diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb index cf318dabdb..e6c8b226f0 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb @@ -205,7 +205,19 @@ def run_npm8_top_level_updater(top_level_dependencies:) "--ignore-scripts", "--package-lock-only" ].join(" ") - SharedHelpers.run_shell_command(command) + + fingerprint = [ + "npm", + "install", + "", + "--force", + "--dry-run", + "false", + "--ignore-scripts", + "--package-lock-only" + ].join(" ") + + SharedHelpers.run_shell_command(command, fingerprint: fingerprint) { lockfile_basename => File.read(lockfile_basename) } end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb index dc46a5356f..9374bb0883 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb @@ -149,16 +149,18 @@ def run_yarn_berry_top_level_updater(top_level_dependency_updates:, yarn_lock:) # lockfile in the right state. Otherwise we'll need to manually update # the lockfile. - command = if top_level_dependency_updates.all? { |dep| requirements_changed?(dep[:name]) } - "yarn install #{Helpers.yarn_berry_args}".strip - else - updates = top_level_dependency_updates.collect do |dep| - dep[:name] - end - - "yarn up -R #{updates.join(' ')} #{Helpers.yarn_berry_args}".strip - end - Helpers.run_yarn_commands(command) + if top_level_dependency_updates.all? { |dep| requirements_changed?(dep[:name]) } + Helpers.run_yarn_command("yarn install #{yarn_berry_args}".strip) + else + updates = top_level_dependency_updates.collect do |dep| + dep[:name] + end + + Helpers.run_yarn_command( + "yarn up -R #{updates.join(' ')} #{yarn_berry_args}".strip, + fingerprint: "yarn up -R #{yarn_berry_args}".strip + ) + end { yarn_lock.name => File.read(yarn_lock.name) } end @@ -171,14 +173,20 @@ def run_yarn_berry_subdependency_updater(yarn_lock:) dep = sub_dependencies.first update = "#{dep.name}@#{dep.version}" - Helpers.run_yarn_commands( - "yarn add #{update} #{Helpers.yarn_berry_args}".strip, - "yarn dedupe #{dep.name} #{Helpers.yarn_berry_args}".strip, - "yarn remove #{dep.name} #{Helpers.yarn_berry_args}".strip - ) + commands = [ + ["yarn add #{update} #{yarn_berry_args}".strip, "yarn add #{yarn_berry_args}".strip], + ["yarn dedupe #{dep.name} #{yarn_berry_args}".strip, "yarn dedupe #{yarn_berry_args}".strip], + ["yarn remove #{dep.name} #{yarn_berry_args}".strip, "yarn remove #{yarn_berry_args}".strip] + ] + + Helpers.run_yarn_commands(*commands) { yarn_lock.name => File.read(yarn_lock.name) } end + def yarn_berry_args + Helpers.yarn_berry_args + end + def run_yarn_top_level_updater(top_level_dependency_updates:) SharedHelpers.run_helper_subprocess( command: NativeHelpers.helper_path, diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb index 64ad5bb348..3a52d4fdb0 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb @@ -85,13 +85,13 @@ def self.setup_yarn_berry # contain malicious code. def self.run_yarn_commands(*commands) setup_yarn_berry - commands.each { |cmd| SharedHelpers.run_shell_command(cmd) } + commands.each { |cmd, fingerprint| SharedHelpers.run_shell_command(cmd, fingerprint: fingerprint) } end # Run a single yarn command returning stdout/stderr - def self.run_yarn_command(command) + def self.run_yarn_command(command, fingerprint: nil) setup_yarn_berry - SharedHelpers.run_shell_command(command) + SharedHelpers.run_shell_command(command, fingerprint: fingerprint) end def self.dependencies_with_all_versions_metadata(dependency_set) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb index 1a4a9f8cd5..fd520536e1 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb @@ -116,8 +116,9 @@ def run_yarn_updater(path, lockfile_name) def run_yarn_berry_updater(path, lockfile_name) SharedHelpers.with_git_configured(credentials: credentials) do Dir.chdir(path) do - Helpers.run_yarn_commands( - "yarn up -R #{dependency.name} #{Helpers.yarn_berry_args}".strip + Helpers.run_yarn_command( + "yarn up -R #{dependency.name} #{Helpers.yarn_berry_args}".strip, + fingerprint: "yarn up -R #{Helpers.yarn_berry_args}".strip ) { lockfile_name => File.read(lockfile_name) } end diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index 4baec1af3b..52a620a67e 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -100,7 +100,7 @@ def fetch_latest_resolvable_version_string(requirement:) end # Shell out to Poetry, which handles everything for us. - run_poetry_command(poetry_update_command) + run_poetry_update_command updated_lockfile = if File.exist?("poetry.lock") then File.read("poetry.lock") @@ -163,8 +163,11 @@ def handle_poetry_errors(error) # Using `--lock` avoids doing an install. # Using `--no-interaction` avoids asking for passwords. - def poetry_update_command - "pyenv exec poetry update #{dependency.name} --lock --no-interaction" + def run_poetry_update_command + run_poetry_command( + "pyenv exec poetry update #{dependency.name} --lock --no-interaction", + fingerprint: "pyenv exec poetry update --lock --no-interaction" + ) end def check_original_requirements_resolvable @@ -174,7 +177,7 @@ def check_original_requirements_resolvable SharedHelpers.with_git_configured(credentials: credentials) do write_temporary_dependency_files(update_pyproject: false) - run_poetry_command(poetry_update_command) + run_poetry_update_command @original_reqs_resolvable = true rescue SharedHelpers::HelperSubprocessFailed => e @@ -331,7 +334,7 @@ def lockfile poetry_lock || pyproject_lock end - def run_poetry_command(command) + def run_poetry_command(command, fingerprint: nil) start = Time.now command = SharedHelpers.escape_command(command) stdout, process = Open3.capture2e(command) @@ -345,6 +348,7 @@ def run_poetry_command(command) message: stdout, error_context: { command: command, + fingerprint: fingerprint, time_taken: time_taken, process_exit_value: process.to_s }