dependabot-core 0.92.4 → 0.92.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +4 -1
  4. data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +4 -1
  5. data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +4 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6987f57eba5ac428c0eb5b55c25a0320db4813c04e50a281c07d36bb7be2be4a
4
- data.tar.gz: 84a6e68c03a8b1172cf3560da5428e21b2840c41087cdadbecc30693ac9ad007
3
+ metadata.gz: 566d4afd80b7ec1d49c1c779b1e9a950b32e906a2bbcb1eab092510676d4ce0f
4
+ data.tar.gz: b389d792f90f839b328a35ae6e033b8715d7f3b0f0d0080914848f5ffb190c07
5
5
  SHA512:
6
- metadata.gz: 354b41bbf26a3373701079d3fe2964b898443053e6c9590d415e7266e75faf121e17d67d7fb7cc66a1b41b603bcdc34ade7d13df7ee2d851893e87bdab79f347
7
- data.tar.gz: 972ff82b3b92e133fa8ddd2a00b8673c75ac94d3d4a109481b3a87e435ccc8b644932d8eddb3aed72a41b9ef376bc14a5447bfca5c6552dd0d64fcbdb656d82c
6
+ metadata.gz: e484a4eeced08b5a7354c5c9daf9206aafc0a13aeb203ffd35a55d191f7bd8f5dddcb50ff5826a8714e9bc604f60420525f55ebf953da96151929c4c1f9d4e76
7
+ data.tar.gz: ae8eeb381fd24542a1f24ba8b494a319e947f65494146bd0795227ecd79cc293372c4f298735e65974ed2d11be29643ee5015636681522522a213cc203987240
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## v0.92.5, 22 January 2019
2
+
3
+ - Ruby: CGI escape credentials before passing to Bundler
4
+ - PHP: Clean Composer programmatically install
5
+
1
6
  ## v0.92.4, 22 January 2019
2
7
 
3
8
  - Rust: Raise PathDependenciesNotReachable errors, rather than
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb CHANGED
@@ -77,9 +77,12 @@ module Dependabot
77
77
 
78
78
  # Set auth details
79
79
  relevant_credentials.each do |cred|
80
+ token = cred["token"] ||
81
+ "#{cred['username']}:#{cred['password']}"
82
+
80
83
  ::Bundler.settings.set_command_option(
81
84
  cred.fetch("host"),
82
- cred["token"] || "#{cred['username']}:#{cred['password']}"
85
+ token.gsub("@", "%40F").gsub("?", "%3F")
83
86
  )
84
87
  end
85
88
 
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb CHANGED
@@ -75,9 +75,12 @@ module Dependabot
75
75
 
76
76
  # Set auth details
77
77
  relevant_credentials.each do |cred|
78
+ token = cred["token"] ||
79
+ "#{cred['username']}:#{cred['password']}"
80
+
78
81
  ::Bundler.settings.set_command_option(
79
82
  cred.fetch("host"),
80
- cred["token"] || "#{cred['username']}:#{cred['password']}"
83
+ token.gsub("@", "%40F").gsub("?", "%3F")
81
84
  )
82
85
  end
83
86
 
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb CHANGED
@@ -50,9 +50,12 @@ module Dependabot
50
50
 
51
51
  # Set auth details
52
52
  relevant_credentials.each do |cred|
53
+ token = cred["token"] ||
54
+ "#{cred['username']}:#{cred['password']}"
55
+
53
56
  ::Bundler.settings.set_command_option(
54
57
  cred.fetch("host"),
55
- cred["token"] || "#{cred['username']}:#{cred['password']}"
58
+ token.gsub("@", "%40F").gsub("?", "%3F")
56
59
  )
57
60
  end
58
61
 
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.92.4"
4
+ VERSION = "0.92.5"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.92.4
4
+ version: 0.92.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot