Description
Starting with Renovate 43.116.1, all jobs fail immediately after git clone with:
Error: Configuring core.hooksPath is not permitted without enabling allowUnsafeHooksPath
at Object.action (simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts:17:22)
Renovate internally runs git config core.hooksPath /dev/null to disable hooks in cloned repositories. The simple-git v3.35.2 block-unsafe-operations-plugin now blocks this call, causing an unknown-error result and aborting the run before extraction.
Versions
- Last working version:
43.110.2 (completed successfully)
- First broken version:
43.116.1 (fails with error above)
- Platform: Mend-hosted (Community/Free plan)
- Both runs on the same repository, same config, no repo-side changes between them.
Reproduction
This appears to affect any Mend-hosted repository running 43.116.1. The error occurs in Renovate's own internal git setup — not triggered by any repo-specific configuration or content.
Expected behavior
Renovate should be able to set core.hooksPath = /dev/null without being blocked by its own dependency's security plugin. Either:
- Pass
allowUnsafeHooksPath: true to the simple-git instance (since Renovate controls this call and the intent is to disable hooks, not enable unsafe ones), or
- Use an alternative mechanism to skip hooks (e.g.,
GIT_CONFIG_NOSYSTEM=1 + environment-based hook bypass)
Relevant stack trace
task: { commands: ["config", "core.hooksPath", "/dev/null"] }
plugin: "unsafe"
message: "Configuring core.hooksPath is not permitted without enabling allowUnsafeHooksPath"
stack: Error at Object.action (simple-git/src/lib/plugins/block-unsafe-operations-plugin.ts:17:22)
at PluginStore.exec (simple-git/src/lib/plugins/plugin-store.ts:54:29)
at GitExecutorChain.attemptRemoteTask (simple-git/src/lib/runners/git-executor-chain.ts:84:34)
Description
Starting with Renovate
43.116.1, all jobs fail immediately aftergit clonewith:Renovate internally runs
git config core.hooksPath /dev/nullto disable hooks in cloned repositories. Thesimple-gitv3.35.2block-unsafe-operations-pluginnow blocks this call, causing anunknown-errorresult and aborting the run before extraction.Versions
43.110.2(completed successfully)43.116.1(fails with error above)Reproduction
This appears to affect any Mend-hosted repository running
43.116.1. The error occurs in Renovate's own internal git setup — not triggered by any repo-specific configuration or content.Expected behavior
Renovate should be able to set
core.hooksPath = /dev/nullwithout being blocked by its own dependency's security plugin. Either:allowUnsafeHooksPath: trueto thesimple-gitinstance (since Renovate controls this call and the intent is to disable hooks, not enable unsafe ones), orGIT_CONFIG_NOSYSTEM=1+ environment-based hook bypass)Relevant stack trace