In devcontainers, GitHub Action for dependabot fails due to unknown error when requirements are not specified.

[rhiroe]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

devcontainers

Package manager version

devcontainer feature 0.72.0

Language version

Ruby 3.3.6

Manifest location and content before the Dependabot update

/.devcontainer/devcontainer.json

{
  "name": "Dev",
  "dockerComposeFile": "compose.yml",
  "service": "app",
  "features": {
    "ghcr.io/rhiroe/features/saml2aws": {},
    }
}

/.devcontainer/devcontainer-lock.json

{
  "features": {
    "ghcr.io/rhiroe/features/saml2aws": {
      "version": "1.0.1",
      "resolved": "ghcr.io/rhiroe/features/saml2aws@sha256:29fd332f258a160bfd7b792829b477e278b025413ce38de8750ec4ec17aafb31",
      "integrity": "sha256:29fd332f258a160bfd7b792829b477e278b025413ce38de8750ec4ec17aafb31"
    }
  }
}

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "devcontainers"
    directory: "/"
    schedule:
      interval: weekly

Updated dependency

No response

What you expected to see, versus what you actually saw

What I expected

ghcr.io/rhiroe/features/saml2aws will be upgraded to the latest version (1.2.0).

What actually happened

updater | 2024/12/26 01:49:36 ERROR <job_938528337> Error processing ghcr.io/rhiroe/features/saml2aws (ArgumentError)

...

+---------------------------------------------------+
|           Dependencies failed to update           |
+-----------------------------------+---------------+
| ghcr.io/rhiroe/features/saml2aws  | unknown_error |
+-----------------------------------+---------------+
Failure running container 63862c913ede6a9f04df05b4ca6d329b2e895e5fcecd0046b432cc6c2568c0ad
Cleaned up container 63862c913ede6a9f04df05b4ca6d329b2e895e5fcecd0046b432cc6c2568c0ad
  proxy | 2024/12/26 01:49:41 22/70 calls cached (31%)
2024/12/26 01:49:41 Posting metrics to remote API endpoint
Error: Dependabot encountered an error performing the update

Error: The updater encountered one or more errors.

For more information see: https://github.com/Taimee/timee-payments/network/updates/938528337 (write access to the repository is required to view the log)
🤖 ~ finished: error reported to Dependabot ~

In the case of devcontainer.json as shown above, requirement for ghcr.io/rhiroe/features/saml2aws is nil.

dependabot-core/devcontainers/lib/dependabot/devcontainers/file_parser/feature_dependency_parser.rb

Line 80 in c0b00ef

name, requirement = feature.split(":")

The Dependabot::Devcontainers::Version.new(nil) is failing with unknown_error because it causes an ArgumentError.

dependabot-core/devcontainers/lib/dependabot/devcontainers/update_checker.rb

Line 30 in c0b00ef

required_version = T.cast(version_class.new(requirement[:requirement]), Dependabot::Devcontainers::Version)

irb(main):001> require 'dependabot/devcontainers'
=> true
irb(main):002> Dependabot::Devcontainers::Version.new(nil)
/usr/local/lib/ruby/site_ruby/3.3.0/rubygems/version.rb:223:in `initialize': Malformed version number string  (ArgumentError)

      raise ArgumentError, "Malformed version number string #{version}"
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        from /home/dependabot/common/lib/dependabot/version.rb:19:in `initialize'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `bind_call'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `validate_call'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
        from /usr/local/lib/ruby/site_ruby/3.3.0/rubygems/version.rb:204:in `new'
        from /usr/local/lib/ruby/site_ruby/3.3.0/rubygems/version.rb:204:in `new'
        from /home/dependabot/common/lib/dependabot/version.rb:24:in `new'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `bind_call'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/call_validation.rb:270:in `validate_call'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11577/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
        from (irb):2:in `<main>'
        from <internal:kernel>:187:in `loop'
        from /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/irb-1.12.0/exe/irb:9:in `<top (required)>'
        from /home/dependabot/dependabot-updater/.bundle/bin/irb:27:in `load'
        from /home/dependabot/dependabot-updater/.bundle/bin/irb:27:in `<main>'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[rhiroe]

dependabot-core/devcontainers/lib/dependabot/devcontainers/update_checker.rb

Line 30 in c0b00ef

required_version = T.cast(version_class.new(requirement[:requirement]), Dependabot::Devcontainers::Version)

- required_version = T.cast(version_class.new(requirement[:requirement]), Dependabot::Devcontainers::Version) 
+ required_version = T.cast(version_class.new(requirement[:requirement] || '0'), Dependabot::Devcontainers::Version) 

The above resolves the issue, but I am not confident that this change is correct.