BUG: Parsing error for yarn.lock (angular/angular)

[DarkaMaul]

Describe the bug

Parsing error in yarn.lock.

Reproduction steps
Steps to reproduce the behavior:

1. scorecard --repo=github.com/angular/angular --checks=Vulnerabilities

$ scorecard --repo=github.com/angular/angular --checks=Vulnerabilities
Starting [Vulnerabilities]
Failed to determine version of domino while parsing a yarn.lock - please report this!

Expected behavior

The check was successful .

Additional context

scorecard version
GitVersion:    4.13.1
GitCommit:     49c0eed3a423f00c872b5c3c9f1bbca9e8aae799
GitTreeState:  clean
BuildDate:     2023-10-20T21:13:08Z
GoVersion:     go1.21.3
Compiler:      gc
Platform:      darwin/arm64

[spencerschrock]

This is actually a problem in osv-scanner. The error message is coming from that application/library.

It was reported and fixed upstream in v1.4.2 of the library. Which Scorecard upgraded to in #3608. Unfortunately this was right after our v4.13.1 release, but it's been fixed at HEAD.

[spencerschrock]

Note: for the most part this is minor impact. domino gets skipped over when querying for vulns, but at least all the other packages get properly analyzed.