RubyGems - dependabot-cargo - Versions diffs - 0.98.20 → 0.98.21 - Mend

dependabot-cargo 0.98.20 → 0.98.21

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -3
data/lib/dependabot/cargo/update_checker/version_resolver.rb +3 -7
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '01892b13e9cff4d741e15256c694662b25ec5ba756e0fdb27e912339882edda6'
-  data.tar.gz: 020447f48bde706c60b5f3cfd97d251f77344b55c589be16df9a92f584289709
+  metadata.gz: 74e59ea2eb97375ee8aa130e92fbb99f11537ef362de557c9f1a47a5df226edd
+  data.tar.gz: a9ce3e86a13e6d935e9e3f3283761d0b03413870a59ffae0e49b63e23e7e6ff0
 SHA512:
-  metadata.gz: 93acf3400b112cb1f305c7f9f6c14e0b926f1c74ddf997b92b8126f2a1df415bfe26347def82b2f2f8ef73b88e6b1a2cec6a329d2b90c4660656810fcdc850de
-  data.tar.gz: 831d85f632f0b54cdd0f458fc446fb5e5ff1a92c1c0dd5615a502907d0ee6ab9f702ddce6433d1e416f70256f055e773d2a4202407a659197cc1db3ce7a25ab1
+  metadata.gz: e4b46406d58854c32fd52404691b177503f9020e61e6eb3cd7da6e27ebfca08a9e7c694d3e49da8c0f1e5332e5a0d1319c0ea9124617e5f1797bcdcdeaeb7aa8
+  data.tar.gz: cbf298e0089f1edd25d33fee0c44ada89e8c836a4f12e91641802e89044509e6c8158e76ff3f281b316189e579469505de091c0c944771be083156977baa038b

data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED

@@ -2,7 +2,6 @@
 require "toml-rb"
 require "open3"
-require "shellwords"
 require "dependabot/git_commit_checker"
 require "dependabot/cargo/file_updater"
 require "dependabot/cargo/file_updater/manifest_updater"
@@ -34,8 +33,7 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              command_parts = ["cargo", "update", "-p", dependency_spec]
-              run_shell_command(Shellwords.join(command_parts))
+              run_shell_command("cargo update -p #{dependency_spec}")
             end
             updated_lockfile = File.read("Cargo.lock")
@@ -141,6 +139,7 @@ module Dependabot
         def run_shell_command(command)
           start = Time.now
+          command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
           time_taken = Time.now - start

data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED

@@ -2,7 +2,6 @@
 require "toml-rb"
 require "open3"
-require "shellwords"
 require "dependabot/shared_helpers"
 require "dependabot/cargo/update_checker"
 require "dependabot/cargo/file_parser"
@@ -46,9 +45,7 @@ module Dependabot
             SharedHelpers.with_git_configured(credentials: credentials) do
               # Shell out to Cargo, which handles everything for us, and does
               # so without doing an install (so it's fast).
-              command_parts = ["cargo", "update", "-p", dependency_spec,
-                               "--verbose"]
-              run_cargo_command(Shellwords.join(command_parts))
+              run_cargo_command("cargo update -p #{dependency_spec} --verbose")
             end
             updated_version = fetch_version_from_new_lockfile
@@ -135,6 +132,7 @@ module Dependabot
         def run_cargo_command(command)
           start = Time.now
+          command = SharedHelpers.escape_command(command)
           stdout, process = Open3.capture2e(command)
           time_taken = Time.now - start
@@ -256,9 +254,7 @@ module Dependabot
             write_temporary_dependency_files(prepared: false)
             SharedHelpers.with_git_configured(credentials: credentials) do
-              command_parts = ["cargo", "update", "-p", dependency_spec,
-                               "--verbose"]
-              run_cargo_command(Shellwords.join(command_parts))
+              run_cargo_command("cargo update -p #{dependency_spec} --verbose")
             end
           end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-cargo
 version: !ruby/object:Gem::Version
-  version: 0.98.20
+  version: 0.98.21
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.20
+        version: 0.98.21
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.20
+        version: 0.98.21
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement