bundler-audit-fix 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 01d9c0fdba65b4b5e1347551f5a422354d3faca7ad7503b9660afb00f14b0974
+  data.tar.gz: 5e37e51063008125a94d552a733b0158c469d82513eba81a0ac6760e279e7bbf
+SHA512:
+  metadata.gz: 5043e0eeeba8507da23840984bf6e0c327386c14da1bdae1ee93c6e3e03b883c6125d60e9a4dd44811d01654e0fbde8ff1b54d6f49354ebff25b3cf7f2ad6ee1
+  data.tar.gz: 22cb90f36ea55de0c139d1f0611f865cf8b6d3eaaf7edfbd853d3a257b733564539cbeadc7c41532f764108108471a28de7461509795ec48d89df58071219594

data/.editorconfig

@@ -0,0 +1,14 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

data/.github/workflows/main.yml

@@ -0,0 +1,16 @@
+name: Ruby
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0.1
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+spec/fixtures/database
+vendor/bundle/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,4 @@
+--format documentation
+--color
+--require spec_helper
+--exclude-pattern spec/fixtures/**/*_spec.rb

data/.rubocop.yml

@@ -0,0 +1,35 @@
+AllCops:
+  TargetRubyVersion: 2.5
+  Exclude:
+    - 'spec/fixtures/database/**/*'
+    - 'vendor/**/*'
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: single_quotes
+Style/FrozenStringLiteralComment:
+  Exclude:
+    - 'bin/*'
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/MethodLength:
+  Max: 100
+Metrics/BlockLength:
+  Max: 50
+Metrics/AbcSize:
+  Max: 100
+Metrics/CyclomaticComplexity:
+  Max: 15
+Metrics/PerceivedComplexity:
+  Enabled: false
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+Metrics/ModuleLength:
+  Max: 200
+Metrics/ClassLength:
+  Max: 200

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# 0.1.0 - 2021-12-20
+
+- Initial release

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+group :development do
+  gem 'pry', '~> 0.14.1'
+  gem 'rake', '~> 13.0'
+  gem 'rspec', '~> 3.0'
+  gem 'rubocop', '~> 1.7'
+end

data/Gemfile.lock

@@ -0,0 +1,68 @@
+PATH
+  remote: .
+  specs:
+    bundler-audit-fix (0.1.0)
+      bundler (>= 1.2.0, < 3)
+      bundler-audit (~> 0.9.0)
+      thor (~> 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    bundler-audit (0.9.0.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
+    coderay (1.1.3)
+    diff-lcs (1.4.4)
+    method_source (1.0.0)
+    parallel (1.21.0)
+    parser (3.0.3.2)
+      ast (~> 2.4.1)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rainbow (3.0.0)
+    rake (13.0.6)
+    regexp_parser (2.2.0)
+    rexml (3.2.5)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.3)
+    rubocop (1.23.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.12.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.0)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
+    thor (1.1.0)
+    unicode-display_width (2.1.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  bundler-audit-fix!
+  pry (~> 0.14.1)
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.7)
+
+BUNDLED WITH
+   2.2.18

data/README.md

@@ -0,0 +1,67 @@
+# Bundler::Audit::Fix
+
+Automatically apply patched version of gems audited by [rubysec/bunder-audit](https://github.com/rubysec/bundler-audit).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'bundler-audit-fix'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install bundler-audit-fix
+
+## Usage
+
+```sh
+$ bundle-audit-fix update [dir]
+```
+
+### .bundler-audit.yml
+
+In addition to the original configuration, it supports `replacement` block.  If a gem that is related to a fixed version and not directly listed in the Gemfile (i.g. Rails family, etc.) needs to be updated, bundle-audit-fix will replace according to the specified like below.
+
+```yml
+replacement:
+  rails:
+    - actionpack
+    - actionview
+    - activemodel
+    - activerecord
+    - actionmailer
+    - activejob
+    - actioncable
+    - activestorage
+    - activesupport
+    - actionmailbox
+    - actiontext
+    - railties
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/nobuyo/bundler-audit-fix.
+
+## License
+
+Copyright (c) 2021 Nobuo Takizawa
+
+bundler-audit-fix is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+bundler-audit-fix is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/bin/bundle-audit-fix

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+
+lib_dir = File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+require 'bundler/audit/fix'
+
+Bundler::Audit::Fix::CLI.start

data/bin/bundler-audit-fix

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+
+load File.expand_path('bundle-audit-fix', __dir__)

data/bin/console

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'bundler/audit/fix'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require 'pry'
+Pry.start

data/bundler-audit-fix.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require_relative 'lib/bundler/audit/fix/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'bundler-audit-fix'
+  spec.version       = Bundler::Audit::Fix::VERSION
+  spec.authors       = ['Nobuo Takizawa']
+  spec.email         = ['longzechangsheng@gmail.com']
+
+  spec.summary       = 'Automatic apply security update inspected by bundler-audit.'
+  spec.homepage      = 'https://github.com/nobuyo/bundler-audit-fix'
+  spec.required_ruby_version = '>= 2.5.0'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/nobuyo/bundler-audit-fix'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.bindir        = 'bin'
+  spec.executables   = spec.files.grep(%r{\Abin/bundle}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'bundler', '>= 1.2.0', '< 3'
+  spec.add_dependency 'bundler-audit', '~> 0.9.0'
+  spec.add_dependency 'thor', '~> 1.0'
+end

data/lib/bundler/audit/fix/cli.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+#
+# Copyright (c) 2021 Nobuo Takizawa
+#
+# bundler-audit-fix is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# bundler-audit-fix is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'thor'
+require 'bundler/cli/update'
+require 'bundler/audit/cli'
+require 'bundler/audit/database'
+
+module Bundler
+  module Audit
+    module Fix
+      #
+      # The `bundle-audit-fix` command.
+      #
+      class CLI < ::Thor
+        include Thor::Actions
+
+        default_task :update
+        map '--version' => :version
+
+        desc 'check [DIR]', 'Checks the Gemfile.lock for insecure dependencies'
+        method_option :ignore,       type: :array,   aliases: '-i'
+        method_option :update,       type: :boolean, aliases: '-u'
+        method_option :database,     type: :string,  aliases: '-D', default: Database::USER_PATH
+        method_option :config,       type: :string,  aliases: '-c', default: '.bundler-audit.yml'
+        method_option :gemfile_lock, type: :string,  aliases: '-G', default: 'Gemfile.lock'
+
+        def update(dir = Dir.pwd)
+          unless File.directory?(dir)
+            say_error "No such file or directory: #{dir}", :red
+            exit 1
+          end
+
+          if !Database.exists?(options[:database])
+            Bundler::Audit::CLI.new.invoke(:download, options[:database])
+          elsif options[:update]
+            Bundler::Audit::CLI.new.invoke(:update, options[:database])
+          end
+
+          database = Database.new(options[:database])
+          begin
+            scanner = Scanner.new(dir, options[:gemfile_lock], database, options[:config])
+            scanner.scan
+
+            report = scanner.report(ignore: options.ignore)
+            unless report.vulnerable?
+              say 'Nothing to do, exiting.', :green
+              exit 0
+            end
+
+            patcher = Patcher.new(dir, report, options[:gemfile_lock], options[:config])
+            gems_to_update = patcher.patch
+
+            gemfile      = options[:gemfile_lock].sub(/\.lock$/, '')
+            gemfile_path = File.join(dir, gemfile)
+
+            Bundler::CLI::Update.new({ gemfile: gemfile_path }, gems_to_update).run
+          rescue Bundler::GemfileNotFound, Bundler::GemfileLockNotFound => e
+            say e.message, :red
+            exit 1
+          end
+        end
+
+        desc 'version', 'Prints the bundler-audit-fix version'
+        def version
+          puts Fix::VERSION
+        end
+      end
+    end
+  end
+end

data/lib/bundler/audit/fix/configuration.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+#
+# Copyright (c) 2021 Nobuo Takizawa
+#
+# bundler-audit-fix is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# bundler-audit-fix is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'yaml'
+require 'bundler/audit/configuration'
+
+module Bundler
+  module Audit
+    module Fix
+      #
+      # Class for configurations.
+      #
+      class Configuration < Configuration
+        attr_accessor :replacements
+
+        def self.load(file_path)
+          instance = super(file_path)
+
+          doc = YAML.parse(File.new(file_path))
+          doc.root.children.each_slice(2) do |key, value|
+            case key.value
+            when 'replacement'
+              unless value.children.is_a?(Array)
+                raise(InvalidConfigurationError, "'replacement' key found in config file, but is not an Array")
+              end
+
+              instance.replacements = build_replacements(value)
+            end
+          end
+
+          instance
+        end
+
+        def self.build_replacements(params)
+          params.children.each_slice(2).map do |key, value|
+            raise(InvalidConfigurationError, "'replacement.#{key.value}' in config file is empty") unless value.children
+
+            unless value.children.all? { |node| node.is_a?(YAML::Nodes::Scalar) }
+              raise(InvalidConfigurationError, "'replacement.#{key.value}' array in config file contains a non-String")
+            end
+
+            { key.value => value.children.map(&:value) }
+          end.inject(&:merge)
+        end
+      end
+    end
+  end
+end

data/lib/bundler/audit/fix/patcher.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+#
+# Copyright (c) 2021 Nobuo Takizawa
+#
+# bundler-audit-fix is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# bundler-audit-fix is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'bundler'
+require 'bundler/audit'
+
+module Bundler
+  module Audit
+    module Fix
+      #
+      # Patcher is a class for updating gem version specifications in Gemfile.
+      #
+      class Patcher
+        attr_reader :config, :bundled_gems, :locked_gems, :gemfile_path, :lockfile_path, :report
+
+        # @param [String] root
+        #   The path to the project root.
+        #
+        # @param [Hash] report
+        #   Result of ::Bundler::Audit::Scanner#report.
+        #
+        # @param [String] gemfile_lock
+        #   Path to Gemfile.lock.
+        #
+        # @param [String] config_file_path
+        #   Path to bundler-audit config file.
+        def initialize(root, report, gemfile_lock = 'Gemfile.lock', config_file_path = '.bundler-audit.yml')
+          root           = File.expand_path(root)
+          gemfile        = gemfile_lock.sub(/\.lock$/, '')
+          @gemfile_path  = File.join(root, gemfile)
+          @lockfile_path = File.join(root, gemfile_lock)
+          @report        = report
+
+          unless File.file?(@gemfile_path)
+            raise(Bundler::GemfileNotFound, "Could not find #{gemfile.inspect} in #{root.inspect}")
+          end
+
+          unless File.file?(@lockfile_path)
+            raise(Bundler::GemfileLockNotFound, "Could not find #{gemfile_lock.inspect} in #{root.inspect}")
+          end
+
+          @bundled_gems = Bundler::Definition.build(@gemfile_path, nil, nil).dependencies
+          @locked_gems = Bundler::LockfileParser.new(Bundler.read_file(@lockfile_path)).specs
+
+          config_file_abs_path = File.absolute_path(config_file_path, root)
+          @config = if File.exist?(config_file_abs_path)
+                      Configuration.load(config_file_abs_path)
+                    else
+                      Configuration.new
+                    end
+        end
+
+        #
+        # Write patched versions to Gemfile and return gems list to update.
+        #
+        def patch
+          patterns, gems_to_update = build_patterns
+          gemfile = File.read(gemfile_path)
+
+          patterns.each do |pattern, replace_with|
+            gemfile = gemfile.gsub(pattern, replace_with)
+          end
+
+          File.write(gemfile_path, gemfile)
+
+          gems_to_update
+        end
+
+        private
+
+        def build_patterns
+          gems_to_update = []
+          patterns = report.results.map do |r|
+            name = replace_name_if_defined(name: r.gem.name)
+
+            current = bundled_gems.find { |gem| gem.name == name }
+            locked = locked_gems.find { |gem| gem.name == name }
+
+            gems_to_update << name
+
+            # If current does not exist here, skip it because the package is an indirect dependency.
+            next if !current && locked
+
+            patched_versions = r.advisory.patched_versions.map do |patched_version|
+              Gem::Requirement.parse(patched_version.as_list[-1])[1]
+            end
+
+            new_requirement = patched_versions.find do |patched_version|
+              patched_version > locked.version
+            end
+
+            current_requirement          = current.requirements_list.join("', '")
+            current_requirement_operator = Gem::Requirement.parse(current.requirements_list[0])[0]
+
+            if current_requirement_operator == '='
+              current_requirement = Gem::Requirement.parse(current.requirements_list[0])[1]
+            else
+              new_requirement = "#{current_requirement_operator} #{new_requirement}"
+            end
+
+            [
+              /gem '#{name}',\s*'#{current_requirement}'/,
+              "gem '#{name}', '#{new_requirement}'"
+            ]
+          end.compact
+
+          [patterns, gems_to_update]
+        end
+
+        def replace_name_if_defined(name:)
+          return name unless config.replacements
+
+          replacement = config.replacements.find do |_with, targets|
+            targets.include?(name)
+          end
+
+          return name unless replacement
+
+          replacement[0]
+        end
+      end
+    end
+  end
+end

data/lib/bundler/audit/fix/version.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+#
+# Copyright (c) 2021 Nobuo Takizawa
+#
+# bundler-audit-fix is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# bundler-audit-fix is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Bundler
+  module Audit
+    module Fix
+      VERSION = '0.1.0'
+    end
+  end
+end

data/lib/bundler/audit/fix.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+#
+# Copyright (c) 2021 Nobuo Takizawa
+#
+# bundler-audit-fix is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# bundler-audit-fix is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with bundler-audit-fix.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require_relative 'fix/version'
+
+require_relative 'fix/cli'
+require_relative 'fix/configuration'
+require_relative 'fix/patcher'

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: bundler-audit-fix
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nobuo Takizawa
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2021-12-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description:
+email:
+- longzechangsheng@gmail.com
+executables:
+- bundle-audit-fix
+- bundler-audit-fix
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/bundle-audit-fix
+- bin/bundler-audit-fix
+- bin/console
+- bundler-audit-fix.gemspec
+- lib/bundler/audit/fix.rb
+- lib/bundler/audit/fix/cli.rb
+- lib/bundler/audit/fix/configuration.rb
+- lib/bundler/audit/fix/patcher.rb
+- lib/bundler/audit/fix/version.rb
+homepage: https://github.com/nobuyo/bundler-audit-fix
+licenses: []
+metadata:
+  homepage_uri: https://github.com/nobuyo/bundler-audit-fix
+  source_code_uri: https://github.com/nobuyo/bundler-audit-fix
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.15
+signing_key:
+specification_version: 4
+summary: Automatic apply security update inspected by bundler-audit.
+test_files: []