fix: return on invalid ref pointer in remove-unused-components

[jooola]

What/Why/How?

When bundling a specification with --remove-unused-components --dereferenced, and the specification has an invalid reference:

  parameters:
    - $ref: "../parameters.yml#/QueryProjectCreatedBefore.fail"

The process fails with:

  $redocly bundle my-api --dereferenced --remove-unused-components --output dist/my-api.json
  bundling src/my-api.yml using configuration for api 'my-api'...
  Something went wrong when processing /work/openapi-spec/src/openapi.yml:

    - Cannot read properties of undefined (reading 'split')

This change ensures that when the absolute pointer cannot be split into 2 parts, the visitor returns and let redocly report the Can't resolve $ref error.

Note that not all invalid references run into this bug, for example the following reference will correctly be reported as an error:

  parameters:
    - $ref: "../parameters.yml#/QueryProjectCreatedBefore/fail"

Reference

  parameters:
    - $ref: "../parameters.yml#/QueryProjectCreatedBefore.fail"

Testing

Couldn't find a way to test this bug with the existing tests functions. To fully test this, 2 files are required, one referencing the other.

Check yourself

• Code changed? - Tested with Redoc/Realm/Reunite (internal)
• All new/updated code is covered by tests
• New package installed? - Tested in different environments (browser/node)

Security

• The security impact of the change has been considered
• Code follows company security practices and guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: e85fb7e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@redocly/openapi-core	Patch
@redocly/cli	Patch
@redocly/respect-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[tatomyr]

Thanks for contributing, @jooola! Could you add a unit or an E2E test to cover this case?

[jooola]

@tatomyr Done, I hope the test are in the correct location.

[tatomyr]

@jooola could you also add the corresponding fix for OAS2 here? Otherwise looks good to me.

[tatomyr]

Or we will do it ourselves 🙂. Anyway, thank you for your contribution!
cc @DmitryAnansky

[el2iot2]

Heads up, a recent setup was working on ran afoul of (possibly? probably?) this change. Got an error like:

But in VSCode with redocly extension, it shows no errors and is valid:

(example invalid entry supplied to show validation was on and working)

Had several such apis with $ref usages side by side, and only one was marked invalid.

By commenting remove-unused-components in redocly.yaml, the validation error went away.

I suspect that the remove references somehow dropped the securitySchemes in a way that made it look invalid to a later pass??

Anyway...submitted for consideration.

CC @jooola