dependabot-common 0.182.4 → 0.183.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/shared_helpers.rb +15 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fc6c5c815952b755fe062f6d8dcaf0bbecfa5f0389f6b793d2cb28ee9f658374
|
4
|
+
data.tar.gz: f0aa19cb14cf0f583654bfb4b690789f0a6a3c9d425dc74d49b1a51c5037cf0d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2f586d881a78ec9b173200493fad7e5dd2c885618a6d3234c2bb867ca1f090812762d3478698f772f3a7ec2434e2036c774ca6cd4fc4727ff3597647f0a74f85
|
7
|
+
data.tar.gz: a4878c0032c3a8ba309970b2a7deef30768fb299d4b837940fb6e677ac893653f877bb5effa696b2522bb55e39f03a7fc9d2ce532dce034ab15f2e8a1c606f9f
|
@@ -160,8 +160,8 @@ module Dependabot
|
|
160
160
|
end
|
161
161
|
|
162
162
|
def self.with_git_configured(credentials:)
|
163
|
-
backup_git_config_path = stash_global_git_config
|
164
|
-
configure_git_to_use_https_with_credentials(credentials)
|
163
|
+
backup_git_config_path, safe_directories = stash_global_git_config
|
164
|
+
configure_git_to_use_https_with_credentials(credentials, safe_directories)
|
165
165
|
yield
|
166
166
|
rescue Errno::ENOSPC => e
|
167
167
|
raise Dependabot::OutOfDisk, e.message
|
@@ -175,7 +175,7 @@ module Dependabot
|
|
175
175
|
|
176
176
|
# rubocop:disable Metrics/AbcSize
|
177
177
|
# rubocop:disable Metrics/PerceivedComplexity
|
178
|
-
def self.configure_git_to_use_https_with_credentials(credentials)
|
178
|
+
def self.configure_git_to_use_https_with_credentials(credentials, safe_directories)
|
179
179
|
File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
|
180
180
|
file << "# Generated by dependabot/dependabot-core"
|
181
181
|
end
|
@@ -190,6 +190,12 @@ module Dependabot
|
|
190
190
|
allow_unsafe_shell_command: true
|
191
191
|
)
|
192
192
|
|
193
|
+
# see https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
194
|
+
safe_directories ||= []
|
195
|
+
safe_directories.each do |path|
|
196
|
+
run_shell_command("git config --global --add safe.directory #{path}")
|
197
|
+
end
|
198
|
+
|
193
199
|
github_credentials = credentials.
|
194
200
|
select { |c| c["type"] == "git_source" }.
|
195
201
|
select { |c| c["host"] == "github.com" }.
|
@@ -267,8 +273,13 @@ module Dependabot
|
|
267
273
|
digest = Digest::SHA2.hexdigest(contents)[0...10]
|
268
274
|
backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
|
269
275
|
|
276
|
+
# to preserve safe directories from global .gitconfig
|
277
|
+
output, process = Open3.capture2("git config --global --get-all safe.directory")
|
278
|
+
safe_directories = []
|
279
|
+
safe_directories = output.split("\n").compact if process.success?
|
280
|
+
|
270
281
|
FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
|
271
|
-
backup_path
|
282
|
+
[backup_path, safe_directories]
|
272
283
|
end
|
273
284
|
|
274
285
|
def self.reset_global_git_config(backup_path)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.183.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-04-
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -497,7 +497,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
497
497
|
- !ruby/object:Gem::Version
|
498
498
|
version: 2.7.3
|
499
499
|
requirements: []
|
500
|
-
rubygems_version: 3.
|
500
|
+
rubygems_version: 3.3.7
|
501
501
|
signing_key:
|
502
502
|
specification_version: 4
|
503
503
|
summary: Shared code used between Dependabot package managers
|