bundler-advise 1.1.4 → 1.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +16 -12
- data/Gemfile.lock +4 -4
- data/README.md +5 -2
- data/bundler-advise.gemspec +1 -1
- data/lib/bundler/advise/gem_adviser.rb +8 -3
- data/lib/bundler/advise/version.rb +1 -1
- metadata +9 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7a8f2ede12b183ddec7c80653aa0fc56732b8b1
|
|
4
|
+
data.tar.gz: 2b135ae26447c613b0667e0ce695cd1d3cec9312
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7717aef0f0ddff121cadf2e630f85f22ee2194f7c36de84837322ffc98a0c2ad02656a383a9ffdad01e23f3e928fcc63f0a5d958143785f6cd4b6305bcda8479
|
|
7
|
+
data.tar.gz: 5dd0c1050f84132d86c441c58af60f77d7dc290f88cf8532da1ce9d850a3d197725cf585992c1fa6449c78d30d84d60de1653c9ea10383285097ec7496e50871
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.3.4
|
data/.travis.yml
CHANGED
|
@@ -10,21 +10,25 @@ install:
|
|
|
10
10
|
|
|
11
11
|
matrix:
|
|
12
12
|
include:
|
|
13
|
-
- rvm: 2.
|
|
14
|
-
env: BUNDLER_TEST_VERSION=1.12.5
|
|
15
|
-
- rvm: 2.2.5
|
|
16
|
-
env: BUNDLER_TEST_VERSION=1.12.5
|
|
17
|
-
- rvm: 2.3.1
|
|
13
|
+
- rvm: 2.3.4
|
|
18
14
|
env: BUNDLER_TEST_VERSION=1.7.15
|
|
19
|
-
- rvm: 2.3.
|
|
15
|
+
- rvm: 2.3.4
|
|
20
16
|
env: BUNDLER_TEST_VERSION=1.8.9
|
|
21
|
-
- rvm: 2.3.
|
|
17
|
+
- rvm: 2.3.4
|
|
22
18
|
env: BUNDLER_TEST_VERSION=1.9.10
|
|
23
|
-
- rvm: 2.3.
|
|
19
|
+
- rvm: 2.3.4
|
|
24
20
|
env: BUNDLER_TEST_VERSION=1.10.5
|
|
25
|
-
- rvm: 2.3.
|
|
21
|
+
- rvm: 2.3.4
|
|
26
22
|
env: BUNDLER_TEST_VERSION=1.11.2
|
|
27
|
-
- rvm: 2.3.
|
|
23
|
+
- rvm: 2.3.4
|
|
28
24
|
env: BUNDLER_TEST_VERSION=1.12.5
|
|
29
|
-
- rvm: 2.3.
|
|
30
|
-
env: BUNDLER_TEST_VERSION=1.13.
|
|
25
|
+
- rvm: 2.3.4
|
|
26
|
+
env: BUNDLER_TEST_VERSION=1.13.6
|
|
27
|
+
- rvm: 2.3.4
|
|
28
|
+
env: BUNDLER_TEST_VERSION=1.14.6
|
|
29
|
+
- rvm: 2.1.10
|
|
30
|
+
env: BUNDLER_TEST_VERSION=1.14.6
|
|
31
|
+
- rvm: 2.2.7
|
|
32
|
+
env: BUNDLER_TEST_VERSION=1.14.6
|
|
33
|
+
- rvm: 2.3.4
|
|
34
|
+
env: BUNDLER_TEST_VERSION=1.15.0.pre.4
|
data/Gemfile.lock
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
bundler-advise (1.1.
|
|
4
|
+
bundler-advise (1.1.5)
|
|
5
5
|
bundler (~> 1.7)
|
|
6
6
|
git
|
|
7
7
|
|
|
8
8
|
GEM
|
|
9
9
|
remote: https://rubygems.org/
|
|
10
10
|
specs:
|
|
11
|
-
bundler-fixture (1.3.
|
|
11
|
+
bundler-fixture (1.3.2)
|
|
12
12
|
bundler (~> 1.7)
|
|
13
13
|
coderay (1.1.1)
|
|
14
14
|
diff-lcs (1.2.5)
|
|
@@ -39,10 +39,10 @@ PLATFORMS
|
|
|
39
39
|
|
|
40
40
|
DEPENDENCIES
|
|
41
41
|
bundler-advise!
|
|
42
|
-
bundler-fixture (~> 1.3)
|
|
42
|
+
bundler-fixture (~> 1.3, >= 1.3.2)
|
|
43
43
|
pry
|
|
44
44
|
rake (~> 10.0)
|
|
45
45
|
rspec
|
|
46
46
|
|
|
47
47
|
BUNDLED WITH
|
|
48
|
-
1.
|
|
48
|
+
1.14.6
|
data/README.md
CHANGED
|
@@ -49,9 +49,12 @@ of the data in ruby-advisory-db, for organizations that want to maintain an inte
|
|
|
49
49
|
|
|
50
50
|
## Development
|
|
51
51
|
|
|
52
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can
|
|
52
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can
|
|
53
|
+
also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
53
54
|
|
|
54
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the
|
|
55
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the
|
|
56
|
+
version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version,
|
|
57
|
+
push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
55
58
|
|
|
56
59
|
## Contributing
|
|
57
60
|
|
data/bundler-advise.gemspec
CHANGED
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.add_dependency 'git'
|
|
23
23
|
spec.add_dependency 'bundler', '~> 1.7'
|
|
24
24
|
|
|
25
|
-
spec.add_development_dependency 'bundler-fixture', '~> 1.3'
|
|
25
|
+
spec.add_development_dependency 'bundler-fixture', '~> 1.3', '>= 1.3.2'
|
|
26
26
|
spec.add_development_dependency 'pry'
|
|
27
27
|
spec.add_development_dependency 'rake', '~> 10.0'
|
|
28
28
|
spec.add_development_dependency 'rspec'
|
|
@@ -2,7 +2,7 @@ require 'bundler/lockfile_parser'
|
|
|
2
2
|
|
|
3
3
|
module Bundler::Advise
|
|
4
4
|
class GemAdviser
|
|
5
|
-
def initialize(advisories: Advisories.new, dir:
|
|
5
|
+
def initialize(advisories: Advisories.new, dir: nil)
|
|
6
6
|
@advisories = advisories
|
|
7
7
|
@dir = dir
|
|
8
8
|
scan_lockfile
|
|
@@ -10,8 +10,13 @@ module Bundler::Advise
|
|
|
10
10
|
|
|
11
11
|
def scan_lockfile
|
|
12
12
|
lockfile = nil
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
begin
|
|
14
|
+
restore = ENV['BUNDLE_GEMFILE']
|
|
15
|
+
ENV['BUNDLE_GEMFILE'] = File.join(@dir, 'Gemfile') if @dir
|
|
16
|
+
lockfile = Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile))
|
|
17
|
+
ensure
|
|
18
|
+
# restoration is probably overkill, but need to retain prior functionality
|
|
19
|
+
ENV['BUNDLE_GEMFILE'] = restore
|
|
15
20
|
end
|
|
16
21
|
lockfile.specs.map do |spec|
|
|
17
22
|
@advisories.gem_advisories_for(spec.name).select do |ad|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-advise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- chrismo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-05-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: git
|
|
@@ -45,6 +45,9 @@ dependencies:
|
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '1.3'
|
|
48
|
+
- - ">="
|
|
49
|
+
- !ruby/object:Gem::Version
|
|
50
|
+
version: 1.3.2
|
|
48
51
|
type: :development
|
|
49
52
|
prerelease: false
|
|
50
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +55,9 @@ dependencies:
|
|
|
52
55
|
- - "~>"
|
|
53
56
|
- !ruby/object:Gem::Version
|
|
54
57
|
version: '1.3'
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: 1.3.2
|
|
55
61
|
- !ruby/object:Gem::Dependency
|
|
56
62
|
name: pry
|
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -138,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
138
144
|
version: '0'
|
|
139
145
|
requirements: []
|
|
140
146
|
rubyforge_project:
|
|
141
|
-
rubygems_version: 2.
|
|
147
|
+
rubygems_version: 2.5.2
|
|
142
148
|
signing_key:
|
|
143
149
|
specification_version: 4
|
|
144
150
|
summary: Scans Gemfile for known vulnerable gems.
|