RubyGems - diffy - Versions diffs - 3.4.0 → 3.4.1 - Mend

diffy 3.4.0 → 3.4.1

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce6a165c4ad246372cf5e6888ca531c55da86a43051895900df4e466cef6c940
-  data.tar.gz: 066c70ac2cbd41e1d34c2a9fc68f9ba9b4cc1ccea132e289638c5aeb927c0ad6
+  metadata.gz: b2120d3e1b623e2536ad4bb44454847c1ea2033c96cd83a98bc8ec7179a45f55
+  data.tar.gz: 306bc14f06cbacb86496e89290ff4c0c4454358939d694f172d423f20d9357ff
 SHA512:
-  metadata.gz: 911e04010bddf3a49726684822857ffdc1f05b62017367afef5e022f56b2eeecf618282bf40f381901bbded973c06f2273cecb1ada0292f94337cfc2690a3d4a
-  data.tar.gz: a41fa95586a3f16ddcc19e5f3bbd6682d492cb4b0b44b1e6c16fcbd2556cd453d931720458d842caf04610a83067fb4b4daa86eef6010aa0f9d4da9110307cbd
+  metadata.gz: 2eaed71c7d28fe17f60eaac94491abdbae0ae40d8596d61e92e4c4436d49ee898393268afc70e3bbaca95aecb9d4d10732bec403eaf949790667bca32cdccbca
+  data.tar.gz: ba4d8b43b5110ad6143acaf4ee8b9742198164569d4a006bae4e22aca93ca2904ca3b2f66fe43b004f23aea295453be92120d6752741f3fcf88171427f6d5127

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,12 @@
+== 3.4.1 ==
+Prevent remote code execution from user controlled diff file paths.  This
+issue was only present in Windows platforms. Thanks @tehryanx for reporting
+and testing the fix!
+== 3.4.0 ==
+Remove space between U diff option and context number. Thanks @tomas!
+Add option to ignore CRLF diffs in HTML comparisons. Thanks @ptyagi16!
 == 3.3.0 ==
 Fix diff lines that begin with -- or ++. Thanks @dark-panda!

data/lib/diffy/diff.rb CHANGED Viewed

@@ -49,13 +49,7 @@ module Diffy
             [string1, string2]
           end
-        if WINDOWS
-          # don't use open3 on windows
-          cmd = sprintf '"%s" %s %s', diff_bin, diff_options.join(' '), @paths.map { |s| %("#{s}") }.join(' ')
-          diff = `#{cmd}`
-        else
-          diff = Open3.popen3(diff_bin, *(diff_options + @paths)) { |i, o, e| o.read }
-        end
+        diff, stderr, process_status = Open3.capture3(diff_bin, *(diff_options + @paths))
         diff.force_encoding('ASCII-8BIT') if diff.respond_to?(:valid_encoding?) && !diff.valid_encoding?
         if diff =~ /\A\s*\Z/ && !options[:allow_empty_diff]
           diff = case options[:source]

data/lib/diffy/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Diffy
-  VERSION = '3.4.0'
+  VERSION = '3.4.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: diffy
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.4.1
 platform: ruby
 authors:
 - Sam Goldstein
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-07 00:00:00.000000000 Z
+date: 2022-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake