-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
git restore --source=HEAD :/
advice after failed git clone
has no effect
#3411
Comments
This might be due to this issue from our Release Notes' "Known Issues" section:
|
Do you mean it might be causing issues for Maybe this is actually an upstream Git issue and the advice to use |
I just verified that this reproduces here: $ git clone https://github.com/dependabot/dependabot-core --depth=1 file-name-test
Cloning into 'file-name-test'...
remote: Enumerating objects: 4233, done.
remote: Counting objects: 100% (4233/4233), done.
remote: Compressing objects: 100% (3123/3123), done.
remote: Total 4233 (delta 1278), reused 2895 (delta 769), pack-reused 0
Receiving objects: 100% (4233/4233), 11.24 MiB | 3.41 MiB/s, done.
Resolving deltas: 100% (1278/1278), done.
error: unable to create file common/spec/fixtures/vcr_cassettes/Dependabot_MetadataFinders_Base_ReleaseFinder/_releases_text/with_a_github_repo/with_releases/when_the_release_is_present/updating_from_no_previous_release_to_new_release/1_2_1_1_1_4_1.yml: Filename too long
warning: unable to access 'common/spec/fixtures/vcr_cassettes/Dependabot_MetadataFinders_Base_ReleaseFinder/_releases_text/with_a_github_repo/with_releases/when_the_release_is_present/updating_from_uknown_previous_release_to_new_release/.gitattributes': Filename too long
error: unable to create file common/spec/fixtures/vcr_cassettes/Dependabot_MetadataFinders_Base_ReleaseFinder/_releases_text/with_a_github_repo/with_releases/when_the_release_is_present/updating_from_uknown_previous_release_to_new_release/1_2_1_1_1_4_1.yml: Filename too long
Updating files: 100% (3971/3971), done.
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry with 'git restore --source=HEAD :/' And indeed, both with and without The really interesting thing here is that this also happens if I run that command via WSL. So let's dig deeper. The biggest problem is of course that all of the files are marked as
Note how the first sentence says: in the working tree. And the second paragraph says that the index can optionally also be restored. In other words, this command works as intended: $ git restore --source=HEAD -S -W :/ The problem, then, is that the index was not written correctly. And I suspect that this problem lies within the original Git project, |
For what it's worth, the clone command does appear to work as expected when run on Linux (Ubuntu 21.04 in this case).
|
@landstander668 right. But if the clone on Linux would fail to write some file for whatever reason, then the index might still be left empty by mistake. That's the bug I am talking about. |
Sorry for the delay, I have reported it on the Git mailing list now. |
Let's continue the investigation there. |
* v0.162.0 * handle support files with dir macro in umbrellas * bin/dry-run.rb exits outside a developer shell * Update README * Prefer checking user over touching a file * Support basic Kotlin apply, add tests * Escape paths passed to VendorUpdater Paths in packages could be constructed to perform command, when not properly escaped those could be executed. ``` (byebug) `file -b --mime-encoding t&&[email protected]&&.go` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to 0.0.0.0 port 80: Connection refused "cannot open `t' (No such file or directory)\n" ``` ``` (byebug) `#{Dependabot::SharedHelpers.escape_command("file -b --mime-encoding t&&[email protected]&&.go")}` "cannot open `t&&[email protected]&&.go' (No such file or directory)\n" ``` * Bump golang from 1.17 to 1.17.1 * build(deps): bump github.com/dependabot/gomodules-extracted Bumps [github.com/dependabot/gomodules-extracted](https://github.com/dependabot/gomodules-extracted) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/dependabot/gomodules-extracted/releases) - [Commits](dependabot/gomodules-extracted@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/dependabot/gomodules-extracted dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix `labels': Unsupported provider bitbucket Bitbucket doesn't yet supports PR labels. dependabot throught this issue whenever I try to use it with bitbucket labeler.rb:241:in `labels': Unsupported provider bitbucket (RuntimeError) * Fix minor typos in changelog * v0.162.1 * Support Gradle files with no top level build.gradle file * Treat tokens after underscore as numeric if possible * Simplify string processing * Ignore replaced dependencies * v0.162.2 * Add support for gradlePluginPortal() * build(deps-dev): bump jest in /npm_and_yarn/helpers Bumps [jest](https://github.com/facebook/jest) from 27.0.6 to 27.2.4. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](jestjs/jest@v27.0.6...v27.2.4) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Handle .tar path dependency * Fix indentation * build(deps): bump composer/composer in /composer/helpers/v1 Bumps [composer/composer](https://github.com/composer/composer) from 1.10.22 to 1.10.23. - [Release notes](https://github.com/composer/composer/releases) - [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md) - [Commits](composer/composer@1.10.22...1.10.23) --- updated-dependencies: - dependency-name: composer/composer dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 2.8.0 to 3.0.0. - [Release notes](https://github.com/npm/arborist/releases) - [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md) - [Commits](npm/arborist@v2.8.0...v3.0.0) --- updated-dependencies: - dependency-name: "@npmcli/arborist" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump friendsofphp/php-cs-fixer in /composer/helpers/v2 Bumps [friendsofphp/php-cs-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) from 3.0.0 to 3.2.1. - [Release notes](https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases) - [Changelog](https://github.com/FriendsOfPHP/PHP-CS-Fixer/blob/v3.2.1/CHANGELOG.md) - [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v3.0.0...v3.2.1) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add issue template config with Dependabot contact links * Fix elm tests The version resolver fetches the latest version from the public registry, and since we shell out to `elm` for this, it's currently hard to stub out. Our test fixture did not have the latest version yet and would cause our tests to fail. Ideally we'd rely on both the version_checker and resolver using the same source that we stub, but unfortunately with the way our tests are set up makes that hard. Fortunately these don't change often, so I suggest we live with the pain for now. * Fix Poetry unreachable git deps error Since python-poetry/poetry-core#202 poetry now uses a slightly different (safer) git command, and this caused the regex matching we do on the error output to now fail. This fixes up the regex, and just to be safe ensures it'll keep working with the old version as well. The test that was failing was: `python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb:179` * build(deps-dev): bump prettier in /npm_and_yarn/helpers Bumps [prettier](https://github.com/prettier/prettier) from 2.3.2 to 2.4.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.3.2...2.4.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Gradle: Prefer method call over instance variable access in file fetcher * build(deps): bump poetry from 1.1.7 to 1.1.11 in /python/helpers Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.7 to 1.1.11. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/1.1.11/CHANGELOG.md) - [Commits](python-poetry/poetry@1.1.7...1.1.11) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump composer/composer in /composer/helpers/v2 Bumps [composer/composer](https://github.com/composer/composer) from 2.1.3 to 2.1.9. - [Release notes](https://github.com/composer/composer/releases) - [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md) - [Commits](composer/composer@2.1.3...2.1.9) --- updated-dependencies: - dependency-name: composer/composer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump pip-tools from 6.2.0 to 6.3.0 in /python/helpers Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.2.0...6.3.0) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump wheel from 0.36.2 to 0.37.0 in /python/helpers Bumps [wheel](https://github.com/pypa/wheel) from 0.36.2 to 0.37.0. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/master/docs/news.rst) - [Commits](pypa/wheel@0.36.2...0.37.0) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.93 to 0.12.99. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Commits](phpstan/phpstan@0.12.93...0.12.99) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump friendsofphp/php-cs-fixer in /composer/helpers/v1 Bumps [friendsofphp/php-cs-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) from 2.19.0 to 2.19.2. - [Release notes](https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases) - [Changelog](https://github.com/FriendsOfPHP/PHP-CS-Fixer/blob/3.0/CHANGELOG.md) - [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v2.19.0...v2.19.2) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * v0.163.0 * remove trailing whitespaces * Recommend `git reset` when cloning repository on Windows fails `git restore --source=HEAD :/` which is currently suggested by Git does not work, it is unable to restore the files, see git-for-windows/git#3411. * build(deps): bump pip-tools from 6.3.0 to 6.3.1 in /python/helpers Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.3.0...6.3.1) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump jest in /npm_and_yarn/helpers Bumps [jest](https://github.com/facebook/jest) from 27.2.4 to 27.2.5. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](jestjs/jest@v27.2.4...v27.2.5) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump pip from 21.1.3 to 21.2.4 in /python/helpers Bumps [pip](https://github.com/pypa/pip) from 21.1.3 to 21.2.4. - [Release notes](https://github.com/pypa/pip/releases) - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@21.1.3...21.2.4) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump flake8 from 3.9.2 to 4.0.0 in /python/helpers Bumps [flake8](https://github.com/pycqa/flake8) from 3.9.2 to 4.0.0. - [Release notes](https://github.com/pycqa/flake8/releases) - [Commits](PyCQA/flake8@3.9.2...4.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump eslint in /npm_and_yarn/helpers Bumps [eslint](https://github.com/eslint/eslint) from 7.32.0 to 8.0.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](eslint/eslint@v7.32.0...v8.0.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump golang.org/x/mod in /go_modules/helpers Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/golang/mod/releases) - [Commits](golang/mod@v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Upgrade OTP to latest minor: 23.3.4.5 * Python: Upgrade pyenv to 2.1.0 This also adds Python 3.10.0, 3.7.12, 3.6.15 * Bump Terraform from 1.0.6 to 1.0.8 https://github.com/hashicorp/terraform/blob/v1.0/CHANGELOG.md#108-september-29-2021 * build(deps): bump pip-tools from 6.3.1 to 6.4.0 in /python/helpers Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.3.1 to 6.4.0. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.3.1...6.4.0) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump flake8 from 4.0.0 to 4.0.1 in /python/helpers Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/pycqa/flake8/releases) - [Commits](PyCQA/flake8@4.0.0...4.0.1) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * update Elixir from 1.12.2 -> 1.12.3 * update erlang solutions from 1.0 to 2.0 * v0.163.1 * Add license to image and gemspec The dependabot-* gems on rubygems currently have the license set as 'nonstandard' and do not include a license file. * Add license to gem build directory * Set license back to Nonstandard Rubygems only recognizes licenses on the spdx license list, and the Prosperity Public License 2.0.0 is not one of them. * Allow passing target_project_id to Gitlab pr creator and updater * Revert "Add license to gem build directory" This reverts commit 05aa6ee. * Update specs Validate target_project_id passed correctly Fix request expectation * Move target_project_id to provider_metadata * Treat GHES hosted sources as github sources When a dependency is hosted on GHES, previously it was not treated as a GitHub source, meaning that we would not check for releases/changelogs etc when requesting Metadata for the PR. This fixes that, by first parsing the URL, and then making a request to `<host>/status`, and checking for a `X-GitHub-Request-Id` header, which we return from GitHub Enterprise Server. * Revert "v0.163.1" This reverts commit 2103fbb. * v0.164.0 * Add TagsCreationForbidden Exception to Azure Client * Make labeler optional in Azure * Add labels_required param to PR creator * Fix indentation * Ensure we cleanup tmp directories after use * Only check auth for github.com * v0.164.1 * feat: specify timeouts per spawned process * style: fix linter errors * test: update glass assertions * test: ensure the proper command is generated * feat: trap SIGHUB and flush error to stdout * refactor: collapse multi line conditional * style: fix linter errors * refactor: extract class to build shell command * style: fix linter errors * fix: ensure min of 1 minute and max of 30 minutes per op * refactor: make timeout_seconds a private method * [Gradle] add settings_file to fetched_files * [Gradle] add settings files to SUPPORTED_BUILD_FILE_NAMES * [Gradle] update tests * refactor: use Comparable#clamp * [Gradle] add tests for FileParser * [Gradle] fix implementation * v0.165.0 * Bump to go 1.17.3 There were some minor fixes to the `go` command in 1.17.2/1.17.3... I don't think any of them directly affect dependabot, but it doesn't hurt to bump this and makes it so the next person has a smaller diff to look at when they consider updating. * Move composer-not-found fixture from decommissioned dependabot.com * Ignore errors from Source enterprise check and ignore known failures We check if a potential Source is GitHub enterprise by making a request to a `/status` endpoint against the root URL and checking some headers. We've observed this check failing in some cases when the source is not enterprise, and we get rate limited, or otherwise the request fails with an error. In this case we do not want to block creating a PR, but instead we should assume the source is not Enterprise. This also adds a list of known hosts that we come across often that definitely are not GitHub Enterprise instances, and we ignore those and don't bother making a request to them. Co-Authored-By: Barry Gordon <[email protected]> * Explicitly ignore metadata detection for fuchsia.googlesource.com We've observed some failures when trying to establish if this might be an GHES host, since we can be confident it's not, let's not bother making a request to check. * v0.166.0 * Apply suggested code tweaks * Fix variable references * Refactor code to reduce complexity This also reverts a previous incorrect change. With this, rubocop is happy and the tests still pass. * Improve error handling when `terraform init` fails We attempt to run `terraform init` once, but when this fails, we still end up with an unhandled error. Given that there is not much we can do at this point, communicate that to the user instead, and treat it as a resolvability error. At the same time, when `terraform init` fails with an error other than a private source error, there is no point trying further so we should raise a resolvability error as well. * Rescue terraform registry connection errors * v0.166.1 * Remove labels_required param * Run YarnUpdate only once for a version requirement * Fix indent * Adjust indentation to please rubocop * fix: remove fixed error message check A new version of [pandoc-ruby](https://rubygems.org/gems/pandoc-ruby/versions/2.1.5) was recently released that changes the behaviour of how the `pandoc` executable is invoked. [src](xwmx/pandoc-ruby@2.1.4...2.1.5). /cc dependabot#2849 * style: fix linter errors * Fix * build(deps-dev): bump friendsofphp/php-cs-fixer in /composer/helpers/v2 Bumps [friendsofphp/php-cs-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) from 3.2.1 to 3.3.2. - [Release notes](https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases) - [Changelog](https://github.com/FriendsOfPHP/PHP-CS-Fixer/blob/v3.3.2/CHANGELOG.md) - [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v3.2.1...v3.3.2) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump friendsofphp/php-cs-fixer in /composer/helpers/v1 Bumps [friendsofphp/php-cs-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) from 2.19.2 to 2.19.3. - [Release notes](https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases) - [Changelog](https://github.com/FriendsOfPHP/PHP-CS-Fixer/blob/master/CHANGELOG.md) - [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v2.19.2...v2.19.3) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump pipenv from 2021.5.29 to 2021.11.15 in /python/helpers Bumps [pipenv](https://github.com/pypa/pipenv) from 2021.5.29 to 2021.11.15. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2021.5.29...v2021.11.15) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Maven: Correctly handle nested declarations We've observed errors around pom files that have a nested `plugin` section inside an outer plugin declaration. Previously we used a regex to recursively scan the XML document, which caused the inner `plugin` declarations closing tag to match the regex, resulting in an incomplete XML section. To demonstrate, given the following XML: ```xml <plugins> <plugin> <configuration> <jvmTarget>11</jvmTarget> <compilerPlugins> <plugin>spring</plugin> </compilerPlugins> </configuration> <groupId>org.jetbrains.kotlin</groupId> <artifactId>kotlin-maven-plugin</artifactId> <version>${kotlin.version}</version> </plugin> </plugin> ``` The `<plugin>spring</plugin>` declaration would cause a regex match, resulting in the required information (the `version` in this case) to be omitted from the XML snippet. This is resolved by using Nokogiri to traverse the XML instead of using regular expressions, and selecting the nodes by name. Co-authored-by: Landon Grindheim <[email protected]> * v0.167.0 * Remove the dependabot migration issue template The Dependabot Preview service was shut down on the 3rd of August 2021, so our path to migration is now closed and the service has been wrapped up. This template format is no longer required, any issues for lapsed users returning to the integrated Dependabot service should just file a standard bug report. * Do not freeze file-based Poetry dependency version Fixes dependabot#4333 * Polish * Code formatting * Remove unnecessary quotes Co-authored-by: Jurre <[email protected]> * Fix typo * Special case URL dependencies, add better positive assertions for file and directory dependencies * Rename expected files in tests * Rename file back * build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 3.0.0 to 4.0.5. - [Release notes](https://github.com/npm/arborist/releases) - [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md) - [Commits](npm/arborist@v3.0.0...v4.0.5) --- updated-dependencies: - dependency-name: "@npmcli/arborist" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.99 to 1.2.0. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@0.12.99...1.2.0) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.93 to 1.2.0. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@0.12.93...1.2.0) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Update some pipenv error handling to match latest version * Add support for custom commit message trailer * Pass custom git trailers as hash object * Remove reliance on `PandocRuby` PandocRuby has been used to convert RestructuredText (rst), a markdown-like format widely used in the Python ecosystem, to markdown. We recently noticed new errors surfacing around Pandoc and started to investigate. This led to the discovery that Pandoc was not installed in the Docker container GitHub is using to run Dependabot against repositories. I'm opting to remove this dependency as PandocRuby is effectively unused. Note: There is the possibility that some users rely on this functionality. As has been noted in a recent PR-review, non-Docker usage of dependabot-core is poorly supported, so this seems unlikely. * Update tests to reflect our not converting rst's We stopped relying on `PandocRuby` in a previous commit. This test may be able to go away, but first I'd like to prove that it's no longer needed. * Allow providing env to SharedHelpers.run_shell_command * Switch to go command to find available module versions * Handle new error message for bad module paths go list returns a different error message: go list -m: malformed module path "pkg-errors": missing dot in first path element * Enable retracted module test go list -m properly handles retractions so this test is now passing * Bump latest go-modules-lib to v3. v2 was invalid. Prior error: go list -m: loading module retractions for github.com/dependabot-fixtures/go-modules-lib/[email protected]: version "v2.0.0" invalid: go.mod has non-.../v2 module path "github.com/dependabot-fixtures/go-modules-lib" (and .../v2/go.mod does not exist) at revision v2.0.0 * Handle invalid major version errors * Remove unused go_modules updatechecker native helper * Fix linter error Co-authored-by: Jurre <[email protected]> * Verify for just message code instead of text * Fix linter issue Co-authored-by: Jurre <[email protected]> * build(deps-dev): bump eslint in /npm_and_yarn/helpers Bumps [eslint](https://github.com/eslint/eslint) from 8.0.0 to 8.3.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.0.0...v8.3.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump pip from 21.2.4 to 21.3.1 in /python/helpers Bumps [pip](https://github.com/pypa/pip) from 21.2.4 to 21.3.1. - [Release notes](https://github.com/pypa/pip/releases) - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@21.2.4...21.3.1) --- updated-dependencies: - dependency-name: pip dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Remove test around updating unneeded transitive dependency The behavior around this has changed in pipenv, but it does not seem documented or even expected. Essentially, this test was doing the following: - add the transitive dependency to the Pipfile - run `pipenv lock` - check the version of the transitive dependency in the lockfile Previous versions of pipenv would then remove the transitive dependency from the lockfile, but it is not clear to me why, as it is present in the Pipfile at that point. My guess is it would keep the top-level dependencies cached somehow, but I've not been able to find much. Either way, if transitive dependencies are _actually_ removed (meaning, not also present in the manifest file), this should still work just fine. The test setup is at the least confusing and at the worst wrong, let's remove it. * Clarify how env vars are passed to shell commands Co-Authored-By: Mattt Zmuda <[email protected]> Co-Authored-By: Landon Grindheim <[email protected]> * Python: Honour `--strip-extras` flag of `pip-compile` The `--strip-extras` flag of `pip-compile` is useful to generate contstraints files (instead of the more traditional requirements files) from some `constraints.in` file. Constraints files can't have extras markers on the packages (this wouldn't make much sense indeed), hence they need to be stripped. Since `pip-tools` 6.2.0 this is supported by using the `--strip-extras` flag. This commit adds this as a 'recognized' flag: if it's found in an existing `foo.txt` file, it will be passed to `pip-compile` when some `foo.in` file is updated. See: dependabot#3974 (comment) See: dependabot#3974 (comment) See: jazzband/pip-tools#1300 (comment) * Use github.com for redirect service * v0.168.0 * python: Update `GIT_DEPENDENCY_UNREACHABLE_REGEX` for pip 21.3.1 * v0.169.0 * Bump minimum to 1.17 This isn't strictly necessary, but since the rest of the infra bumped to 1.17, might as well bump it here too. Esp since the `go.mod` behavior changed a bit in `1.17`... so if more libs get added ever, this makes it so `go.mod`/`go.sum` will follow the new behavior... * build(deps): bump pipenv in /python/helpers Bumps [pipenv](https://github.com/pypa/pipenv) from 2021.11.15 to 2021.11.23. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2021.11.15...v2021.11.23) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Dependabot config: ignore npm lib major version updates These helpers exist to support npm 6, so we require that specific major version and should not update it. * Update dependabot.yml Co-authored-by: mo khan <[email protected]> Co-authored-by: Jurre <[email protected]> Co-authored-by: Nish Sinha <[email protected]> Co-authored-by: nirev <[email protected]> Co-authored-by: Barry Gordon <[email protected]> Co-authored-by: Barry Gordon <[email protected]> Co-authored-by: Zbynek Konecny <[email protected]> Co-authored-by: Jurre Stender <[email protected]> Co-authored-by: David McIntosh <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Melad Raouf <[email protected]> Co-authored-by: Zbynek Konecny <[email protected]> Co-authored-by: Jeroen Bobbeldijk <[email protected]> Co-authored-by: AlekhyaYalla <[email protected]> Co-authored-by: Andrew Bredow <[email protected]> Co-authored-by: Marcono1234 <[email protected]> Co-authored-by: Tomás Pinho <[email protected]> Co-authored-by: Parnassius <[email protected]> Co-authored-by: Philip Ross <[email protected]> Co-authored-by: Andrejs Cunskis <[email protected]> Co-authored-by: anatawa12 <[email protected]> Co-authored-by: Jeff Widman <[email protected]> Co-authored-by: Tim Van Holder <[email protected]> Co-authored-by: Landon Grindheim <[email protected]> Co-authored-by: Landon Grindheim <[email protected]> Co-authored-by: Phillip Verheyden <[email protected]> Co-authored-by: Mattt Zmuda <[email protected]> Co-authored-by: Nicolas Trangez <[email protected]> Co-authored-by: Lane Seppala <[email protected]> Co-authored-by: Lane Seppala <[email protected]> Co-authored-by: Andy Freeland <[email protected]>
Originally asked this as StackOverflow question, but was told it might be a Git for Windows bug.
Related to the advice observed in #2438 (comment).
Setup
Which version of Git for Windows are you using? Is it 32-bit or 64-bit?
Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?
What options did you set as part of the installation? Or did you choose the
defaults?
Any other interesting things about your environment that might be related
to the issue you're seeing?
git config core.longpaths
is not set (neither for system nor globally).Details
Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other
PowerShell, Git Bash
What commands did you run to trigger this issue? If you can provide a
Minimal, Complete, and Verifiable example
this will help us understand the issue.
git clone https://github.com/dependabot/dependabot-core --depth=1 file-name-test
ℹ️ Cloning fails due to "Filename too long"; Git suggests to run
git restore --source=HEAD :/
cd file-name-test
git config core.longpaths true
git restore --source=HEAD :/
git status
❌ Changes are reported; running
git restore
had no effectWhat did you expect to occur after running these commands?
Either:
git restore --source=HEAD :/
no changes should be reported anymoregit restore --source=HEAD :/
if it would have no effectWhat actually happened instead?
Git suggested to run
git restore --source=HEAD :/
; it had no effect.Note that checkout succeeds when running
git restore --source=HEAD -SW :/
orgit reset --hard
.If the problem was occurring with a specific repository, can you provide the
URL to that repository to help us with testing?
any repository with long file paths
The text was updated successfully, but these errors were encountered: