RubyGems - dependabot-elm - Versions diffs - 0.97.4 → 0.97.5 - Mend

dependabot-elm 0.97.4 → 0.97.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/elm/update_checker/elm_19_version_resolver.rb +3 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef86230ac06375486db517a1ee3f401e6ca48161e7017054dd97e7b20e4509e3
-  data.tar.gz: 74ddee7c4fdf474dfd1e6f6a5eeef391c5c0066e5213b3d09c190d50ce083431
+  metadata.gz: 9a357efa4d6a962c99efe71aa3b6086512ffd48171055256dc21cd848e73f63e
+  data.tar.gz: de0f2e0984582aad74302435eb7906734b2ebd45c73fd14a1aa8c98801b70c74
 SHA512:
-  metadata.gz: 5df89c8408c495c6e0e3cde4ca03f5f15bdcfacc180baa2b7ab8d79dd69739558a54c76a332b657be495aeeec94b09eb2cc1b5ac807dcf2359874276b086f3e5
-  data.tar.gz: ebad86ef260b0cabc2c7d93b416bd0839408d5afb06960c0464d3c77de2ae8066c1ddee674e549eda93d13ecbf88a8869c29a6fd5dae83f0bf44a988ad2ea355
+  metadata.gz: 3d34e22586f40f7666a75206f6157018208ccb3e5de4a69c8383d7510e219cf73cd5dbbd2e84f6fe086a86428df7f143659e9bd9315d9bbe9cd42ae2b7f57917
+  data.tar.gz: f3e80ea658bc8ddb42c6322625864c32af613075065452b64b89db2acb876c764d68c3eb5412fa9d0681b4781d3ac286eeabd0b7776323cc548e8584ff47bf29

data/lib/dependabot/elm/update_checker/elm_19_version_resolver.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "open3"
+require "shellwords"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/elm/file_parser"
@@ -103,7 +104,8 @@ module Dependabot
               # Elm package install outputs a preview of the actions to be
               # performed. We can use this preview to calculate whether it
               # would do anything funny
-              command = "yes n | elm19 install #{dependency.name}"
+              dependency_name = Shellwords.escape(dependency.name)
+              command = "yes n | elm19 install #{dependency_name}"
               response = run_shell_command(command)
               CliParser.decode_install_preview(response)

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-elm
 version: !ruby/object:Gem::Version
-  version: 0.97.4
+  version: 0.97.5
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.4
+        version: 0.97.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.97.4
+        version: 0.97.5
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement