Revert "Merge pull request dependabot#6277 from dependabot/deivid-rod…

…riguez/stacktrace-is-what-groups"

This reverts commit 05f2c7c, reversing
changes made to 5a4f085.

cargo/lib/dependabot/cargo/file_updater/lockfile_updater.rb

@@ -32,7 +32,7 @@ def updated_lockfile_content
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              run_shell_command("cargo update -p #{dependency_spec}")
+              run_shell_command("cargo update -p #{dependency_spec}", fingerprint: "cargo update -p <dependency_spec>")
             end
 
             updated_lockfile = File.read("Cargo.lock")
@@ -135,7 +135,7 @@ def desired_lockfile_content
           %(name = "#{dependency.name}"\nversion = "#{dependency.version}")
         end
 
-        def run_shell_command(command)
+        def run_shell_command(command, fingerprint:)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -149,6 +149,7 @@ def run_shell_command(command)
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }

cargo/lib/dependabot/cargo/update_checker/version_resolver.rb

@@ -134,11 +134,12 @@ def dependency_spec
         # so without doing an install (so it's fast).
         def run_cargo_update_command
           run_cargo_command(
-            "cargo update -p #{dependency_spec} --verbose"
+            "cargo update -p #{dependency_spec} --verbose",
+            fingerprint: "cargo update -p <dependency_spec> --verbose"
           )
         end
 
-        def run_cargo_command(command)
+        def run_cargo_command(command, fingerprint: nil)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -152,6 +153,7 @@ def run_cargo_command(command)
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }

common/lib/dependabot/file_updaters/vendor_updater.rb

@@ -23,7 +23,8 @@ def updated_vendor_cache_files(base_directory:)
           # rubocop:enable Performance/DeletePrefix
 
           status = SharedHelpers.run_shell_command(
-            "git status --untracked-files all --porcelain v1 #{relative_dir}"
+            "git status --untracked-files all --porcelain v1 #{relative_dir}",
+            fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
           )
           changed_paths = status.split("\n").map(&:split)
           changed_paths.map do |type, path|

common/lib/dependabot/shared_helpers.rb

@@ -59,11 +59,12 @@ def initialize(message:, error_context:, error_class: nil, trace: nil)
         super(message)
         @error_class = error_class || ""
         @error_context = error_context
+        @fingerprint = error_context[:fingerprint] || error_context[:command]
         @trace = trace
       end
 
       def raven_context
-        { extra: @error_context.except(:stderr_output) }
+        { fingerprint: [@fingerprint], extra: @error_context.except(:stderr_output, :fingerprint) }
       end
     end
 
@@ -189,7 +190,8 @@ def self.configure_git_to_use_https_with_credentials(credentials, safe_directori
       run_shell_command(
         "git config --global credential.helper " \
         "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
-        allow_unsafe_shell_command: true
+        allow_unsafe_shell_command: true,
+        fingerprint: "git config --global credential.helper '<helper_command>'"
       )
 
       # see https://github.blog/2022-04-12-git-security-vulnerability-announced/
@@ -294,7 +296,7 @@ def self.reset_global_git_config(backup_path)
       FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
     end
 
-    def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
+    def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {}, fingerprint: nil)
       start = Time.now
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
       stdout, process = Open3.capture2e(env || {}, cmd)
@@ -306,6 +308,7 @@ def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
 
       error_context = {
         command: cmd,
+        fingerprint: fingerprint,
         time_taken: time_taken,
         process_exit_value: process.to_s
       }

github_actions/lib/dependabot/github_actions/update_checker.rb

@@ -252,7 +252,8 @@ def shortened_semver_eq?(base, other)
 
       def find_container_branch(sha)
         branches_including_ref = SharedHelpers.run_shell_command(
-          "git branch --remotes --contains #{sha}"
+          "git branch --remotes --contains #{sha}",
+          fingerprint: "git branch --remotes --contains <sha>"
         ).split("\n").map { |branch| branch.strip.gsub("origin/", "") }
 
         current_branch = branches_including_ref.find { |branch| branch.start_with?("HEAD -> ") }

npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -206,7 +206,18 @@ def run_npm8_top_level_updater(top_level_dependencies:)
             "--package-lock-only"
           ].join(" ")
 
-          SharedHelpers.run_shell_command(command)
+          fingerprint = [
+            "npm",
+            "install",
+            "<install_args>",
+            "--force",
+            "--dry-run",
+            "false",
+            "--ignore-scripts",
+            "--package-lock-only"
+          ].join(" ")
+
+          SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
           { lockfile_basename => File.read(lockfile_basename) }
         end
 

npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb

@@ -157,7 +157,8 @@ def run_yarn_berry_top_level_updater(top_level_dependency_updates:, yarn_lock:)
             end
 
             Helpers.run_yarn_command(
-              "yarn up -R #{updates.join(' ')} #{yarn_berry_args}".strip
+              "yarn up -R #{updates.join(' ')} #{yarn_berry_args}".strip,
+              fingerprint: "yarn up -R <dependency_names> #{yarn_berry_args}".strip
             )
           end
           { yarn_lock.name => File.read(yarn_lock.name) }
@@ -173,9 +174,9 @@ def run_yarn_berry_subdependency_updater(yarn_lock:)
           update = "#{dep.name}@#{dep.version}"
 
           commands = [
-            "yarn add #{update} #{yarn_berry_args}".strip,
-            "yarn dedupe #{dep.name} #{yarn_berry_args}".strip,
-            "yarn remove #{dep.name} #{yarn_berry_args}".strip
+            ["yarn add #{update} #{yarn_berry_args}".strip, "yarn add <update> #{yarn_berry_args}".strip],
+            ["yarn dedupe #{dep.name} #{yarn_berry_args}".strip, "yarn dedupe <dep_name> #{yarn_berry_args}".strip],
+            ["yarn remove #{dep.name} #{yarn_berry_args}".strip, "yarn remove <dep_name> #{yarn_berry_args}".strip]
           ]
 
           Helpers.run_yarn_commands(*commands)

npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb

@@ -85,13 +85,13 @@ def self.setup_yarn_berry
       # contain malicious code.
       def self.run_yarn_commands(*commands)
         setup_yarn_berry
-        commands.each { |cmd| SharedHelpers.run_shell_command(cmd) }
+        commands.each { |cmd, fingerprint| SharedHelpers.run_shell_command(cmd, fingerprint: fingerprint) }
       end
 
       # Run a single yarn command returning stdout/stderr
-      def self.run_yarn_command(command)
+      def self.run_yarn_command(command, fingerprint: nil)
         setup_yarn_berry
-        SharedHelpers.run_shell_command(command)
+        SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
       end
 
       def self.dependencies_with_all_versions_metadata(dependency_set)

npm_and_yarn/lib/dependabot/npm_and_yarn/native_helpers.rb

@@ -32,7 +32,18 @@ def self.run_npm8_subdependency_update_command(dependency_names)
           "--package-lock-only"
         ].join(" ")
 
-        SharedHelpers.run_shell_command(command)
+        fingerprint = [
+          "npm",
+          "update",
+          "<dependency_names>",
+          "--force",
+          "--dry-run",
+          "false",
+          "--ignore-scripts",
+          "--package-lock-only"
+        ].join(" ")
+
+        SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
       end
     end
   end

npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb

@@ -117,7 +117,8 @@ def run_yarn_berry_updater(path, lockfile_name)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
               Helpers.run_yarn_command(
-                "yarn up -R #{dependency.name} #{Helpers.yarn_berry_args}".strip
+                "yarn up -R #{dependency.name} #{Helpers.yarn_berry_args}".strip,
+                fingerprint: "yarn up -R <dependency_name> #{Helpers.yarn_berry_args}".strip
               )
               { lockfile_name => File.read(lockfile_name) }
             end

python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb

@@ -72,17 +72,24 @@ def compile_new_requirement_files
               # Shell out to pip-compile, generate a new set of requirements.
               # This is slow, as pip-compile needs to do installs.
               options = pip_compile_options(filename)
+              options_fingerprint = pip_compile_options_fingerprint(options)
 
               name_part = "pyenv exec pip-compile " \
                           "#{options} -P " \
                           "#{dependency.name}"
+              fingerprint_name_part = "pyenv exec pip-compile " \
+                                      "#{options_fingerprint} -P " \
+                                      "<dependency_name>"
+
               version_part = "#{dependency.version} #{filename}"
+              fingerprint_version_part = "<dependency_version> <filename>"
 
               # Don't escape pyenv `dep-name==version` syntax
               run_pip_compile_command(
                 "#{SharedHelpers.escape_command(name_part)}==" \
                 "#{SharedHelpers.escape_command(version_part)}",
-                allow_unsafe_shell_command: true
+                allow_unsafe_shell_command: true,
+                fingerprint: "#{fingerprint_name_part}==#{fingerprint_version_part}"
               )
             end
 
@@ -140,7 +147,7 @@ def update_uncompiled_files(updated_files)
           ).updated_dependency_files
         end
 
-        def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
+        def run_command(cmd, env: python_env, allow_unsafe_shell_command: false, fingerprint:)
           start = Time.now
           command = if allow_unsafe_shell_command
                       cmd
@@ -160,20 +167,23 @@ def run_command(cmd, env: python_env, allow_unsafe_shell_command: false)
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }
           )
         end
 
-        def run_pip_compile_command(command, allow_unsafe_shell_command: false)
+        def run_pip_compile_command(command, allow_unsafe_shell_command: false, fingerprint:)
           run_command(
-            "pyenv local #{Helpers.python_major_minor(python_version)}"
+            "pyenv local #{Helpers.python_major_minor(python_version)}",
+            fingerprint: "pyenv local <python_major_minor>"
           )
 
           run_command(
             command,
-            allow_unsafe_shell_command: allow_unsafe_shell_command
+            allow_unsafe_shell_command: allow_unsafe_shell_command,
+            fingerprint: fingerprint
           )
         end
 
@@ -393,6 +403,16 @@ def hash_separator(requirement_string)
           current_separator || default_separator
         end
 
+        def pip_compile_options_fingerprint(options)
+          options.sub(
+            /--output-file=\S+/, "--output-file=<output_file>"
+          ).sub(
+            /--index-url=\S+/, "--index-url=<index_url>"
+          ).sub(
+            /--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
+          )
+        end
+
         def pip_compile_options(filename)
           options = ["--build-isolation"]
           options += pip_compile_index_options

python/lib/dependabot/python/file_updater/poetry_file_updater.rb

@@ -198,11 +198,12 @@ def updated_lockfile_content_for(pyproject_content)
         # Using `--no-interaction` avoids asking for passwords.
         def run_poetry_update_command
           run_poetry_command(
-            "pyenv exec poetry update #{dependency.name} --lock --no-interaction"
+            "pyenv exec poetry update #{dependency.name} --lock --no-interaction",
+            fingerprint: "pyenv exec poetry update <dependency_name> --lock --no-interaction"
           )
         end
 
-        def run_poetry_command(command)
+        def run_poetry_command(command, fingerprint: nil)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
@@ -216,6 +217,7 @@ def run_poetry_command(command)
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }

python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

@@ -77,9 +77,11 @@ def fetch_latest_resolvable_version_string(requirement:)
                   # Shell out to pip-compile.
                   # This is slow, as pip-compile needs to do installs.
                   options = pip_compile_options(filename)
+                  options_fingerprint = pip_compile_options_fingerprint(options)
 
                   run_pip_compile_command(
-                    "pyenv exec pip-compile -v #{options} -P #{dependency.name} #{filename}"
+                    "pyenv exec pip-compile -v #{options} -P #{dependency.name} #{filename}",
+                    fingerprint: "pyenv exec pip-compile -v #{options_fingerprint} -P <dependency_name> <filename>"
                   )
 
                   next if dependency.top_level?
@@ -93,7 +95,8 @@ def fetch_latest_resolvable_version_string(requirement:)
                   # update_not_possible.
                   write_original_manifest_files
                   run_pip_compile_command(
-                    "pyenv exec pip-compile #{options} #{filename}"
+                    "pyenv exec pip-compile #{options} #{filename}",
+                    fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
                   )
                 end
 
@@ -186,9 +189,11 @@ def check_original_requirements_resolvable
 
               filenames_to_compile.each do |filename|
                 options = pip_compile_options(filename)
+                options_fingerprint = pip_compile_options_fingerprint(options)
 
                 run_pip_compile_command(
-                  "pyenv exec pip-compile #{options} #{filename}"
+                  "pyenv exec pip-compile #{options} #{filename}",
+                  fingerprint: "pyenv exec pip-compile #{options_fingerprint} <filename>"
                 )
               end
 
@@ -208,7 +213,7 @@ def check_original_requirements_resolvable
           end
         end
 
-        def run_command(command, env: python_env)
+        def run_command(command, env: python_env, fingerprint:)
           start = Time.now
           command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(env, command)
@@ -220,6 +225,7 @@ def run_command(command, env: python_env)
             message: stdout,
             error_context: {
               command: command,
+              fingerprint: fingerprint,
               time_taken: time_taken,
               process_exit_value: process.to_s
             }
@@ -230,6 +236,16 @@ def new_resolver_supported?
           python_version >= Python::Version.new("3.7")
         end
 
+        def pip_compile_options_fingerprint(options)
+          options.sub(
+            /--output-file=\S+/, "--output-file=<output_file>"
+          ).sub(
+            /--index-url=\S+/, "--index-url=<index_url>"
+          ).sub(
+            /--extra-index-url=\S+/, "--extra-index-url=<extra_index_url>"
+          )
+        end
+
         def pip_compile_options(filename)
           options = @build_isolation ? ["--build-isolation"] : ["--no-build-isolation"]
           options += pip_compile_index_options
@@ -257,12 +273,13 @@ def pip_compile_index_options
             end
         end
 
-        def run_pip_compile_command(command)
+        def run_pip_compile_command(command, fingerprint:)
           run_command(
-            "pyenv local #{Helpers.python_major_minor(python_version)}"
+            "pyenv local #{Helpers.python_major_minor(python_version)}",
+            fingerprint: "pyenv local <python_major_minor>"
           )
 
-          run_command(command)
+          run_command(command, fingerprint: fingerprint)
         end
 
         def python_env