Rescue errors in metadata_cascades_for_dep to prevent PR message loss

yeikel · yeikel · commit f6ae25efcc85 · 2026-05-04T13:17:06.000-04:00
When metadata_cascades_for_dep encounters a network error (e.g., GitHub API timeout), it now gracefully handles the failure by returning an empty string and logging the error via suppress_error. This allows the PR message to be assembled without the metadata cascade sections (changelog, commits, releases) but still includes the important intro line and message content. Previously, any error in metadata fetching would propagate up to pr_message's top-level rescue, causing the entire PR body to be discarded and replaced with just the header and footer. Fixes #14904
diff --git a/common/lib/dependabot/pull_request_creator/message_builder.rb b/common/lib/dependabot/pull_request_creator/message_builder.rb
@@ -801,6 +801,9 @@ def metadata_cascades_for_dep(dependency)
           vulnerabilities_fixed: vulnerabilities_fixed[dependency.name],
           github_redirection_service: github_redirection_service
         ).to_s
+      rescue StandardError => e
+        suppress_error("metadata cascades for #{dependency.name}", e)
+        ""
       end
 
       sig { returns(String) }
diff --git a/common/spec/dependabot/pull_request_creator/message_builder_spec.rb b/common/spec/dependabot/pull_request_creator/message_builder_spec.rb
@@ -1121,9 +1121,9 @@ def commits_details(base:, head:)
           stub_request(:any, /.*/).to_raise(SocketError)
         end
 
-        it "has a blank message" do
+        it "still builds the pr_message without the metadata cascade" do
           expect(pr_message)
-            .to eq("")
+            .to eq("Bumps [business](https://github.com/gocardless/business) from 1.4.0 to 1.5.0.")
         end
       end
 
@@ -1155,6 +1155,20 @@ def commits_details(base:, head:)
         end
       end
 
+      context "when github.com is unreachable while fetching metadata" do
+        before do
+          allow_any_instance_of(Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter)
+            .to receive(:to_s)
+            .and_raise(SocketError, "Connection refused - connect(2) for \"api.github.com\" port 443")
+        end
+
+        it "still builds the pr_message without the metadata cascade" do
+          expect(pr_message).to eq(
+            "Bumps [business](https://github.com/gocardless/business) from 1.4.0 to 1.5.0."
+          )
+        end
+      end
+
       context "with a relative link in the changelog" do
         before do
           stub_request(
