lockFileMaintenance and a packageRule with matchCurrentVersion cause Renovate crash

[rarkins]

Discussed in #24958

^{Originally posted by Badbond October 2, 2023}

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us what version of Renovate you run.

35.152.0

If you're self-hosting Renovate, select which platform you are using.

github.com

Was this something which used to work for you, and then stopped?

It used to work, and then stopped

Describe the problem

When trying to upgrade Renovate from 35.141.3 to 35.159.7 (slim) in our self-hosted solution, we noticed that Renovate crashed in certain repositories with specific Renovate configuration. We were able to isolate the issue to release 35.152.0.

When combining lockFileMaintenance.enabled: true together with a packageRule that uses matchCurrentVersion, the versioning in here is null, which is invalid input for the Zod library here. The logs attached show the error that is thrown.

https://github.com/Badbond/renovate-reproduction-case-lockfile-maintenance shows a minimal reproduction case that shows this behavior.

This issue is still apparent in 37.3.0 (latest at the time of testing). The issue is also apparent with the Mend Renovate GitHub App. In fact, the logs attached are those of the GitHub app run against the reproduction repository.

It furthermore seems a simple null to '' conversion of versioning inside modules/versioning/index.ts fixes it, which seems to be in line with the intentions of the default for this argument. If you agree on this issue, would you like me to open a PR for this?

Relevant debug logs

Logs

DEBUG: branchifyUpgrades
ERROR: Repository has unknown error
{
  "err": {
    "message": "Schema error",
    "stack": "ZodError: Schema error\n    at Object.get error [as error] (/opt/containerbase/tools/renovate/37.0.3/node_modules/zod/lib/types.js:43:31)\n    at Object.get (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/modules/versioning/index.ts:23:25)\n    at CurrentVersionMatcher.matches (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/util/package-rules/current-version.ts:23:35)\n    at matcherOR (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/util/package-rules/utils.ts:19:27)\n    at matchesRule (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/util/package-rules/index.ts:17:30)\n    at applyPackageRules (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/util/package-rules/index.ts:74:9)\n    at flattenUpdates (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/repository/updates/flatten.ts:146:43)\n    at processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at branchifyUpgrades (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/repository/updates/branchify.ts:21:19)\n    at lookup (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/repository/process/extract-update.ts:195:36)\n    at extractDependencies (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/repository/process/index.ts:161:11)\n    at Object.renovateRepository (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/repository/index.ts:62:9)\n    at attributes.repository (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/global/index.ts:184:11)\n    at start (/opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/workers/global/index.ts:169:7)\n    at /opt/containerbase/tools/renovate/37.0.3/node_modules/renovate/lib/renovate.ts:18:22",
    "issues": "Expected string, received null"
  }
}

Have you created a minimal reproduction repository?

I have linked to a minimal reproduction in the description above

[rarkins]

Reproduction forked to https://github.com/renovate-reproductions/24958

[renovate-release]

🎉 This issue has been resolved in version 37.3.3 🎉

The release is available on:

• GitHub release
• 37.3.3

Your semantic-release bot 📦🚀