dependabot-cargo 0.98.20 → 0.98.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/cargo/file_updater/lockfile_updater.rb +2 -3
  3. data/lib/dependabot/cargo/update_checker/version_resolver.rb +3 -7
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '01892b13e9cff4d741e15256c694662b25ec5ba756e0fdb27e912339882edda6'
4
- data.tar.gz: 020447f48bde706c60b5f3cfd97d251f77344b55c589be16df9a92f584289709
3
+ metadata.gz: 74e59ea2eb97375ee8aa130e92fbb99f11537ef362de557c9f1a47a5df226edd
4
+ data.tar.gz: a9ce3e86a13e6d935e9e3f3283761d0b03413870a59ffae0e49b63e23e7e6ff0
5
5
  SHA512:
6
- metadata.gz: 93acf3400b112cb1f305c7f9f6c14e0b926f1c74ddf997b92b8126f2a1df415bfe26347def82b2f2f8ef73b88e6b1a2cec6a329d2b90c4660656810fcdc850de
7
- data.tar.gz: 831d85f632f0b54cdd0f458fc446fb5e5ff1a92c1c0dd5615a502907d0ee6ab9f702ddce6433d1e416f70256f055e773d2a4202407a659197cc1db3ce7a25ab1
6
+ metadata.gz: e4b46406d58854c32fd52404691b177503f9020e61e6eb3cd7da6e27ebfca08a9e7c694d3e49da8c0f1e5332e5a0d1319c0ea9124617e5f1797bcdcdeaeb7aa8
7
+ data.tar.gz: cbf298e0089f1edd25d33fee0c44ada89e8c836a4f12e91641802e89044509e6c8158e76ff3f281b316189e579469505de091c0c944771be083156977baa038b
data/lib/dependabot/cargo/file_updater/lockfile_updater.rb CHANGED
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/git_commit_checker"
7
6
  require "dependabot/cargo/file_updater"
8
7
  require "dependabot/cargo/file_updater/manifest_updater"
@@ -34,8 +33,7 @@ module Dependabot
34
33
  SharedHelpers.with_git_configured(credentials: credentials) do
35
34
  # Shell out to Cargo, which handles everything for us, and does
36
35
  # so without doing an install (so it's fast).
37
- command_parts = ["cargo", "update", "-p", dependency_spec]
38
- run_shell_command(Shellwords.join(command_parts))
36
+ run_shell_command("cargo update -p #{dependency_spec}")
39
37
  end
40
38
 
41
39
  updated_lockfile = File.read("Cargo.lock")
@@ -141,6 +139,7 @@ module Dependabot
141
139
 
142
140
  def run_shell_command(command)
143
141
  start = Time.now
142
+ command = SharedHelpers.escape_command(command)
144
143
  stdout, process = Open3.capture2e(command)
145
144
  time_taken = Time.now - start
146
145
 
data/lib/dependabot/cargo/update_checker/version_resolver.rb CHANGED
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "toml-rb"
4
4
  require "open3"
5
- require "shellwords"
6
5
  require "dependabot/shared_helpers"
7
6
  require "dependabot/cargo/update_checker"
8
7
  require "dependabot/cargo/file_parser"
@@ -46,9 +45,7 @@ module Dependabot
46
45
  SharedHelpers.with_git_configured(credentials: credentials) do
47
46
  # Shell out to Cargo, which handles everything for us, and does
48
47
  # so without doing an install (so it's fast).
49
- command_parts = ["cargo", "update", "-p", dependency_spec,
50
- "--verbose"]
51
- run_cargo_command(Shellwords.join(command_parts))
48
+ run_cargo_command("cargo update -p #{dependency_spec} --verbose")
52
49
  end
53
50
 
54
51
  updated_version = fetch_version_from_new_lockfile
@@ -135,6 +132,7 @@ module Dependabot
135
132
 
136
133
  def run_cargo_command(command)
137
134
  start = Time.now
135
+ command = SharedHelpers.escape_command(command)
138
136
  stdout, process = Open3.capture2e(command)
139
137
  time_taken = Time.now - start
140
138
 
@@ -256,9 +254,7 @@ module Dependabot
256
254
  write_temporary_dependency_files(prepared: false)
257
255
 
258
256
  SharedHelpers.with_git_configured(credentials: credentials) do
259
- command_parts = ["cargo", "update", "-p", dependency_spec,
260
- "--verbose"]
261
- run_cargo_command(Shellwords.join(command_parts))
257
+ run_cargo_command("cargo update -p #{dependency_spec} --verbose")
262
258
  end
263
259
  end
264
260
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-cargo
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.20
4
+ version: 0.98.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.20
19
+ version: 0.98.21
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.20
26
+ version: 0.98.21
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement