Page MenuHomePhabricator
Create Task
Maniphest T269520

libup fails on npm audit fix not providing the actions key
Closed, DuplicatePublic
Actions

Description

https://libraryupgrader2.wmcloud.org/r/mediawiki/extensions/HoverGallery

Traceback (most recent call last):
  File "/venv/lib/python3.7/site-packages/libup-0.0.1-py3.7.egg/libup/ng.py", line 1145, in main
    libup.run(args.repo, args.output)
  File "/venv/lib/python3.7/site-packages/libup-0.0.1-py3.7.egg/libup/ng.py", line 1100, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.7/site-packages/libup-0.0.1-py3.7.egg/libup/ng.py", line 189, in npm_audit_fix
    for action in audit['actions']:
KeyError: 'actions'

Running npm audit -json gives:

{
  "actions": [],
  "advisories": {},
  "muted": [],
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 0,
      "critical": 0
    },
    "dependencies": 0,
    "devDependencies": 640,
    "optionalDependencies": 0,
    "totalDependencies": 640
  },
  "runId": "......"
}

Running npm audit fix -json gives:

{
  "added": [],
  "removed": [],
  "updated": [],
  "moved": [],
  "failed": [],
  "warnings": [
    "eslint-plugin-vue@6.2.2 requires a peer of eslint@^5.0.0 || ^6.0.0 but none is installed. You must install peer dependencies yourself."
  ],
  "funding": "62 packages are looking for funding",
  "elapsed": 5076
}

No actions key for libup to loop for

I am not sure what the best way is to avoid such errors in python

Event Timeline

Umherirrender created this task.Dec 6 2020, 10:51 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 6 2020, 10:51 AM
Legoktm added a comment.Dec 23 2020, 8:32 PM

I've observed the npm audit endpoint regularly failing to return results, maybe we're hitting some limits or it's just buggy. We should probably just add a check 'actions' in audit before trying to iterate over it, gracefully skipping if that's the case.

Umherirrender closed this task as a duplicate of T228173: libup KeyError 'actions' in npm_audit_fix.Dec 30 2020, 7:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL