Randomize advisory id to avoid cache collisions across tests

This fixes test failures seen when the tests are run in a particular order. Details of the advisories are being cached in the npm cache and shared across test runs which could lead to faulty analysis of vulnerabilities in the tests because we used the same advisory ids in each evaluation.
dependabot · Oct 12, 2022 · 352fe7f · 352fe7f
1 parent 42c1413
commit 352fe7f
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js
@@ -139,19 +139,14 @@ async function findVulnerableDependencies(directory, advisories) {
 }
 
 function convertAdvisoriesToRegistryBulkFormat(advisories) {
-  // npm audit differentiates advisories by `id`. In order to prevent
-  // advisories from being clobbered, we maintain a counter so that each
-  // advisory gets a unique `id`.
-  let nextAdvisoryId = 1
-
   return advisories.reduce((formattedAdvisories, advisory) => {
     if (!formattedAdvisories[advisory.dependency_name]) {
       formattedAdvisories[advisory.dependency_name] = []
     }
     let formattedVersions =
       advisory.affected_versions.reduce((memo, version) => {
         memo.push({
-          id: nextAdvisoryId++,
+          id: Math.floor(Math.random() * Number.MAX_SAFE_INTEGER),
           vulnerable_versions: version
         })
         return memo