Dependabot fails to resolve npmRegistryServer correctly in .yarnrc.yml #11866
Description
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
yarn
Package manager version
7.2.6
Language version
Node.js 20.15.0
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
We are experiencing an issue where Dependabot fails when checking for version updates. We are using Yarn and set the npmRegistryServer in the .yarnrc.yml file using an environment variable with a default value:
npmRegistryServer: ${CUSTOM_REGISTRY_SERVER_YARN:-https://registry.yarnpkg.com}In our repository, the environment variable CUSTOM_REGISTRY_SERVER_YARN is not set, so Dependabot should fall back to the default value https://registry.yarnpkg.com. However, the check fails with the following error message:
Dependabot encountered the following error:
bad URI(is notURI?): "https://registry.yarnpkg.com}/@types%2Fjquery"
It appears that the closing bracket "}" is mistakenly included in the URL, leading to an invalid registry URL. This suggests a potential bug in how Dependabot processes the variable substitution.
We are using Yarn version 4.2.7, which is also resolved by Dependabot according to the logs. When running yarn config get npmRegistryServer locally, we receive the correct URL: https://registry.yarnpkg.com. Therefore, we believe this is not a misconfiguration on our side but rather an issue within Dependabot.
Could you please investigate this behavior? Let us know if further details are required.
Expected Behavior:
Dependabot should correctly resolve the default registry URL without including the closing bracket "}" in the path.
Thank you!
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response