Merge branch 'main' into harry/removing-corepack-from-else-clause

dependabot · Jan 15, 2025 · 5be7fd1 · 5be7fd1
2 parents 6c832fc + 7e38cd7
commit 5be7fd1
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/npm_and_yarn/spec/npm_and_yarn_config_spec.rb b/npm_and_yarn/spec/npm_and_yarn_config_spec.rb
@@ -10,9 +10,6 @@
     npm_result = `npm config list`
     # Output from yarn config set
     expect(npm_result).to include("audit = false")
-    expect(npm_result).to include(
-      "cafile = \"/usr/local/share/ca-certificates/dbot-ca.crt\""
-    )
     expect(npm_result).to include("dry-run = true")
     expect(npm_result).to include("ignore-scripts = true")
   end

diff --git a/python/lib/dependabot/python/file_updater/requirement_replacer.rb b/python/lib/dependabot/python/file_updater/requirement_replacer.rb
@@ -14,6 +14,8 @@ class FileUpdater
       class RequirementReplacer
         PACKAGE_NOT_FOUND_ERROR = "PackageNotFoundError"
 
+        CERTIFICATE_VERIFY_FAILED = /CERTIFICATE_VERIFY_FAILED/
+
         def initialize(content:, dependency_name:, old_requirement:,
                        new_requirement:, new_hash_version: nil, index_urls: nil)
           @content          = content
@@ -153,6 +155,8 @@ def package_hashes_for(name:, version:, algorithm:)
                 args: args
               )
             rescue SharedHelpers::HelperSubprocessFailed => e
+              requirement_error_handler(e)
+
               raise unless e.message.include?("PackageNotFoundError")
 
               next
@@ -193,6 +197,17 @@ def requirements_match(req1, req2)
           req1&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort ==
             req2&.split(",")&.map { |r| r.gsub(/\s/, "") }&.sort
         end
+
+        public
+
+        def requirement_error_handler(error)
+          Dependabot.logger.warn(error.message)
+
+          return unless error.message.match?(CERTIFICATE_VERIFY_FAILED)
+
+          msg = "Error resolving dependency."
+          raise DependencyFileNotResolvable, msg
+        end
       end
     end
   end

diff --git a/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb b/python/spec/dependabot/python/file_updater/requirement_replacer_spec.rb
@@ -89,6 +89,20 @@
         it { is_expected.to include("Flask-SQLAlchemy\n") }
         it { is_expected.to include("zope.SQLAlchemy\n") }
       end
+
+      context "when requirement check returns unexpected exception" do
+        subject(:req_replacer) { replacer.requirement_error_handler(exception) }
+
+        let(:exception) { Exception.new(response) }
+
+        context "with a registry that results in failed certificate error" do
+          let(:response) { "CERTIFICATE_VERIFY_FAILED" }
+
+          it "raises a helpful error" do
+            expect { req_replacer }.to raise_error(Dependabot::DependencyFileNotResolvable)
+          end
+        end
+      end
     end
   end
 end