Regression added to bun --ignore scripts changes#14641
Open
thavaahariharangit wants to merge 6 commits intomainfrom
Open
Regression added to bun --ignore scripts changes#14641thavaahariharangit wants to merge 6 commits intomainfrom
--ignore scripts changes#14641thavaahariharangit wants to merge 6 commits intomainfrom
Conversation
Skip lifecycle scripts (postinstall, prepare, etc.) when running bun for lockfile updates, matching npm/yarn behavior in dependabot-core. Avoids failures from packages that download binaries or run env-specific scripts (e.g. redis-memory-server postinstall failing with empty Content-Length). Lockfile content is unchanged; only script execution is disabled for security and reliability. Looking to add after seeing failures related to `redis-memory-server` in a private projects dependabot runs.
thavaahariharangit
force-pushed
the
harry/regression-bun-ignore-scripts
branch
from
649cfc3 to
8f73130
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds the missing RSpec coverage for the Bun regression fix that ensures lifecycle scripts are not executed during lockfile updates (by passing --ignore-scripts to Bun install commands), aligning with the behavior introduced in PR #14373.
Changes:
- Adds a spec asserting Bun install commands include
--ignore-scriptsduring lockfile-only updates. - Verifies the expected
fingerprintis passed for the dependency-updating install invocation.
Show a summary per file
| File | Description |
|---|---|
| bun/spec/dependabot/bun/file_updater_spec.rb | Adds an expectation that Dependabot::Bun::Helpers.run_bun_command is invoked with --ignore-scripts for both the targeted install and the final install. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 0
thavaahariharangit
changed the title
--ignore scripts changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
As per the customer request I have reviewed and merged this PR: #14373
As it is missing rspec change I am adding this changes here.
Anything you want to highlight for special attention from reviewers?
How will you know you've accomplished your goal?
All CI passes.
Checklist