 11.8.1 needs updating
2022-06-12T07:06:28.2135055Z No update needed for @emotion/styled 11.8.1
2022-06-12T07:06:28.2135497Z Checking if @hookform/resolvers 2.9.0 needs updating
2022-06-12T07:08:41.2192383Z Requirements to unlock own
2022-06-12T07:08:41.2192772Z Updating @hookform/resolvers from 2.9.0 to 2.9.1
2022-06-12T07:09:30.0347154Z /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:129:in `rescue in run_helper_subprocess': Dependabot::SharedHelpers::HelperSubprocessFailed
2022-06-12T07:09:30.0375096Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:78:in `run_helper_subprocess'
2022-06-12T07:09:30.0376565Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:137:in `run_yarn_top_level_updater'
2022-06-12T07:09:30.0377731Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:108:in `block (2 levels) in run_yarn_updater'
2022-06-12T07:09:30.0378838Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:106:in `chdir'
2022-06-12T07:09:30.0379915Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:106:in `block in run_yarn_updater'
2022-06-12T07:09:30.0381244Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:168:in `with_git_configured'
2022-06-12T07:09:30.0382281Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:105:in `run_yarn_updater'
2022-06-12T07:09:30.0383376Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:77:in `run_current_yarn_update'
2022-06-12T07:09:30.0384495Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:58:in `block in updated_yarn_lock'
2022-06-12T07:09:30.0385648Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:49:in `block in in_a_temporary_directory'
2022-06-12T07:09:30.0386446Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:49:in `chdir'
2022-06-12T07:09:30.0387257Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-common-0.187.0/lib/dependabot/shared_helpers.rb:49:in `in_a_temporary_directory'
2022-06-12T07:09:30.0388281Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:54:in `updated_yarn_lock'
2022-06-12T07:09:30.0389248Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb:30:in `updated_yarn_lock_content'
2022-06-12T07:09:30.0390175Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:170:in `updated_yarn_lock_content'
2022-06-12T07:09:30.0391052Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:114:in `yarn_lock_changed?'
2022-06-12T07:09:30.0391942Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:138:in `block in updated_lockfiles'
2022-06-12T07:09:30.0392780Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:137:in `each'
2022-06-12T07:09:30.0393632Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:137:in `updated_lockfiles'
2022-06-12T07:09:30.0394518Z from /home/dependabot/dependabot-script/vendor/ruby/2.7.0/gems/dependabot-npm_and_yarn-0.187.0/lib/dependabot/npm_and_yarn/file_updater.rb:39:in `updated_dependency_files'
2022-06-12T07:09:30.0395134Z from ./update-script.rb:335:in `block in <main>'
2022-06-12T07:09:30.0395589Z from ./update-script.rb:273:in `each'
2022-06-12T07:09:30.0396011Z from ./update-script.rb:273:in `<main>'
Deaer dependabot-script team, We are experiencing some issue with
dependabot/dependabot-coreimage and its scriptssymptoms
We saw this error in our pipeline,
We used the latest
dependabot/dependabot-coreimage. so I think the latestdependabot/dependabot-coreis brokenroot cause suspects
Further investigation point me to this file
shared_helpers.rband this lineBy printing the
stderrinshared_helpers.rbI found thisBy inspecting the image file, I found this
So is
/opt/npm_and_yarn/run.jsexpectingnpminstead ofnpm6?Thank you