From 677bd41f6bc5a06b4c083f6502e2ccc2c4d257ad Mon Sep 17 00:00:00 2001
From: Michael Grosser <michael@grosser.it>
Date: Thu, 6 Feb 2020 17:10:37 -0800
Subject: [PATCH] do not send github access-tokens in query params

---
 Gemfile      |  2 +-
 Gemfile.lock | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index a77354421a..7785f2e387 100644
--- a/Gemfile
+++ b/Gemfile
@@ -26,7 +26,7 @@ gem 'sawyer'
 gem 'dalli'
 gem 'omniauth'
 gem 'omniauth-oauth2'
-gem 'omniauth-github'
+gem 'omniauth-github', git: "https://github.com/omniauth/omniauth-github.git" # needs >1.3.0
 gem 'omniauth-google-oauth2'
 gem 'omniauth-ldap'
 gem 'omniauth-gitlab'
diff --git a/Gemfile.lock b/Gemfile.lock
index c9fcaeb74e..f46ce1c7c2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,6 +7,14 @@ GIT
       minitest (~> 5.10)
       railties (~> 6.0.0)
 
+GIT
+  remote: https://github.com/omniauth/omniauth-github.git
+  revision: 967d76979b6bf9bb0b71b255ad204f8931f65be6
+  specs:
+    omniauth-github (1.3.0)
+      omniauth (~> 1.5)
+      omniauth-oauth2 (>= 1.4.0, < 2.0)
+
 GIT
   remote: https://github.com/zendesk/vault-ruby.git
   revision: 96be391a2fd50a42871c8b9dc3c59fddbdbdc556
@@ -414,9 +422,6 @@ GEM
       multi_json (~> 1.7)
       omniauth (~> 1.1)
       omniauth-oauth (~> 1.0)
-    omniauth-github (1.3.0)
-      omniauth (~> 1.5)
-      omniauth-oauth2 (>= 1.4.0, < 2.0)
     omniauth-gitlab (1.0.2)
       omniauth (~> 1.0)
       omniauth-oauth2 (~> 1.0)
@@ -649,7 +654,7 @@ DEPENDENCIES
   octokit
   omniauth
   omniauth-bitbucket
-  omniauth-github
+  omniauth-github!
   omniauth-gitlab
   omniauth-google-oauth2
   omniauth-ldap