dependabot-core 0.92.4 → 0.92.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +4 -1
  4. data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +4 -1
  5. data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +4 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6987f57eba5ac428c0eb5b55c25a0320db4813c04e50a281c07d36bb7be2be4a
4
- data.tar.gz: 84a6e68c03a8b1172cf3560da5428e21b2840c41087cdadbecc30693ac9ad007
3
+ metadata.gz: 566d4afd80b7ec1d49c1c779b1e9a950b32e906a2bbcb1eab092510676d4ce0f
4
+ data.tar.gz: b389d792f90f839b328a35ae6e033b8715d7f3b0f0d0080914848f5ffb190c07
5
5
  SHA512:
6
- metadata.gz: 354b41bbf26a3373701079d3fe2964b898443053e6c9590d415e7266e75faf121e17d67d7fb7cc66a1b41b603bcdc34ade7d13df7ee2d851893e87bdab79f347
7
- data.tar.gz: 972ff82b3b92e133fa8ddd2a00b8673c75ac94d3d4a109481b3a87e435ccc8b644932d8eddb3aed72a41b9ef376bc14a5447bfca5c6552dd0d64fcbdb656d82c
6
+ metadata.gz: e484a4eeced08b5a7354c5c9daf9206aafc0a13aeb203ffd35a55d191f7bd8f5dddcb50ff5826a8714e9bc604f60420525f55ebf953da96151929c4c1f9d4e76
7
+ data.tar.gz: ae8eeb381fd24542a1f24ba8b494a319e947f65494146bd0795227ecd79cc293372c4f298735e65974ed2d11be29643ee5015636681522522a213cc203987240
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## v0.92.5, 22 January 2019
2
+
3
+ - Ruby: CGI escape credentials before passing to Bundler
4
+ - PHP: Clean Composer programmatically install
5
+
1
6
  ## v0.92.4, 22 January 2019
2
7
 
3
8
  - Rust: Raise PathDependenciesNotReachable errors, rather than
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb CHANGED
@@ -77,9 +77,12 @@ module Dependabot
77
77
 
78
78
  # Set auth details
79
79
  relevant_credentials.each do |cred|
80
+ token = cred["token"] ||
81
+ "#{cred['username']}:#{cred['password']}"
82
+
80
83
  ::Bundler.settings.set_command_option(
81
84
  cred.fetch("host"),
82
- cred["token"] || "#{cred['username']}:#{cred['password']}"
85
+ token.gsub("@", "%40F").gsub("?", "%3F")
83
86
  )
84
87
  end
85
88
 
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb CHANGED
@@ -75,9 +75,12 @@ module Dependabot
75
75
 
76
76
  # Set auth details
77
77
  relevant_credentials.each do |cred|
78
+ token = cred["token"] ||
79
+ "#{cred['username']}:#{cred['password']}"
80
+
78
81
  ::Bundler.settings.set_command_option(
79
82
  cred.fetch("host"),
80
- cred["token"] || "#{cred['username']}:#{cred['password']}"
83
+ token.gsub("@", "%40F").gsub("?", "%3F")
81
84
  )
82
85
  end
83
86
 
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb CHANGED
@@ -50,9 +50,12 @@ module Dependabot
50
50
 
51
51
  # Set auth details
52
52
  relevant_credentials.each do |cred|
53
+ token = cred["token"] ||
54
+ "#{cred['username']}:#{cred['password']}"
55
+
53
56
  ::Bundler.settings.set_command_option(
54
57
  cred.fetch("host"),
55
- cred["token"] || "#{cred['username']}:#{cred['password']}"
58
+ token.gsub("@", "%40F").gsub("?", "%3F")
56
59
  )
57
60
  end
58
61
 
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.92.4"
4
+ VERSION = "0.92.5"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.92.4
4
+ version: 0.92.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot