Fix some test failures introduced by subclasses

brrygrdn · brrygrdn · commit ae4fe08a54ef · 2026-05-21T20:27:13.000+01:00
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/dependency_grapher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/dependency_grapher.rb
@@ -110,11 +110,14 @@ def parsed_package_json
 
       sig { returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
       def lockfiles_hash
-        {
-          npm: dependency_files.find { |f| f.name.end_with?(NpmPackageManager::LOCKFILE_NAME) },
-          yarn: dependency_files.find { |f| f.name.end_with?(YarnPackageManager::LOCKFILE_NAME) },
-          pnpm: dependency_files.find { |f| f.name.end_with?(PNPMPackageManager::LOCKFILE_NAME) }
-        }
+        @lockfiles_hash ||= T.let(
+          {
+            npm: dependency_files.find { |f| f.name.end_with?(NpmPackageManager::LOCKFILE_NAME) },
+            yarn: dependency_files.find { |f| f.name.end_with?(YarnPackageManager::LOCKFILE_NAME) },
+            pnpm: dependency_files.find { |f| f.name.end_with?(PNPMPackageManager::LOCKFILE_NAME) }
+          },
+          T.nilable(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)])
+        )
       end
 
       sig { returns(String) }
@@ -161,6 +164,7 @@ def inject_ephemeral_lockfile(ephemeral_lockfile)
 
         # Clear our cached lockfile reference so it picks up the new one
         remove_instance_variable(:@lockfile) if instance_variable_defined?(:@lockfile)
+        remove_instance_variable(:@lockfiles_hash) if instance_variable_defined?(:@lockfiles_hash)
 
         # Clear the FileParser's memoized lockfile references so it will
         # find the newly injected lockfile when parse is called
@@ -237,6 +241,11 @@ def package_relationships
           fetch_package_relationships,
           T.nilable(T::Hash[String, T::Array[String]])
         )
+      rescue StandardError => e
+        errored_fetching_subdependencies!
+        @subdependency_error = T.let(e, T.nilable(StandardError))
+        Dependabot.logger.error("Error fetching subdependencies: #{e.message}")
+        @package_relationships = {}
       end
 
       sig { returns(T::Hash[String, T::Array[String]]) }
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/dependency_grapher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/dependency_grapher_spec.rb
@@ -872,7 +872,7 @@
         corrupt_lockfile = Dependabot::DependencyFile.new(
           name: "package-lock.json", content: "not valid json {{{", directory: "/"
         )
-        grapher.instance_variable_set(:@npm_lockfile, corrupt_lockfile)
+        grapher.send(:lockfiles_hash)[:npm] = corrupt_lockfile
       end
 
       it "sets the errored_fetching_subdependencies flag" do
@@ -907,7 +907,7 @@
         corrupt_lockfile = Dependabot::DependencyFile.new(
           name: "yarn.lock", content: "\x00\x01 invalid", directory: "/"
         )
-        grapher.instance_variable_set(:@yarn_lockfile, corrupt_lockfile)
+        grapher.send(:lockfiles_hash)[:yarn] = corrupt_lockfile
       end
 
       it "sets the errored_fetching_subdependencies flag" do
@@ -942,7 +942,7 @@
         corrupt_lockfile = Dependabot::DependencyFile.new(
           name: "pnpm-lock.yaml", content: ": :\n  invalid: [yaml", directory: "/"
         )
-        grapher.instance_variable_set(:@pnpm_lockfile, corrupt_lockfile)
+        grapher.send(:lockfiles_hash)[:pnpm] = corrupt_lockfile
       end
 
       it "sets the errored_fetching_subdependencies flag" do
