diffy 3.4.0 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +9 -0
  3. data/lib/diffy/diff.rb +1 -7
  4. data/lib/diffy/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce6a165c4ad246372cf5e6888ca531c55da86a43051895900df4e466cef6c940
4
- data.tar.gz: 066c70ac2cbd41e1d34c2a9fc68f9ba9b4cc1ccea132e289638c5aeb927c0ad6
3
+ metadata.gz: b2120d3e1b623e2536ad4bb44454847c1ea2033c96cd83a98bc8ec7179a45f55
4
+ data.tar.gz: 306bc14f06cbacb86496e89290ff4c0c4454358939d694f172d423f20d9357ff
5
5
  SHA512:
6
- metadata.gz: 911e04010bddf3a49726684822857ffdc1f05b62017367afef5e022f56b2eeecf618282bf40f381901bbded973c06f2273cecb1ada0292f94337cfc2690a3d4a
7
- data.tar.gz: a41fa95586a3f16ddcc19e5f3bbd6682d492cb4b0b44b1e6c16fcbd2556cd453d931720458d842caf04610a83067fb4b4daa86eef6010aa0f9d4da9110307cbd
6
+ metadata.gz: 2eaed71c7d28fe17f60eaac94491abdbae0ae40d8596d61e92e4c4436d49ee898393268afc70e3bbaca95aecb9d4d10732bec403eaf949790667bca32cdccbca
7
+ data.tar.gz: ba4d8b43b5110ad6143acaf4ee8b9742198164569d4a006bae4e22aca93ca2904ca3b2f66fe43b004f23aea295453be92120d6752741f3fcf88171427f6d5127
data/CHANGELOG CHANGED
@@ -1,3 +1,12 @@
1
+ == 3.4.1 ==
2
+ Prevent remote code execution from user controlled diff file paths. This
3
+ issue was only present in Windows platforms. Thanks @tehryanx for reporting
4
+ and testing the fix!
5
+
6
+ == 3.4.0 ==
7
+ Remove space between U diff option and context number. Thanks @tomas!
8
+ Add option to ignore CRLF diffs in HTML comparisons. Thanks @ptyagi16!
9
+
1
10
  == 3.3.0 ==
2
11
  Fix diff lines that begin with -- or ++. Thanks @dark-panda!
3
12
 
data/lib/diffy/diff.rb CHANGED
@@ -49,13 +49,7 @@ module Diffy
49
49
  [string1, string2]
50
50
  end
51
51
 
52
- if WINDOWS
53
- # don't use open3 on windows
54
- cmd = sprintf '"%s" %s %s', diff_bin, diff_options.join(' '), @paths.map { |s| %("#{s}") }.join(' ')
55
- diff = `#{cmd}`
56
- else
57
- diff = Open3.popen3(diff_bin, *(diff_options + @paths)) { |i, o, e| o.read }
58
- end
52
+ diff, stderr, process_status = Open3.capture3(diff_bin, *(diff_options + @paths))
59
53
  diff.force_encoding('ASCII-8BIT') if diff.respond_to?(:valid_encoding?) && !diff.valid_encoding?
60
54
  if diff =~ /\A\s*\Z/ && !options[:allow_empty_diff]
61
55
  diff = case options[:source]
data/lib/diffy/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Diffy
2
- VERSION = '3.4.0'
2
+ VERSION = '3.4.1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: diffy
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.0
4
+ version: 3.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Goldstein
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-07 00:00:00.000000000 Z
11
+ date: 2022-06-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake