Fix error when parsing version of some PNPM lockfiles

dependabot · Nov 1, 2023 · 7954612 · 7954612
1 parent e3f0d41
commit 7954612
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 1 deletion.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
@@ -124,7 +124,7 @@ def self.run_yarn_command(command, fingerprint: nil)
       end
 
       def self.pnpm_lockfile_version(pnpm_lock)
-        pnpm_lock.content.match(/^lockfileVersion: '?(?<version>[\d.]+)/)[:version]
+        pnpm_lock.content.match(/^lockfileVersion: ['"]?(?<version>[\d.]+)/)[:version]
       end
 
       def self.dependencies_with_all_versions_metadata(dependency_set)

diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb
@@ -395,6 +395,24 @@
         )
       end
     end
+
+    context "using double quotes to surround lockfileVersion" do
+      before do
+         stub_request(:get, File.join(url, "pnpm-lock.yaml?ref=sha"))
+          .with(headers: { "Authorization" => "token token" })
+          .to_return(
+            status: 200,
+            body: fixture("github", "pnpm_lock_quotes_content.json"),
+            headers: json_header
+          )
+      end
+
+      it "parses a version properly" do
+        expect(file_fetcher_instance.ecosystem_versions).to match(
+          { package_managers: { "pnpm" => an_instance_of(Fixnum) } }
+        )
+      end
+    end
   end
 
   context "with an npm-shrinkwrap.json but no package-lock.json file" do

diff --git a/npm_and_yarn/spec/fixtures/github/pnpm_lock_quotes_content.json b/npm_and_yarn/spec/fixtures/github/pnpm_lock_quotes_content.json