dependabot-cargo 0.97.3 → 0.97.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20a85ddfc0db4a910fd2de051dc7903e495d6bd7102515a767244782fcbe1f0d
-  data.tar.gz: ca8f4c88f944eb5cba89d2fb93d914fe5294d2c5c9e062cbf120b93c9fcbb53b
+  metadata.gz: '059939b3309966756e317b6ca8a49525a6bc9e2eea9215c57d8e05d60131e3bf'
+  data.tar.gz: cbdcb62d6635d1eca6d9b533f2aa876d65f404f4eccddda46683d2ebb76e97f7
 SHA512:
-  metadata.gz: '084297ad705f9025d0438c29e0207e5a77471ed6f1bdc2687925cd1e0b33490bb208ce6bdb2fa662de88519b0c278a7b5bc0724f5546b8ba5e2830f968b65f03'
-  data.tar.gz: 7fa36f9056bc585e27849b03050c9ceca39bb0585a0a7f6ab8306b68a0f9c4e433a65d92da285a84079670e171463b1c9e6092c59114dd3687c869dda91cc53d
+  metadata.gz: a4131176d13828990d16350fe501d41914602e0a44d22dd993d236b1928a09f51402271ebb721ff831303e17b1c3d458d36555177558d148529000d86e65a7a5
+  data.tar.gz: 17617144fafe767c6103d2fab2937ba84d83a01b41937a1cc2016724f6f935b8d7d976fc4a5f2344d2788a7205b34716b3dc54e7ebf6f243581bb3cb5e20b51b

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb

@@ -2,6 +2,7 @@
 
 require "toml-rb"
 require "open3"
+require "shellwords"
 require "dependabot/git_commit_checker"
 require "dependabot/cargo/file_updater"
 require "dependabot/cargo/file_updater/manifest_updater"
@@ -26,8 +27,8 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              command = "cargo update -p #{dependency_spec}"
-              run_shell_command(command)
+              command_parts = ["cargo", "update", "-p", dependency_spec]
+              run_shell_command(Shellwords.join(command_parts))
             end
 
             updated_lockfile = File.read("Cargo.lock")

data/lib/dependabot/cargo/update_checker/version_resolver.rb

@@ -2,6 +2,7 @@
 
 require "toml-rb"
 require "open3"
+require "shellwords"
 require "dependabot/shared_helpers"
 require "dependabot/cargo/update_checker"
 require "dependabot/cargo/file_parser"
@@ -45,8 +46,9 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              command = "cargo update -p #{dependency_spec} --verbose"
-              run_cargo_command(command)
+              command_parts = ["cargo", "update", "-p", dependency_spec,
+                               "--verbose"]
+              run_cargo_command(Shellwords.join(command_parts))
             end
 
             updated_version = fetch_version_from_new_lockfile
@@ -254,8 +256,9 @@ module Dependabot
             write_temporary_dependency_files(prepared: false)
 
             SharedHelpers.with_git_configured(credentials: credentials) do
-              command = "cargo update -p #{dependency_spec} --verbose"
-              run_cargo_command(command)
+              command_parts = ["cargo", "update", "-p", dependency_spec,
+                               "--verbose"]
+              run_cargo_command(Shellwords.join(command_parts))
             end
           end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.97.3
+  version: 0.97.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-10 00:00:00.000000000 Z
+date: 2019-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.3
+        version: 0.97.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.3
+        version: 0.97.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement