From 165b3e6b1e55484fd2c02be28f184c8c9b3f3231 Mon Sep 17 00:00:00 2001
From: Frank Viernau <frank_viernau@epam.com>
Date: Tue, 24 Sep 2024 11:22:11 +0200
Subject: [PATCH] feat(yarn): Fail in case an update of the lockfile is needed

Do not update the lockfile and fail if an update is needed, so that the
lockfile effectively pins the version reliably. See also [1].

[1]: https://yarnpkg.com/cli/install#options

Signed-off-by: Frank Viernau <frank_viernau@epam.com>
---
 plugins/package-managers/node/src/main/kotlin/Yarn.kt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/package-managers/node/src/main/kotlin/Yarn.kt b/plugins/package-managers/node/src/main/kotlin/Yarn.kt
index 450d57f3d36e9..f215641ebe480 100644
--- a/plugins/package-managers/node/src/main/kotlin/Yarn.kt
+++ b/plugins/package-managers/node/src/main/kotlin/Yarn.kt
@@ -80,7 +80,8 @@ class Yarn(
         // fixed minor version to be sure to get consistent results.
         checkVersion()
 
-    override fun runInstall(workingDir: File) = run(workingDir, "install", "--ignore-scripts", "--ignore-engines")
+    override fun runInstall(workingDir: File) =
+        run(workingDir, "install", "--ignore-scripts", "--ignore-engines", "--immutable")
 
     override fun getRemotePackageDetails(workingDir: File, packageName: String): PackageJson {
         yarnInfoCache.read(packageName)?.let { return parsePackageJson(it) }