Yarn 2 protocols result in Dependabot error

[stovmascript]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

Package manager version

Yarn 3.1.1

Language version

Node.js 16.13.2

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: npm
    directory: '/'
    schedule:
      interval: weekly
      day: saturday
    open-pull-requests-limit: 10
    target-branch: dev
    commit-message:
      prefix: fix
      prefix-development: chore
      include: scope
    allow:
      - dependency-type: development
      - dependency-name: '@lingui/*'
      - dependency-name: '@sentry/*'
      - dependency-name: 'next'
    ignore:
      - dependency-name: '~'
      - dependency-name: e2e
      - dependency-name: react-is
      - dependency-name: typescript

Updated dependency

No response

What you expected to see, versus what you actually saw

We make use of Yarn 2 protocols, specifically the link: protocol to get native module aliases (at the package manager level), so we don't need further tooling (Babel module resolver, etc.). We can then import like so:

// resolves to our <root>/e2e folder
import pages from 'e2e/pages.fixture.mjs'

// resolves to our <root>/src folder
import Widget from '~/components/widgets/Widget'
import isEmpty from '~/helpers/isEmpty'

These links are defined in our package.json among other dependencies:

{
  "dependencies": {
    "date-fns": "^2.28.0",
    "e2e": "link:./e2e",
    "~": "link:./src"
  }
}

Dependabot will choke on these when trying to fetch them. As noted above, I tried to ignore them in our dependabot.yml, which didn't work.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

This is the error we see in our Dependency graph:

Here are the update logs we see:

  proxy | time="2022-11-10T20:48:04Z" level=info msg="proxy starting" commit=fa80f718f24b195d66d5537781a77f0a8e8cee62
  proxy | 2022/11/10 20:48:04 Listening (:1080)
updater | 2022-11-10T20:48:04.491575147 [507683626:main:WARN:src/devices/src/legacy/serial.rs:214] Detached the serial input due to peer close/error.
updater | time="2022-11-10T20:48:06Z" level=info msg="guest starting" commit=42441b355753c42573b16dc1d5c0da5de9bb45b3
updater | time="2022-11-10T20:48:06Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=507683626 updater_timeout=45m0s updater_version=cf448a99d35d7956f4c64b8249029324c9627a91
updater | I, [2022-11-10T20:48:07.736537 #8]  INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors
updater | To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
updater | INFO <job_507683626> Starting job processing
  proxy | 2022/11/10 20:48:09 [002] GET https://github.com:443/monitora-media/monitora-frontend/info/refs?service=git-upload-pack
  proxy | 2022/11/10 20:48:09 [002] * authenticating git server request (host: github.com)
  proxy | 2022/11/10 20:48:09 [002] 200 https://github.com:443/monitora-media/monitora-frontend/info/refs?service=git-upload-pack
  proxy | 2022/11/10 20:48:10 [004] POST https://github.com:443/monitora-media/monitora-frontend/git-upload-pack
  proxy | 2022/11/10 20:48:10 [004] * authenticating git server request (host: github.com)
  proxy | 2022/11/10 20:48:10 [004] 200 https://github.com:443/monitora-media/monitora-frontend/git-upload-pack
  proxy | 2022/11/10 20:48:10 [006] POST https://github.com:443/monitora-media/monitora-frontend/git-upload-pack
  proxy | 2022/11/10 20:48:10 [006] * authenticating git server request (host: github.com)
  proxy | 2022/11/10 20:48:10 [006] 200 https://github.com:443/monitora-media/monitora-frontend/git-upload-pack
updater | ERROR <job_507683626> Error during file fetching; aborting
updater | INFO <job_507683626> Finished job processing
updater | INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | time="2022-11-10T20:48:15Z" level=info msg="task complete" container_id=job-507683626-file-fetcher exit_code=0 job_id=507683626 step=fetcher
updater | time="2022-11-10T20:48:15Z" level=warning msg="failed during fetch, skipping updater" job_id=507683626

Smallest manifest that reproduces the issue

Files

the_whole_thing.patch (separate files below)

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c01e06f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,13 @@
+node_modules
+
+# Yarn
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Zero-Installs disabled
+# !.yarn/cache
+.pnp.*
diff --git a/.yarnrc.yml b/.yarnrc.yml
new file mode 100644
index 0000000..3186f3f
--- /dev/null
+++ b/.yarnrc.yml
@@ -0,0 +1 @@
+nodeLinker: node-modules
diff --git a/index.mjs b/index.mjs
new file mode 100644
index 0000000..f6e69b5
--- /dev/null
+++ b/index.mjs
@@ -0,0 +1,4 @@
+import { isToday } from "date-fns";
+import { isYesterday } from "~/util/isYesterday.mjs";
+
+console.log(isToday(new Date()), isYesterday(new Date()));
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..54e81fe
--- /dev/null
+++ b/package.json
@@ -0,0 +1,8 @@
+{
+  "name": "yarn2dependabot",
+  "packageManager": "yarn@3.2.4",
+  "dependencies": {
+    "date-fns": "^2.29.3",
+    "~": "link:./src"
+  }
+}
diff --git a/src/util/isYesterday.mjs b/src/util/isYesterday.mjs
new file mode 100644
index 0000000..3d4149a
--- /dev/null
+++ b/src/util/isYesterday.mjs
@@ -0,0 +1 @@
+export { isYesterday } from "date-fns";

src/util/isYesterday.mjs

export { isYesterday } from "date-fns";

.yarnrc.yml

nodeLinker: node-modules

index.mjs

import { isToday } from "date-fns";
import { isYesterday } from "~/util/isYesterday.mjs";

console.log(isToday(new Date()), isYesterday(new Date()));

package.json

{
  "name": "yarn2dependabot",
  "packageManager": "yarn@3.2.4",
  "dependencies": {
    "date-fns": "^2.29.3",
    "~": "link:./src"
  }
}

Usage

Put the above files in a new folder, or apply the patch to a new empty repo and run:

$ yarn
$ node index.mjs # should output:
# true false

Running a Dependabot update on this project should result in the error.

[stovmascript]

I've created a sample repo, which results in the same error during update:

  proxy | time="2022-11-11T10:24:49Z" level=info msg="proxy starting" commit=fa80f718f24b195d66d5537781a77f0a8e8cee62
  proxy | 2022/11/11 10:24:50 Listening (:1080)
updater | 2022-11-11T10:24:50.295643629 [508651358:main:WARN:src/devices/src/legacy/serial.rs:214] Detached the serial input due to peer close/error.
updater | time="2022-11-11T10:24:52Z" level=info msg="guest starting" commit=42441b355753c42573b16dc1d5c0da5de9bb45b3
updater | time="2022-11-11T10:24:52Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=508651358 updater_timeout=45m0s updater_version=fd4f9f6e6fa9e7f8363c7c3d6c84027a9156c3bf
updater | I, [2022-11-11T10:24:54.837121 #7]  INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors
updater | To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
updater | INFO <job_508651358> Starting job processing
  proxy | 2022/11/11 10:24:57 [002] GET https://github.com:443/monitora-media/yarn2dependabot/info/refs?service=git-upload-pack
  proxy | 2022/11/11 10:24:57 [002] * authenticating git server request (host: github.com)
  proxy | 2022/11/11 10:25:00 [002] 200 https://github.com:443/monitora-media/yarn2dependabot/info/refs?service=git-upload-pack
  proxy | 2022/11/11 10:25:00 [004] POST https://github.com:443/monitora-media/yarn2dependabot/git-upload-pack
  proxy | 2022/11/11 10:25:00 [004] * authenticating git server request (host: github.com)
  proxy | 2022/11/11 10:25:00 [004] 200 https://github.com:443/monitora-media/yarn2dependabot/git-upload-pack
  proxy | 2022/11/11 10:25:00 [006] POST https://github.com:443/monitora-media/yarn2dependabot/git-upload-pack
  proxy | 2022/11/11 10:25:00 [006] * authenticating git server request (host: github.com)
  proxy | 2022/11/11 10:25:00 [006] 200 https://github.com:443/monitora-media/yarn2dependabot/git-upload-pack
updater | ERROR <job_508651358> Error during file fetching; aborting
updater | INFO <job_508651358> Finished job processing
updater | INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | time="2022-11-11T10:25:02Z" level=info msg="task complete" container_id=job-508651358-file-fetcher exit_code=0 job_id=508651358 step=fetcher
updater | time="2022-11-11T10:25:02Z" level=warning msg="failed during fetch, skipping updater" job_id=508651358

[nnmax]

same issue

[github-actions]

👋 This issue has been marked as stale because it has been open for 2 years with no activity. You can comment on the issue to hold stalebot off for a while, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.