V2 task taking over an hour when using npm private registry. Log files are huge

[eli-gc]

Describe the bug
I recently migrated to the V2 task and it is timing out after my timeout limit (60 minutes). Using the V1 task only takes 3 minutes. It seems for every package, it prints out the entire contents of the yarn lock file. I'm not sure if the performance issues are related to that but the log file is huge, 134.2 MB.

Categorization

• This is not a permissions issue (Seek help at 403 error when Dependabot tries to create a pull request #1245)
  I don't think this is a permission issue because it looks to be authenticating.

Configurations
Pipeline:

    steps:
      - task: GoTool@0
        inputs:
          version: 1.23.0 
    
      - task: dependabot@2
        inputs:
          useConfigFile: true
          setAutoComplete: true
          mergeStrategy: '1'
          gitHubConnection: 'github.com_SabareeshGC'
          milestone: 12347
        env:
          NPM_TOKEN: $(System.AccessToken)

dependabot.yml

registries:
  npm-data-module:
    type: npm-registry
    url: https://pkgs.dev.azure.com/guidedchoice/_packaging/data-projections/npm/registry/
    token: ${{NPM_TOKEN}}
updates:
  - package-ecosystem: "npm"
    # Files stored in `app` directory
    directory: "/"
    schedule:
      interval: "daily"
    milestone: 12347
    target-branch: "dev"
    versioning-strategy: auto
    registries: 
      - npm-data-module

Logs and screenshots
Logs in the beginning of the run. I had to truncate the {"data"} section because it exceeded the character limit. I think this part is potentially causing my poor performance. It seems to be printing all of the yarn.lock or something.

==============================================================================
Task         : Dependabot
Description  : Automatically update dependencies and vulnerabilities in your code using [Dependabot CLI](https://github.com/dependabot/cli)
go: downloading github.com/opencontainers/image-spec v1.1.0
go: downloading github.com/moby/sys/user v0.1.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading github.com/distribution/reference v0.6.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0
go: downloading go.opentelemetry.io/otel/trace v1.27.0
go: downloading go.opentelemetry.io/otel v1.27.0
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.27.0
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading github.com/go-logr/logr v1.4.2

Processing job from '/tmp/dependabot-jobs/update-0-npm_and_yarn-all/job.yaml'
/root/go/bin/dependabot update --file /tmp/dependabot-jobs/update-0-npm_and_yarn-all/job.yaml --output /tmp/dependabot-jobs/update-0-npm_and_yarn-all/scenario.yaml --provider azure --local /mnt/data-disk/gcadmin/agent1/37/s
    cli | 2024/10/29 16:45:04 pulling image: ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:latest
    cli | 2024/10/29 16:45:05 using image ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy:latest at sha256:4f808dfd8f35a9fb1d8e557bea7a2b0f72d5b663f9a7446288292faa5e905042
    cli | 2024/10/29 16:45:05 pulling image: ghcr.io/dependabot/dependabot-updater-npm
    cli | 2024/10/29 16:45:26 using image ghcr.io/dependabot/dependabot-updater-npm at sha256:5fec5a1aaccb06d782f29d6ef7a286b36d787a4e9ff27244f36c0a513212c9a4
  proxy | 2024/10/29 16:45:35 proxy starting, commit: 41881abec5bb353fbea347b2394f90fb7f78881e
  proxy | 2024/10/29 16:45:35 Listening (:1080)
updater | Reinitialized existing Git repository in /home/dependabot/dependabot-updater/repo/.git/
updater | HEAD detached at origin/8476efca2ac5c8cbc4e82dd23ba2d76083bbb1c9
updater | nothing to commit, working tree clean
updater | Updating certificates in /etc/ssl/certs...
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
updater | Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | 2024/10/29 16:45:41 INFO <job_update_0_npm_and_yarn_all> Starting job processing
updater | 2024/10/29 16:45:41 INFO <job_update_0_npm_and_yarn_all> Job definition: {"job":{"package-manager":"npm_and_yarn","allowed-updates":[{"dependency-type":"all"}],"debug":false,"dependency-groups":[],"dependencies":null,"dependency-group-to-refresh":null,"existing-pull-requests":[],"existing-group-pull-requests":[],"experiments":null,"ignore-conditions":[],"lockfile-only":false,"requirements-update-strategy":null,"security-advisories":[],"security-updates-only":false,"source":{"provider":"azure","repo":"***/***/_git/***","directory":"/","branch":"dev","hostname":"***","api-endpoint":"https://***:/"},"update-subdependencies":true,"updating-a-pull-request":false,"vendor-dependencies":false,"reject-external-code":false,"repo-private":false,"commit-message-options":null,"credentials-metadata":[{"host":"***","type":"git_source"},{"host":"github.com","type":"git_source"},{"registry":"pkgs.***/***/_packaging/data-projections/npm/registry/","type":"npm_registry"}],"max-updater-run-time":0}}
updater | 2024/10/29 16:45:41 INFO <job_update_0_npm_and_yarn_all> Guessed version info "yarn" : "1"
updater | 2024/10/29 16:45:41 INFO <job_update_0_npm_and_yarn_all> Base commit SHA: 8476efca2ac5c8cbc4e82dd23ba2d76083bbb1c9
updater | 2024/10/29 16:45:41 INFO <job_update_0_npm_and_yarn_all> Finished job processing
updater | 2024/10/29 16:45:45 INFO <job_update_0_npm_and_yarn_all> Starting job processing
  proxy | 2024/10/29 16:45:46 [001] POST http://host.docker.internal:45033/update_jobs/update_0_npm_and_yarn_all/update_dependency_list
{"data":{"dependencies":[{"name":"@***/data-modules","requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.2.611","source":{"type":"registry","url":"https://pkgs.***/***/_packaging/data-projections/npm/registry"}}],"version":"0.2.611"},{"name":"@aesop-fables/containr","requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.5.3","source":{"type":"registry","url":"https://pkgs.***/***/_packaging/data-projections/npm/registry"}}],"version":"0.5.3"},{"name":"@aesop-fables/containr-axios","requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.3.6","source":{"type":"registry","url":"https://pkgs.***/***/_packaging/data-projections/npm/registry"}}],"version":"0.3.6"},{"name":"@aesop-fables/containr-react","requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.4.1","source":...,"dependency_files":["/package.json","/yarn.lock"]},"type":"update_dependency_list"}
  proxy | 2024/10/29 16:45:46 [001] 200 http://host.docker.internal:45033/update_jobs/update_0_npm_and_yarn_all/update_dependency_list
  proxy | 2024/10/29 16:45:46 [002] POST http://host.docker.internal:45033/update_jobs/update_0_npm_and_yarn_all/increment_metric
{"data":{"metric":"updater.started","tags":{"operation":"group_update_all_versions"}},"type":"increment_metric"}
  proxy | 2024/10/29 16:45:46 [002] 200 http://host.docker.internal:45033/update_jobs/update_0_npm_and_yarn_all/increment_metric
updater | 2024/10/29 16:45:46 INFO <job_update_0_npm_and_yarn_all> Starting update job for ***/***/_git/***```

[eli-gc]

By the way, this is an Azure Artifact feed and I am using Yarn Berry, v4.5.1, I also tried 3.8.6 with no avail.

[rhyskoedijk]

@eli-gc thanks for the report.
Are you able to upload a minimal reproduction repo for this? or attach a copy of your packages.json and yarn.lock so that we can reproduce the issue?

It seems for every package, it prints out the entire contents of the yarn lock file

I too wish this could be disabled as it does cause a lot of log noise, but unfortunately this is not configurable within Dependabot CLI, so it cannot be hidden currently. This was not so much of an issue in V1 because it did not use Dependabot CLI (which caused other issues).

it is hard to say if the volume of logs is the performance issue or the contents of your package/lock file is. If you are able to provide a copy, I will investigate further.

[eli-gc]

Let me check if I can post those. There is actually only 1 package that is hosted in our private Azure artifact feed, the rest are all public packages. If there is a way to only search the private feed for the one package and grab the others from public sources, maybe I could test that.

[rhyskoedijk]

Let me check if I can post those

If it helps, I really only need the dependencies section of your package.json and yarn.lock; This should be enough to reproduce the issue.

If there is a way to only search the private feed for the one package and grab the others from public sources, maybe I could test that.

There certainly is, but that is something you would need to configure in your project source files, not Dependabot. Here is an example of how this could be done:

In the same directory as your package.json, create a .npmrc file with:

registry=https://registry.npmjs.org/ # by default, fetch packages from the public feed
@myorg:registry=https://pkgs.dev.azure.com/myorg/_packaging/myfeed/npm/registry/ # for anything in the "myorg" namespace, fetch packages from my private feed

Then in your package.json you would do:

{
  "dependencies": {
    "@myorg/my-private-package": "~1.0",
    "node": "~22.0"
  }
}

When running yarn install, node would be fetched from the public feed, my-private-package would be fetched from your private feed. If you already have a yarn.lock, you'd need to delete/rebuild it for this to take effect.

[eli-gc]

I'll try those changes, thanks!

Here is the packages.json I am using, the only private package we use is the @3nickels/data-modules.

"dependencies": { "@3nickels/data-modules": "^0.2.610", "@aesop-fables/containr": "^0.6.1", "@aesop-fables/containr-axios": "^0.3.6", "@aesop-fables/containr-react": "^0.4.1", "@aesop-fables/scrinium": "^0.11.11", "@bwjohns4/react-native-draggable-flatlist": "^4.0.1-patch", "@expo/vector-icons": "^14.0.4", "@invertase/react-native-apple-authentication": "^2.4.0", "@notifee/react-native": "^9.1.2", "@react-native-async-storage/async-storage": "^1.24.0", "@react-native-clipboard/clipboard": "^1.14.2", "@react-native-community/datetimepicker": "^7.6.3", "@react-native-community/netinfo": "11.4.1", "@react-native-community/slider": "^4.5.4", "@react-native-firebase/app": "^21.2.0", "@react-native-firebase/messaging": "^21.2.0", "@react-native-google-signin/google-signin": "^13.1.0", "@react-navigation/bottom-tabs": "^6.6.1", "@react-navigation/drawer": "^6.7.2", "@react-navigation/native": "^6.1.18", "@react-navigation/stack": "^6.4.1", "@rneui/base": "^4.0.0-rc.8", "@rneui/themed": "^4.0.0-rc.8", "async-mutex": "^0.5.0", "axios": "^1.7.7", "axios-logger": "2.8.1", "axios-retry": "^4.5.0", "buffer": "^6.0.3", "dayjs": "^1.11.13", "events": "^3.3.0", "expo": "^51.0.37", "expo-font": "^12.0.10", "expo-image-loader": "~4.7.0", "expo-modules-core": "^1.12.25", "expo-secure-store": "^13.0.2", "final-form": "^4.20.10", "intl": "^1.2.5", "jail-monkey": "^2.8.0", "jetifier": "^2.0.0", "jwt-decode": "^3.1.2", "lodash": "^4.17.21", "moment": "^2.30.1", "obfuscator-io-metro-plugin": "^2.1.3", "prop-types": "^15.8.1", "query-string": "^7.1.3", "react": "18.3.1", "react-dom": "18.3.1", "react-error-boundary": "^4.1.2", "react-final-form": "^6.5.9", "react-moment": "^1.1.3", "react-native": "0.75.4", "react-native-actions-sheet": "^0.9.7", "react-native-bars": "^2.4.3", "react-native-biometrics": "^3.0.1", "react-native-blob-util": "0.19.11", "react-native-bootsplash": "^5.5.3", "react-native-cheerio": "^1.0.0-rc.4", "react-native-config": "^1.5.3", "react-native-confirmation-code-field": "^7.4.0", "react-native-device-info": "^10.14.0", "react-native-draggable-flatlist": "^4.0.1", "react-native-elements": "^3.4.3", "react-native-fs": "^2.20.0", "react-native-gesture-handler": "^2.20.1", "react-native-google-places-autocomplete": "2.5.6", "react-native-gradle-plugin": "^0.71.19", "react-native-iap": "^12.15.5", "react-native-image-picker": "^7.1.2", "react-native-in-app-review": "^4.3.3", "react-native-keyboard-aware-scroll-view": "^0.9.5", "react-native-linear-gradient": "^2.8.3", "react-native-mmkv": "^2.12.2", "react-native-notifications": "^5.1.0", "react-native-orientation-locker": "^1.7.0", "react-native-paper": "^5.12.5", "react-native-pdf": "6.7.5", "react-native-permissions": "^4.1.5", "react-native-plaid-link-sdk": "11.8.2", "react-native-reanimated": "^3.16.1", "react-native-restart": "^0.0.27", "react-native-safe-area-context": "4.11.1", "react-native-screens": "^3.34.0", "react-native-share": "10.2.1", "react-native-svg": "15.8.0", "react-native-svg-transformer": "^1.5.0", "react-native-toast-message": "^2.2.1", "react-native-typewriter": "^0.7.0", "react-native-vector-icons": "^10.2.0", "react-native-video": "^6.7.0", "react-native-webview": "13.12.3", "react-native-windows": "^0.75.6", "reflect-metadata": "^0.2.2", "rxjs": "7.8.1", "victory-native": "^36.9.2", "yup": "^1.4.0" }, "devDependencies": { "@babel/core": "^7.25.8", "@babel/plugin-proposal-decorators": "^7.25.7", "@babel/preset-env": "^7.25.8", "@babel/runtime": "^7.25.9", "@jeremybarbet/apple-api-types": "^1.4.1", "@react-native/babel-preset": "0.75.4", "@react-native/eslint-config": "0.75.4", "@react-native/metro-config": "0.75.4", "@react-native/typescript-config": "0.75.4", "@types/color": "^3.0.6", "@types/jest": "^29.5.13", "@types/jwt-encode": "^1.0.3", "@types/lodash": "^4.17.12", "@types/react": "~18.3.11", "@types/react-dom": "~18.3.1", "@types/react-native-typewriter": "^0.7.4", "@types/react-native-video": "^5.0.20", "@typescript-eslint/eslint-plugin": "^7.18.0", "@typescript-eslint/parser": "^7.18.0", "babel-jest": "^29.7.0", "babel-plugin-transform-remove-console": "^6.9.4", "eslint": "^8.57.1", "eslint-config-prettier": "^8.10.0", "eslint-plugin-ft-flow": "^2.0.3", "eslint-plugin-prettier": "^4.2.1", "eslint-plugin-react": "^7.37.1", "husky": "^8.0.3", "jest": "29.7.0", "jest-mock-extended": "^3.0.7", "jwt-encode": "^1.0.1", "lint-staged": "^13.3.0", "patch-package": "^7.0.2", "prettier": "^2.8.8", "react-native-codegen": "^0.71.6", "react-test-renderer": "18.3.1", "ts-jest": "29.2.5", "typescript": "~5.3.3" }, "resolutions": { "@react-native/assets-registry": "0.74.83", "@react-native/gradle-plugin": "0.75.4" }, "engines": { "node": ">=18" }, "private": true, "lint-staged": { "*.{js,jsx,json,ts,tsx,md,html,css}": [ "prettier --write", "yarn lint" ] }, "name": "nickels", "version": "1.22.19", "packageManager": "[email protected]"
`

[eli-gc]

Here is the yarn.lock file.
yarn.lock.zip

[eli-gc]

After looking at the logs again, it seems like it is just repeating itself. I can see GET to the same package multiple times. Don't really see any errors in the logs though so I'm not sure why it is retrying.

[epicstar]

I am getting the same yarn looping behavior.... I want to move to v2 because I also fetch nuget dependencies from ADO Artifacts.....

I guess the good news is that once the 60 minute timeout of the pipeline kicked in, PRs were created. I do wonder why the yarn dependabot logic is running too much though.

[eli-gc]

Oh interesting, I don't even get PRs created.

[epicstar]

registries:
  npm-data-module:
    type: npm-registry
    url: https://pkgs.dev.azure.com/guidedchoice/_packaging/data-projections/npm/registry/
    token: ${{NPM_TOKEN}}

I wager your problem is on the token.

It might need to be:

[...]
    token: ${{ORGANIZATION}}:${{NPM_TOKEN}}

Looks like your organization is guidedchoice.

But note this doesn't solve the looping behavior which the original issue is about.

[eli-gc]

@epicstar the README says to use PAT:${{ NPM_TOKEN }} for access tokens. I tried that to no avail.

  # Artifactory private feed using PAT
  artifactory:
    type: nuget-feed
    url: https://artifactory.com/api/nuget/v3/myfeed
    token: PAT:${{ MY_DEPENDABOT_ARTIFACTORY_PAT }}

[epicstar]

Yes, that works for nuget feeds, but the README isn't explicit about how to authenticate on Azure NPM feeds since the authentication isn't merely PAT Token based on the NPM feeds.

And for more info: yarnpkg/berry#316 (comment)

I understand that these are instructions on yarn berry's .yarnrc.yml and not dependabot. I could be wrong.

[eli-gc]

I actually do have that in my .yarnrc.yml, but maybe I need to put it in my dependabot config as well. I'll give that a try. Thanks for the suggestion.

[eli-gc]

Tried it but didn't seem to make a difference. Still just takes forever and times out after an hour.

[epicstar]

Yup, mine ran today and I got the same issue... This time no PRs made.

[epicstar]

bad_dependabot_logs.txt

For people interested in my log file...

[rhyskoedijk]

Just an update on this, I haven't managed to reproduce the issue yet, but do want to mention that there are known issues reported in dependabot-core around NPM updates stalling and causing timeouts that you might want to contribute to if you believe they are related. See:

• Dependabot keeps timing out dependabot/dependabot-core#10309
• PNPM dependabot timeout dependabot/dependabot-core#8008

This issue is still on my radar to look in to, but there is no obvious or straight forward fix, so progress is slow.
I do plan on reducing the verbosity of the logs for non-debug builds, but I am very confident that the size of the logs is not the root cause of the issue or the reason why it takes so long. For context, I have projects that generate logs of around 300K lines (50mb+) and they complete well under 1 hour, so I assume this is an issue within the NPM updater, not the logging mechenism.

[epicstar]

Seems like it is indeed a dependabot/dependabot-core issue and maybe not your side., From the comments, it's related to mixing dependabot groups (which I want to use) and a monorepo. THanks for looking into the issue @rhyskoedijk.

[epicstar]

I was wondering if it is possible to extend the timeout to over 60 minutes? I tried in my pipeline yaml, and dependabot is still timing out at 60 minutes.

steps:
- task: dependabot@2
  timeoutInMinutes: 180
  inputs:
    abandonUnwantedPullRequests: false
    setAutoComplete: true
    githubConnection: blah
    azureDevopsAccessToken: $(DEVOPS_PAT)
  env:
    AZURE_ARTIFACTS_PAT: $(DEVOPS_PAT)

There's nothing in the documentation that suggests that can change the timeout on the .github/dependabot,yml side: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-timed-out-during-its-update

[rhyskoedijk]

@epicstar Dependabot does not have a timeout, the pipeline does. You need to configure the timeout on the pipeline, there are some limitations if you are not using paid agents.

See: https://learn.microsoft.com/en-us/azure/devops/pipelines/process/phases?view=azure-devops&tabs=yaml#timeouts

      jobs:
      - job: dependabot
        displayName: Dependabot
        timeoutInMinutes: 180 # max 3 hours
        steps:
           # ...snip...

[epicstar]

Ok thank you that explains why my timeout isn't working. I should research the pipeline args and caveats more. I apologize.

[eli-gc]

I tested with 1.39 and it still seems to be printing the whole yarn.lock. Seems to be less lines but the file size of the log is about the same as before. I am still getting timeout after an hour.

[rhyskoedijk]

@eli-gc unfortunately I'm not sure if the timeout issue can be resolved in the scope of this project; My understanding is that this is an issue in dependabot-core. See:

• Dependabot keeps timing out dependabot/dependabot-core#10309
• PNPM dependabot timeout dependabot/dependabot-core#8008

If you believe your issue is not the same as these and you are able to upload or send me a copy of your task logs, I will investigate further to see if there are any issues in the scope of this project.

[epicstar]

From #1518, I have supplied a minimum repo that reproduces this exact issue on Azure DevOps by running over 60 minutes. The same exact code in Github runs in less than 16 minutes.

[rhyskoedijk]

@epicstar thanks, I will investigate further and see what is different between the two environments

[epicstar]

I'll get you logs ASAP. It's been 2 hours and the dependabot job is still running ☠️

[epicstar]

Same logs posted from #1518 are here.

Github Dependabot seems to only hone in on the dependencies declared in the monorepo, while this version seems to hone in on the dependencies from the whole yarn.lock multiple times. In addition, Dependabot in Azure DevOps ran for 3 hours before timing out (I probably should've put it on 6 hours in retrospect).

[eli-gc]

I removed the private registry and it is still timing out so seems to be unrelated to that. Works fine on github.

[eli-gc]

Tried it with the latest version. 2.40.1110 without private registry. It seems like it gets stuck when trying to submit a PR. I truncated the logs below and attached the full version.
dependabot_logs_20241231.txt

updater | 2024/12/31 20:03:09 INFO <job_update_0_npm_and_yarn_all> Checking all dependencies for version updates...
updater | 2024/12/31 20:03:10 INFO <job_update_0_npm_and_yarn_all> Checking if @aesop-fables/containr 0.6.1 needs updating
updater | 2024/12/31 20:03:11 INFO <job_update_0_npm_and_yarn_all> Latest version is 0.6.2
updater | 2024/12/31 20:03:17 INFO <job_update_0_npm_and_yarn_all> Requirements to unlock own
updater | 2024/12/31 20:03:17 INFO <job_update_0_npm_and_yarn_all> Requirements update strategy bump_versions
updater | 2024/12/31 20:03:17 INFO <job_update_0_npm_and_yarn_all> Updating @aesop-fables/containr from 0.6.1 to 0.6.2
updater | 2024/12/31 20:03:22 INFO <job_update_0_npm_and_yarn_all> Submitting @aesop-fables/containr pull request for creation
{"data":{"base-commit-sha":"b9b75801450836032248f3e087f64f1420a347f9","dependencies":[{"name":"@aesop-fables/containr","previous-requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.6.1","source":null}],"previous-version":"0.6.1","requirements":[{"file":"package.json","groups":["dependencies"],"requirement":"^0.6.2","source":null}],"version":"0.6.2","directory":"/"}],"updated-dependency-files":[{"content":"{\n  \"scripts\": {\n    \"build\": \"tsc --p ./tsconfig.json\",\n    \"start\": \"react-native start\",\n    \"restart\": \"rm -rf node_modules/.cache \u0026\u0026 yarn ios\",\n    \"clear\": \"rm -rf node_modules/.cache\",\n    \"debug\": \"rm -rf node_modules/.cache \u0026\u0026 npx react-native start --experimental-debugger\",\n    \"android\": \"react-native run-android\",\n    \"ios\": \"react-native run-ios --simulator \\\"iPhone 16\\\"\",\n    \"ios14\": \"react-native run-ios --simulator \\\"iPhone 14\\\"\",\n    \"ios15\": \"react-native run-ios --simulator \\\"iPhone 15\\\"\",\n    \"iosSE\": \"react-native run-ios --simulator \\\"iPhone SE (3rd generation)\\\"\",\n    \"ipadPro13\": \"yarn react-native run-ios --simulator \\\"iPad Pro 13-inch (M4)\\\"\",\n    \"ipadPro11\": \"yarn react-native run-ios --simulator \\\"iPad Pro 11-inch (M4)\\\"\",\n    \"ipad10\": \"yarn react-native run-ios --simulator \\\"iPad (10th generation)\\\"\",\n    \"ipadMini\": \"yarn react-native run-ios --simulator \\\"iPad mini (6th generation)\\\"\",\n    \"lint\": \"eslint '*/**/*.{js,ts,tsx}' --fix --max-warnings 0\",\n    \"test\": \"jest --verbose=false --runInBand --useStderr\",\n    \"test:watch\": \"jest --watch --verbose=true --runInBand --useStderr\",\n    \"fix-build\": \"cmd1 \u0026\u0026 cmd2\",\n    ...
[dependabot_logs_20241231.txt](https://github.com/user-attachments/files/18283541/dependabot_logs_20241231.txt)
fdd3a9fdf176571404abf22af3af330e89227c3cb2e7092d61d0c6dfc8dd688648025346303585a03db51aa466efef5ebb8bdf14dbe630ccdedd5d0aa00741ab\n  languageName: node\n  linkType: hard\n\n\"zod@npm:^3.22.4\":\n  version: 3.23.8\n  resolution: \"zod@npm:3.23.8\"\n  checksum: 10/846fd73e1af0def79c19d510ea9e4a795544a67d5b34b7e1c4d0425bf6bfd1c719446d94cdfa1721c1987d891321d61f779e8236fde517dc0e524aa851a6eff1\n  languageName: node\n  linkType: hard\n","content_encoding":"utf-8","deleted":false,"directory":"/","name":"yarn.lock","operation":"update","support_file":false,"type":"file","mode":""}],"pr-title":"Bump @aesop-fables/containr from 0.6.1 to 0.6.2","pr-body":"Bumps @aesop-fables/containr from 0.6.1 to 0.6.2.\n","commit-message":"Bump @aesop-fables/containr from 0.6.1 to 0.6.2\n\nBumps @aesop-fables/containr from 0.6.1 to 0.6.2.","dependency-group":null},"type":"create_pull_request"}