dependabot-common 0.182.4 → 0.183.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 957437470dd6e13a459853d0561b8f00e490410386768082cf8c325219607d8d
-  data.tar.gz: 175b54ada2e28ce6ec3f0674885e2573d5cf2d384e596c736691bb67cf772e13
+  metadata.gz: fc6c5c815952b755fe062f6d8dcaf0bbecfa5f0389f6b793d2cb28ee9f658374
+  data.tar.gz: f0aa19cb14cf0f583654bfb4b690789f0a6a3c9d425dc74d49b1a51c5037cf0d
 SHA512:
-  metadata.gz: cbb3505238e8ca4e46e2c8c9d29811d5c35ded7cb225b2b7af16486cfd9e992ebfa55b61c3ea2234ded603784240e214afad5674de8f69234bae94f708b437fe
-  data.tar.gz: 95bf9cbab7116998aa9840af9fca96f29be5a1d3b7a72ae63d0dbf27f0aace507693677f752f40d136b1a7a4cbc20bda38cc39ecea5a2cc455b51e9e21a14605
+  metadata.gz: 2f586d881a78ec9b173200493fad7e5dd2c885618a6d3234c2bb867ca1f090812762d3478698f772f3a7ec2434e2036c774ca6cd4fc4727ff3597647f0a74f85
+  data.tar.gz: a4878c0032c3a8ba309970b2a7deef30768fb299d4b837940fb6e677ac893653f877bb5effa696b2522bb55e39f03a7fc9d2ce532dce034ab15f2e8a1c606f9f

data/lib/dependabot/shared_helpers.rb

@@ -160,8 +160,8 @@ module Dependabot
     end
 
     def self.with_git_configured(credentials:)
-      backup_git_config_path = stash_global_git_config
-      configure_git_to_use_https_with_credentials(credentials)
+      backup_git_config_path, safe_directories = stash_global_git_config
+      configure_git_to_use_https_with_credentials(credentials, safe_directories)
       yield
     rescue Errno::ENOSPC => e
       raise Dependabot::OutOfDisk, e.message
@@ -175,7 +175,7 @@ module Dependabot
 
     # rubocop:disable Metrics/AbcSize
     # rubocop:disable Metrics/PerceivedComplexity
-    def self.configure_git_to_use_https_with_credentials(credentials)
+    def self.configure_git_to_use_https_with_credentials(credentials, safe_directories)
       File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"
       end
@@ -190,6 +190,12 @@ module Dependabot
         allow_unsafe_shell_command: true
       )
 
+      # see https://github.blog/2022-04-12-git-security-vulnerability-announced/
+      safe_directories ||= []
+      safe_directories.each do |path|
+        run_shell_command("git config --global --add safe.directory #{path}")
+      end
+
       github_credentials = credentials.
                            select { |c| c["type"] == "git_source" }.
                            select { |c| c["host"] == "github.com" }.
@@ -267,8 +273,13 @@ module Dependabot
       digest = Digest::SHA2.hexdigest(contents)[0...10]
       backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
 
+      # to preserve safe directories from global .gitconfig
+      output, process = Open3.capture2("git config --global --get-all safe.directory")
+      safe_directories = []
+      safe_directories = output.split("\n").compact if process.success?
+
       FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
-      backup_path
+      [backup_path, safe_directories]
     end
 
     def self.reset_global_git_config(backup_path)

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.182.4"
+  VERSION = "0.183.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.182.4
+  version: 0.183.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-26 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -497,7 +497,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Shared code used between Dependabot package managers