ruby-oauth · pboling · May 16, 2026 · May 15, 2026 · May 15, 2026 · May 15, 2026
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
diff --git a/.tool-versions b/.tool-versions
@@ -1 +1 @@
-ruby 3.4.5
+ruby 4.0.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,8 +20,12 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Added
 
+- Add inspect-time secret redaction for command option state through `auth-sanitizer` integration.
+
 ### Changed
 
+- Redact the command options hash from `OAuth::TTY::Command#inspect` because it may contain credential-bearing CLI arguments.
+
 ### Deprecated
 
 ### Removed

diff --git a/Gemfile b/Gemfile
@@ -12,8 +12,23 @@ git_source(:gitlab) { |repo_name| "https://gitlab.com/#{repo_name}" }
 # Include dependencies from <gem name>.gemspec
 gemspec
 
-# gem "oauth", ">= 1.1.0"
-gem "oauth", github: "ruby-oauth/oauth", branch: "main"
+if %w[false 0 no off].include?(ENV.fetch("RUBY_OAUTH_DEV", "false").downcase)
+  gem "oauth"
+else
+  begin
+    require "nomono/bundler" unless defined?(Nomono)
+  rescue LoadError
+    require_relative "../nomono/lib/nomono/bundler"
+  end
+
+  eval_nomono_gems(
+    gems: %w[auth-sanitizer oauth],
+    prefix: "RUBY_OAUTH",
+    path_env: "RUBY_OAUTH_DEV",
+    root: %w[code src ruby-oauth],
+    debug_env: "RUBY_OAUTH_DEBUG",
+  )
+end
 
 # Debugging
 eval_gemfile "gemfiles/modular/debug.gemfile"