[Stimulus] Dependabot NPM no longer updates due to Stimulus/UX vendor file paths in package.json #58678
Description
Symfony version(s) affected
7.0
Description
Dependabot no longer updates NPM packages in package.json when it depends on assets from bundles like Stimulus (or other UX packages). These have references to local file paths like file:vendor/symfony/stimulus-bundle/assets.
The error in logging that Dependabot shows is as follows:
2024-09-26T20:12:55.5383203Z updater | 2024/09/26 20:12:55 ERROR <job_891655384> Error during file fetching; aborting: The following path based dependencies could not be retrieved: @symfony/stimulus-bundle
2024-09-26T20:12:55.6591948Z proxy | 2024/09/26 20:12:55 [008] POST /update_jobs/891655384/record_update_job_error
2024-09-26T20:12:55.7579478Z proxy | 2024/09/26 20:12:55 [008] 204 /update_jobs/891655384/record_update_job_error
2024-09-26T20:12:55.8079080Z proxy | 2024/09/26 20:12:55 [010] PATCH /update_jobs/891655384/mark_as_processed
2024-09-26T20:12:55.8718565Z proxy | 2024/09/26 20:12:55 [010] 204 /update_jobs/891655384/mark_as_processed
2024-09-26T20:12:55.8748757Z updater | 2024/09/26 20:12:55 INFO <job_891655384> Finished job processing
2024-09-26T20:12:55.8774655Z updater | 2024/09/26 20:12:55 INFO Results:
2024-09-26T20:12:55.8779603Z Dependabot encountered '1' error(s) during execution, please check the logs for more details.
2024-09-26T20:12:55.8784340Z +---------------------------------+
2024-09-26T20:12:55.8787953Z | Errors |
2024-09-26T20:12:55.8790659Z +---------------------------------+
2024-09-26T20:12:55.8795300Z | path_dependencies_not_reachable |
2024-09-26T20:12:55.8796169Z +---------------------------------+
2024-09-26T20:12:56.0448570Z Failure running container f4dc4b7d8d61497057cd9e3c0ec13ac8464e6587d6a9745cd9c067bebef1e20d
2024-09-26T20:12:56.1228791Z Cleaned up container f4dc4b7d8d61497057cd9e3c0ec13ac8464e6587d6a9745cd9c067bebef1e20d
2024-09-26T20:12:56.1381106Z proxy | 2024/09/26 20:12:56 0/5 calls cached (0%)
2024-09-26T20:12:56.1386530Z proxy | 2024/09/26 20:12:56 Posting metrics to remote API endpoint
2024-09-26T20:12:56.5379023Z ##[error]Dependabot encountered an error performing the update
Error: The updater encountered one or more errors.
How to reproduce
/app/package.json
"devDependencies": {
"@symfony/stimulus-bridge": "^3.2.2",
"@symfony/stimulus-bundle": "file:vendor/symfony/stimulus-bundle/assets",
"@symfony/ux-autocomplete": "file:vendor/symfony/ux-autocomplete/assets",
"@symfony/ux-lazy-image": "file:vendor/symfony/ux-lazy-image/assets",/app/package-lock.json
"node_modules/@symfony/stimulus-bundle": {
"resolved": "vendor/symfony/stimulus-bundle/assets",
"link": true
},
"node_modules/@symfony/ux-autocomplete": {
"resolved": "vendor/symfony/ux-autocomplete/assets",
"link": true
},
"node_modules/@symfony/ux-lazy-image": {
"resolved": "vendor/symfony/ux-lazy-image/assets",
"link": true
},/app/.github/dependabot.yml
version: 2
updates:
- package-ecosystem: "composer"
directory: "/"
target-branch: "master"
schedule:
interval: "weekly"
day: "sunday"
- package-ecosystem: "npm"
directory: "/"
target-branch: "master"
schedule:
interval: "weekly"
day: "sunday"Possible Solution
Document recommended steps to workaround this problem.