[BUG] Running bundle leak update produces warnings from git

[unikitty37]

Before we start...:

• [X] I checked the documentation and found no answer
• [X] I checked to make sure that this issue has not already been filed
• [X] I'm reporting the issue to the correct repository (for multi-repository projects)

Branch/Commit:

Release 0.3.0

Expected behaviour:

When I type bundle leak update, it should update without git warnings.

Actual behaviour:

I get the following output:

$ bundle leak update
Updating ruby-advisory-db ...
hint: Pulling without specifying how to reconcile divergent branches is
hint: discouraged. You can squelch this message by running one of the following
hint: commands sometime before your next pull:
hint:
hint:   git config pull.rebase false  # merge (the default strategy)
hint:   git config pull.rebase true   # rebase
hint:   git config pull.ff only       # fast-forward only
hint:
hint: You can replace "git config" with "git config --global" to set a default
hint: preference for all repositories. You can also pass --rebase, --no-rebase,
hint: or --ff-only on the command line to override the configured default per
hint: invocation.
From https://github.com/rubysec/ruby-advisory-db
 * branch            master     -> FETCH_HEAD
Already up to date.

Could bundler-leak pass the appropriate flag? The update! method appears to be calling git fetch --all, and that doesn't accept --rebase — which make's git's output a bit baffling.

I'm running in Docker, so setting the git global config on the host machine won't help, and setting the local config would presumably have to be done on bundler-leak's internal copy, rather than the host project. I think it would be better for bundler-leak to be explicit here in any case.

(I suspect that most people not using Docker will have already set a global preference, and so won't have run into this…)

Steps to reproduce:

1. Do not have a git configuration set for pull.rebase or pull.ff, either globally or on the project you're working on.
2. Have a bundler-leak database that is out of date.
3. Type bundle leak update

Context and environment:

• bundler-leak 0.3.0
• Ruby 3.1.3, running in a Docker container (ruby:3.1.3-bullseye)
• Rails 6.1.7
• git 2.30.2

Screenshots and Videos

n/a

Logs

n/a

• [X] I will abide by the code of conduct

[ingemar]

It works fine for me.

❯ bundle leak update

Updating ruby-mem-advisory-db ...
HEAD is now at 2248f54 Merge pull request #36 from rubymem/dependabot/bundler/nokogiri-1.13.9
Updated ruby-mem-advisory-db
ruby-mem-advisory-db: 14 advisories

[unikitty37]

Hm — that's odd. I've tried to reproduce like this:

$ docker run -it --rm ruby:3.1.3-bullseye bash
# gem install -v 6.1.7 rails
…
# git config -l
# rails new --api testapp
…
# cd testapp
# bundle add -g development bundler-leak
# bundle leak update

…and I can't reproduce it there either. I'm guessing that something had happened to my local database that was causing git to throw the warnings, but a successful pull means the issue won't happen again.

Thanks for taking a look.