bundler-audit-fix 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/Gemfile.lock +3 -3
- data/README.md +3 -1
- data/lib/bundler/audit/fix/cli.rb +8 -3
- data/lib/bundler/audit/fix/patcher.rb +1 -1
- data/lib/bundler/audit/fix/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c681b15c5f4aab7669a41362ea73975636bbb6c1073184f30ea73863bd514ee
|
|
4
|
+
data.tar.gz: 7a79b41ebdbd0a88225d1030317442166d89802721fbaebc0e92cc30e0e1bbd1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67a0d7c19635e68877b0dd79f11b384e646c8f8cf8c305f72def4858669342ca9c4c16b814b980633965d451a6592e821ce393770b1585ebfcf6f8bbe479784b
|
|
7
|
+
data.tar.gz: d0842d3f843d25a790e3090f0b284790e5c0df54abeb51cc0e2c00acde443f35064d7451498b17b0e034eeb350fd9dc5877a89c9b3ea478ded17bf22b7b7898b
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,23 @@
|
|
|
1
|
+
# 0.2.1 - 2022-01-30
|
|
2
|
+
|
|
3
|
+
- Fix bug for 0.2.0 (revert)
|
|
4
|
+
|
|
5
|
+
# 0.2.0 - 2022-01-29
|
|
6
|
+
|
|
7
|
+
- Exit with non-zero status code when `bundle-audit-fix` has no effect for dependency reasons.
|
|
8
|
+
|
|
9
|
+
# 0.1.3 - 2021-12-23
|
|
10
|
+
|
|
11
|
+
- The `bundle-audit-fix` command is now executable without `bundle exec` prefix.
|
|
12
|
+
|
|
13
|
+
# 0.1.2 - 2021-12-23
|
|
14
|
+
|
|
15
|
+
- Fix CLI is not working
|
|
16
|
+
|
|
17
|
+
# 0.1.1
|
|
18
|
+
|
|
19
|
+
(Unreleased)
|
|
20
|
+
|
|
1
21
|
# 0.1.0 - 2021-12-20
|
|
2
22
|
|
|
3
23
|
- Initial release
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
bundler-audit-fix (0.1
|
|
4
|
+
bundler-audit-fix (0.2.1)
|
|
5
5
|
bundler (>= 1.2.0, < 3)
|
|
6
6
|
bundler-audit (~> 0.9.0)
|
|
7
7
|
thor (~> 1.0)
|
|
@@ -51,7 +51,7 @@ GEM
|
|
|
51
51
|
rubocop-ast (1.15.0)
|
|
52
52
|
parser (>= 3.0.1.1)
|
|
53
53
|
ruby-progressbar (1.11.0)
|
|
54
|
-
thor (1.1
|
|
54
|
+
thor (1.2.1)
|
|
55
55
|
unicode-display_width (2.1.0)
|
|
56
56
|
|
|
57
57
|
PLATFORMS
|
|
@@ -65,4 +65,4 @@ DEPENDENCIES
|
|
|
65
65
|
rubocop (~> 1.7)
|
|
66
66
|
|
|
67
67
|
BUNDLED WITH
|
|
68
|
-
2.2.
|
|
68
|
+
2.2.22
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# Bundler::Audit::Fix
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/bundler-audit-fix)
|
|
4
|
+
|
|
3
5
|
Automatically apply patched version of gems audited by [rubysec/bunder-audit](https://github.com/rubysec/bundler-audit).
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
@@ -26,7 +28,7 @@ $ bundle-audit-fix update [dir]
|
|
|
26
28
|
|
|
27
29
|
### .bundler-audit.yml
|
|
28
30
|
|
|
29
|
-
In addition to the original configuration, it supports `replacement` block.
|
|
31
|
+
In addition to the original configuration, it supports `replacement` block. If a gem that is related to a fixed and same version and not directly listed in the Gemfile (e.g. Rails family) needs to be updated, bundle-audit-fix will replace according to the specified like below.
|
|
30
32
|
|
|
31
33
|
```yml
|
|
32
34
|
replacement:
|
|
@@ -18,6 +18,8 @@
|
|
|
18
18
|
#
|
|
19
19
|
|
|
20
20
|
require 'thor'
|
|
21
|
+
require 'bundler'
|
|
22
|
+
require 'bundler/cli'
|
|
21
23
|
require 'bundler/cli/update'
|
|
22
24
|
require 'bundler/audit/cli'
|
|
23
25
|
require 'bundler/audit/database'
|
|
@@ -53,6 +55,12 @@ module Bundler
|
|
|
53
55
|
Bundler::Audit::CLI.new.invoke(:update, options[:database])
|
|
54
56
|
end
|
|
55
57
|
|
|
58
|
+
gemfile = options[:gemfile_lock].sub(/\.lock$/, '')
|
|
59
|
+
gemfile_path = File.join(dir, gemfile)
|
|
60
|
+
|
|
61
|
+
# for https://github.com/rubygems/bundler/blob/35be6d9a603084f719fec4f4028c18860def07f6/lib/bundler/shared_helpers.rb#L229
|
|
62
|
+
ENV['BUNDLE_GEMFILE'] = gemfile_path
|
|
63
|
+
|
|
56
64
|
database = Database.new(options[:database])
|
|
57
65
|
begin
|
|
58
66
|
scanner = Scanner.new(dir, options[:gemfile_lock], database, options[:config])
|
|
@@ -67,9 +75,6 @@ module Bundler
|
|
|
67
75
|
patcher = Patcher.new(dir, report, options[:gemfile_lock], options[:config])
|
|
68
76
|
gems_to_update = patcher.patch
|
|
69
77
|
|
|
70
|
-
gemfile = options[:gemfile_lock].sub(/\.lock$/, '')
|
|
71
|
-
gemfile_path = File.join(dir, gemfile)
|
|
72
|
-
|
|
73
78
|
Bundler::CLI::Update.new({ gemfile: gemfile_path }, gems_to_update).run
|
|
74
79
|
rescue Bundler::GemfileNotFound, Bundler::GemfileLockNotFound => e
|
|
75
80
|
say e.message, :red
|
|
@@ -71,7 +71,7 @@ module Bundler
|
|
|
71
71
|
#
|
|
72
72
|
def patch
|
|
73
73
|
patterns, gems_to_update = build_patterns
|
|
74
|
-
gemfile = File.read(gemfile_path)
|
|
74
|
+
gemfile = File.read(gemfile_path, encoding: 'utf-8')
|
|
75
75
|
|
|
76
76
|
patterns.each do |pattern, replace_with|
|
|
77
77
|
gemfile = gemfile.gsub(pattern, replace_with)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-audit-fix
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nobuo Takizawa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -106,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
107
|
version: '0'
|
|
108
108
|
requirements: []
|
|
109
|
-
rubygems_version: 3.2.
|
|
109
|
+
rubygems_version: 3.2.22
|
|
110
110
|
signing_key:
|
|
111
111
|
specification_version: 4
|
|
112
112
|
summary: Automatic apply security update inspected by bundler-audit.
|