Merge pull request #5827 from dependabot/jurre/yarn-berry-update-lockfile-mode

Yarn Berry: Run commands in `update-lockfile` mode

Author: jurre

npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb

@@ -161,7 +161,7 @@ def run_yarn_berry_top_level_updater(top_level_dependency_updates:, yarn_lock:)
             # updated to a single new version, so we just pick the first one.
             "#{dep[:name]}@#{dep[:requirements].first[:requirement]}"
           end
-          command = "yarn add #{updates.join(' ')}"
+          command = "yarn add #{updates.join(' ')} --mode=update-lockfile"
           Helpers.run_yarn_commands(command)
           { yarn_lock.name => File.read(yarn_lock.name) }
         end
@@ -171,9 +171,9 @@ def run_yarn_berry_subdependency_updater(yarn_lock:)
           update = "#{dep.name}@#{dep.version}"
 
           Helpers.run_yarn_commands(
-            "yarn add #{update}",
-            "yarn dedupe #{dep.name}",
-            "yarn remove #{dep.name}"
+            "yarn add #{update} --mode=update-lockfile",
+            "yarn dedupe #{dep.name} --mode=update-lockfile",
+            "yarn remove #{dep.name} --mode=update-lockfile"
           )
           { yarn_lock.name => File.read(yarn_lock.name) }
         end

npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb

@@ -2995,7 +2995,6 @@
         it "updates the .yarn/cache folder" do
           expect(updated_files.map(&:name)).to match_array(
             [
-              ".yarn/cache/fetch-factory-npm-0.0.1-e67abc1f87-ff7fe6fdb8.zip",
               ".yarn/cache/fetch-factory-npm-0.0.2-816f8766e1-200ddd8ae3.zip",
               ".yarn/install-state.gz",
               "package.json",