Adds check for dependency info while parsing

dependabot · Jan 23, 2025 · 4fd1285 · 4fd1285
1 parent ef43b4c
commit 4fd1285
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb
@@ -453,6 +453,11 @@ def path_dependency_details_from_manifest(file)
 
         resolution_deps = resolution_objects.flat_map(&:to_a)
                                             .map do |path, value|
+          # skip dependencies that contain invalid values such as inline comments, null, etc.
+          # These values are usually in form of string arrays, so we can skip these deps.
+
+          next unless value.is_a?(String)
+
           convert_dependency_path_to_name(path, value)
         end