Open saigkill opened 7 years ago
Any update to this?
I've got the same sporadical errors ๐ Any update or workaround?
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db
* branch master -> FETCH_HEAD
error: Your local changes to the following files would be overwritten by merge:
[...]
Please commit your changes or stash them before you merge.
Aborting
Updating c7e3e48..8ad6d62
Failed updating ruby-advisory-db!
Solved.
Found that line to detect where gem stores the DB. Removed all data and updated all from scratch.
@paranoicsan can you explain what you mean by this:
Removed all data and updated all from scratch.
Also, is there any release coming soon for this ?
@sandipsubedi I just deleted my local copy of the advisory database. And the next update went smoothly.
I'm not sure where these local changes are coming from, but maybe we could force git to wipe out any local changes? git reset --hard HEAD && git clean -f -d
before git pull
maybe?
I have noticed that this happens when using git worktrees and not being in the primary source directory. For example, I have a master
folder which is the original repository, and a develop
folder that is a worktree of master
. If I run the audit in the develop
directory, it appears to try to update the master
folder instead of the ruby-advisory-db
itself.
Example, breaking in a worktree folder:
~/project_folder/develop(some_branch*) ยป git push --set-upstream origin $(git_current_branch)
husky > pre-push (node v14.5.0)
Auditing bundle for security issues...
Updating ruby-advisory-db ...
From https://github.com/my_organization/my_repo โ๏ธโ๏ธ
* branch master -> FETCH_HEAD
error: Your local changes to the following files would be overwritten by merge:
Gemfile
Gemfile.lock
Please commit your changes or stash them before you merge.
Aborting
โ Failed updating ruby-advisory-db!
husky > pre-push hook failed (add --no-verify to bypass)
error: failed to push some refs to 'https://github.com/my_organization/my_repo'
Works fine:
~/project_folder/master(master) ยป git push --set-upstream origin $(git_current_branch)
husky > pre-push (node v14.5.0)
Auditing bundle for security issues...
Updating ruby-advisory-db ...
From https://github.com/rubysec/ruby-advisory-db ๐๐
* branch master -> FETCH_HEAD
Already up to date.
โ
Updated ruby-advisory-db
ruby-advisory-db: 484 advisories
No vulnerabilities found
Branch 'master' set up to track remote branch 'master' from 'origin'.
Everything up-to-date
Deleting the advisory database worked for me. In case you're wondering where that database is located like I was, you can pop open irb
and enter the following:
File.expand_path(File.join(Gem.user_home,'.local','share','ruby-advisory-db'))
Taken from: https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/database.rb#L41
@bbugh Database#update always ran the git pull
command within a Dir.chdir
block. However, the Database.download method runs git pull
with the path to ~/.local/share/ruby-advisory-db
. Still not sure how git is screwing with ~/.local/share/ruby-advisory-db
local repo.
I tried a bundle_audit:update and got: Updating ruby-advisory-db ... From https://github.com/rubysec/ruby-advisory-db
How can i fix it?