Merge pull request #5875 from dependabot/mctofu/npm-flake-fix

[npm] Randomize advisory id to avoid cache collisions across tests
dependabot · Oct 12, 2022 · 7b19233 · 7b19233
2 parents 42c1413 + 352fe7f
commit 7b19233
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js b/npm_and_yarn/helpers/lib/npm/vulnerability-auditor.js
@@ -139,19 +139,14 @@ async function findVulnerableDependencies(directory, advisories) {
 }
 
 function convertAdvisoriesToRegistryBulkFormat(advisories) {
-  // npm audit differentiates advisories by `id`. In order to prevent
-  // advisories from being clobbered, we maintain a counter so that each
-  // advisory gets a unique `id`.
-  let nextAdvisoryId = 1
-
   return advisories.reduce((formattedAdvisories, advisory) => {
     if (!formattedAdvisories[advisory.dependency_name]) {
       formattedAdvisories[advisory.dependency_name] = []
     }
     let formattedVersions =
       advisory.affected_versions.reduce((memo, version) => {
         memo.push({
-          id: nextAdvisoryId++,
+          id: Math.floor(Math.random() * Number.MAX_SAFE_INTEGER),
           vulnerable_versions: version
         })
         return memo