Dependabot for azure devops throws exception when trying to update npm dependencies with package-lock.json

Question

Dependabot for azure devops throws exception when trying to update npm dependencies with package-lock.json

222 Views Asked by Mohamed At 20 October 2024 at 19:39

When trying to update dependencies of a frontend project in azure pipeline with dependabot, everythings works fine when I delete the package-lock.json file, but got an error when the file exist in the repository.

The repository uses a private registry feed (proget).

I tried installing the packages with different npm versions
delete the package-lock.json file, it is working fine in this case

Some additional info: I'm using dependabot-azure-devops, where I Pull the docker image directly instead of compiling the dockerfile myself.

The error that I got is this:

Requirements to unlock own
Requirements update strategy bump_versions
Updating @fortawesome/fontawesome-free from 6.1.1 to 6.5.1
Error working on updates for @fortawesome/fontawesome-free 6.1.1 (continuing)
/usr/local/lib/ruby/3.1.0/open3.rb:222:in `spawn': No such file or directory - npm (Errno::ENOENT)
    from /usr/local/lib/ruby/3.1.0/open3.rb:222:in `popen_run'
    from /usr/local/lib/ruby/3.1.0/open3.rb:210:in `popen2e'
    from /usr/local/lib/ruby/3.1.0/open3.rb:399:in `capture2e'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/shared_helpers.rb:409:in `run_shell_command'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:153:in `bind_call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:153:in `validate_call_skip_block_type'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:95:in `block in create_validator_slow_skip_block_type'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:272:in `run_npm_install_lockfile_only'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:194:in `run_npm8_top_level_updater'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:161:in `run_npm_top_level_updater'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:150:in `block in run_npm_updater'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/shared_helpers.rb:264:in `with_git_configured'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:256:in `bind_call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:256:in `validate_call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:177:in `block in create_validator_slow'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:147:in `run_npm_updater'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:116:in `run_current_npm_update'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:61:in `block (2 levels) in updated_lockfile_content'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:61:in `chdir'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:61:in `block in updated_lockfile_content'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/shared_helpers.rb:80:in `block in in_a_temporary_directory'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/shared_helpers.rb:80:in `chdir'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.237.0/lib/dependabot/shared_helpers.rb:80:in `in_a_temporary_directory'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:256:in `bind_call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:256:in `validate_call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11141/lib/types/private/methods/call_validation.rb:177:in `block in create_validator_slow'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:59:in `updated_lockfile_content'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb:30:in `updated_lockfile'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:278:in `updated_lockfile_content'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:180:in `package_lock_changed?'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:218:in `block in updated_lockfiles'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:217:in `each'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:217:in `updated_lockfiles'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-npm_and_yarn-0.237.0/lib/dependabot/npm_and_yarn/file_updater.rb:44:in `updated_dependency_files'
    from bin/update_script.rb:661:in `block in <main>'
    from bin/update_script.rb:539:in `each'
    from bin/update_script.rb:539:in `<main>'

Update: I switched to the public npm registry and still get the same error, for info, here is the package.json I use in one of the tests:

{
  "name": "frontend",
  "version": "0.1.0",
  "private": true,
  "scripts": {
    "dev": "vite",
    "build": "vite build",
    "preview": "vite preview --port 5050",
    "lint": "eslint . --ext .vue,.js,.jsx,.cjs,.mjs --fix --ignore-path .gitignore"
  },
  "dependencies": {
    "@fortawesome/fontawesome-free": "^6.0.0",
    "@microsoft/signalr": "^6.0.3",
    "axios": "^0.26.0",
    "bootstrap": "^5.1.3",
    "core-js": "^3.21.1",
    "pinia": "^2.0.14",
    "style-loader": "^3.3.1",
    "vue": "^3.2.31",
    "vue-router": "^4.0.12",
    "vue3-treeview": "^0.3.8"
  },
  "devDependencies": {
    "@babel/core": "^7.17.5",
    "@babel/eslint-parser": "^7.17.0",
    "@babel/preset-env": "^7.16.11",
    "@vitejs/plugin-vue": "^2.2.2",
    "eslint": "^8.9.0",
    "eslint-plugin-import": "^2.25.4",
    "eslint-plugin-node": "^11.1.0",
    "eslint-plugin-promise": "^6.0.0",
    "eslint-plugin-standard": "^5.0.0",
    "eslint-plugin-vue": "^8.2.0",
    "sass": "^1.49.8",
    "sass-loader": "^12.6.0",
    "vite": "^2.8.4"
  }
}

I'm not the one who created the frontend apps nor am I an expert in frontend development, but the application is working fine.

Original Q&A

There are 1 best solutions below

**wade zhou - MSFT** · Answer 1

This is correct behavior. The error could occur when discrepancies exist between the dependencies listed in package.json and package-lock.json.

package-lock.json stores an exact, versioned dependency tree, ensuring that all developers working on a project install exactly the same dependencies, even if intermediate dependency updates occur.

Hence, if there's are some dependencies update, you need to make sure that the package-lock.json file is up-to-date with the package.json file. You can run npm install locally to regenerate package-lock.json and commit the changes to the repository. Or simply delete package-lock.json during install to fix the error.

Dependabot for azure devops throws exception when trying to update npm dependencies with package-lock.json

There are 1 best solutions below

Related Questions in NPM

Related Questions in AZURE-DEVOPS

Related Questions in DEPENDABOT

Trending Questions

Popular # Hahtags

Popular Questions