Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::Late…

…stVersionFinder::RegistryError (#10322)

* Handles inconsistent response from registry

npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb

@@ -815,6 +815,29 @@
     end
   end
 
+  context "with a registry package lookup that returns a 404" do
+    let(:files) { project_dependency_files("npm/simple_with_no_access_registry") }
+    let(:dependency_name) { "@gcorevideo/rtckit" }
+    let(:version) { "3.3.1" }
+    let(:previous_version) { "^3.3.0" }
+    let(:requirements) do
+      [{
+        file: "package.json",
+        requirement: "^3.3.0",
+        groups: ["dependencies"],
+        source: {
+          type: "registry",
+          url: "http://npmrepo.nl"
+        }
+      }]
+    end
+    let(:previous_requirements) { requirements }
+
+    it "raises a helpful error" do
+      expect { updated_npm_lock_content }.to raise_error(Dependabot::DependencyFileNotResolvable)
+    end
+  end
+
   context "with a dependency with nested aliases not supported" do
     let(:files) { project_dependency_files("npm/simple_with_nested_deps") }
     let(:dependency_name) { "express" }

npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/latest_version_finder_spec.rb

@@ -863,6 +863,23 @@
       end
     end
 
+    context "when the npm registry package lookup returns a 404 error" do
+      before do
+        stub_request(:get, registry_listing_url)
+          .to_return(status: 404, body: '{"error":"Not found"}')
+
+        allow(version_finder).to receive(:sleep).and_return(true)
+      end
+
+      it "raises an error" do
+        expect { version_finder.latest_version_from_registry }
+          .to raise_error do |err|
+            expect(err.class).to eq(described_class::RegistryError)
+            expect(err.status).to eq(404)
+          end
+      end
+    end
+
     context "when the dependency has been deprecated" do
       let(:registry_response) do
         fixture("npm_responses", "etag_deprecated.json")

npm_and_yarn/spec/fixtures/projects/npm/simple_with_no_access_registry/.npmrc

@@ -0,0 +1,2 @@
+engine-strict=true
+@gcore:registry = "http://npmrepo.nl"

npm_and_yarn/spec/fixtures/projects/npm/simple_with_no_access_registry/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "xyz",
+  "version": "0.1.0",
+  "main": "index.js",
+  "author": "abc",
+  "license": "ISC",
+  "description": "",
+  "devDependencies": {
+  },
+  "dependencies": {
+    "@gcorevideo/rtckit": "^0.61.0"
+  }
+}

updater/lib/dependabot/updater/operations/update_all_versions.rb

@@ -74,7 +74,7 @@ def check_and_create_pr_with_error_handling(dependency)
             error_detail: e.message
           )
         rescue StandardError => e
-          error_handler.handle_dependency_error(error: e, dependency: dependency)
+          process_dependency_error(e, dependency)
         end
 
         # rubocop:disable Metrics/AbcSize
@@ -181,6 +181,15 @@ def log_checking_for_update(dependency)
           job.log_ignore_conditions_for(dependency)
         end
 
+        def process_dependency_error(error, dependency)
+          if error.class.to_s.include?("RegistryError")
+            ex = Dependabot::DependencyFileNotResolvable.new(error.message)
+            error_handler.handle_dependency_error(error: ex, dependency: dependency)
+          else
+            error_handler.handle_dependency_error(error: error, dependency: dependency)
+          end
+        end
+
         def all_versions_ignored?(dependency, checker)
           Dependabot.logger.info("Latest version is #{checker.latest_version}")
           false