Skip catalog protocol dependencies if workspace file context is missi…

…ng (#11361)

npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -212,7 +212,7 @@ def manifest_dependencies
             next unless requirement.is_a?(String)
 
             # Skip dependencies using Yarn workspace cross-references as requirements
-            next if requirement.start_with?("workspace:")
+            next if requirement.start_with?("workspace:", "catalog:")
 
             requirement = "*" if requirement == ""
             dep = build_dependency(

npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb

@@ -90,6 +90,12 @@
         its(:length) { is_expected.to eq(0) }
       end
 
+      context "with pnpm `catalog:` requirements and no lockfile" do
+        let(:files) { project_dependency_files("yarn/workspace_requirements_catalog") }
+
+        its(:length) { is_expected.to eq(0) }
+      end
+
       context "with a package-lock.json" do
         let(:npm_fallback_version_above_v6_enabled) { false }
 

npm_and_yarn/spec/fixtures/projects/yarn/workspace_requirements_catalog/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "workspace_requirements_catalog",
+  "version": "0.0.1",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/gocardless/bump-test.git"
+  },
+  "author": "",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/gocardless/bump-test/issues"
+  },
+  "homepage": "https://github.com/gocardless/bump-test#readme",
+  "dependencies": {
+    "ember-simple-charts": "catalog:",
+    "react": "catalog:react18"
+  }
+}