bundler-audit-fix 0.1.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +6 -3
- data/CHANGELOG.md +16 -0
- data/Gemfile.lock +4 -3
- data/README.md +3 -1
- data/config/default.yml +14 -0
- data/lib/bundler/audit/fix/configuration.rb +45 -19
- data/lib/bundler/audit/fix/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 787b5a1eab1ddee1883c1f26cfa5513d4d43cd05f1856d4476977587cc8f9fdd
|
|
4
|
+
data.tar.gz: f52d48982642024569736ccbe82cb46c0ca82a4f001aafaaea7d903d4c1aee23
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 73b8b401d1ee2ba082ee9d854493151efa240bd74e7b5cf200507e822e68fd610226013b75074db158ce37e3f5bb92b98689abbdbf3e8dc66d813a3df2b36077
|
|
7
|
+
data.tar.gz: 102469bd232effd565b99f9a3d1f1ebe8c22db79246016e1f37589d3742b8f2776addc032a1ac722357238b6734ba494f37e238097e060f5266434875678716f
|
data/.github/workflows/main.yml
CHANGED
|
@@ -1,16 +1,19 @@
|
|
|
1
1
|
name: Ruby
|
|
2
2
|
|
|
3
|
-
on: [push
|
|
3
|
+
on: [push]
|
|
4
4
|
|
|
5
5
|
jobs:
|
|
6
6
|
build:
|
|
7
7
|
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
matrix:
|
|
10
|
+
ruby: [2.6, 2.7, 3.0, 3.1]
|
|
8
11
|
steps:
|
|
9
12
|
- uses: actions/checkout@v2
|
|
10
|
-
- name: Set up Ruby
|
|
13
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
|
11
14
|
uses: ruby/setup-ruby@v1
|
|
12
15
|
with:
|
|
13
|
-
ruby-version:
|
|
16
|
+
ruby-version: ${{ matrix.ruby }}
|
|
14
17
|
bundler-cache: true
|
|
15
18
|
- name: Run the default task
|
|
16
19
|
run: bundle exec rake
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,19 @@
|
|
|
1
|
+
# 0.3.0 - 2022-04-18
|
|
2
|
+
|
|
3
|
+
- Include [default replacement config](https://github.com/nobuyo/bundler-audit-fix/blob/main/config/default.yml) for rails family.
|
|
4
|
+
|
|
5
|
+
# 0.2.1 - 2022-01-30
|
|
6
|
+
|
|
7
|
+
- Fix bug for 0.2.0 (revert)
|
|
8
|
+
|
|
9
|
+
# 0.2.0 - 2022-01-29
|
|
10
|
+
|
|
11
|
+
- Exit with non-zero status code when `bundle-audit-fix` has no effect for dependency reasons.
|
|
12
|
+
|
|
13
|
+
# 0.1.3 - 2021-12-23
|
|
14
|
+
|
|
15
|
+
- The `bundle-audit-fix` command is now executable without `bundle exec` prefix.
|
|
16
|
+
|
|
1
17
|
# 0.1.2 - 2021-12-23
|
|
2
18
|
|
|
3
19
|
- Fix CLI is not working
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
bundler-audit-fix (0.
|
|
4
|
+
bundler-audit-fix (0.3.0)
|
|
5
5
|
bundler (>= 1.2.0, < 3)
|
|
6
6
|
bundler-audit (~> 0.9.0)
|
|
7
7
|
thor (~> 1.0)
|
|
@@ -51,10 +51,11 @@ GEM
|
|
|
51
51
|
rubocop-ast (1.15.0)
|
|
52
52
|
parser (>= 3.0.1.1)
|
|
53
53
|
ruby-progressbar (1.11.0)
|
|
54
|
-
thor (1.1
|
|
54
|
+
thor (1.2.1)
|
|
55
55
|
unicode-display_width (2.1.0)
|
|
56
56
|
|
|
57
57
|
PLATFORMS
|
|
58
|
+
ruby
|
|
58
59
|
x86_64-linux
|
|
59
60
|
|
|
60
61
|
DEPENDENCIES
|
|
@@ -65,4 +66,4 @@ DEPENDENCIES
|
|
|
65
66
|
rubocop (~> 1.7)
|
|
66
67
|
|
|
67
68
|
BUNDLED WITH
|
|
68
|
-
2.2.
|
|
69
|
+
2.2.22
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# Bundler::Audit::Fix
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/bundler-audit-fix)
|
|
4
|
+
|
|
3
5
|
Automatically apply patched version of gems audited by [rubysec/bunder-audit](https://github.com/rubysec/bundler-audit).
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
@@ -26,7 +28,7 @@ $ bundle-audit-fix update [dir]
|
|
|
26
28
|
|
|
27
29
|
### .bundler-audit.yml
|
|
28
30
|
|
|
29
|
-
In addition to the original configuration, it supports `replacement` block.
|
|
31
|
+
In addition to the original configuration, it supports `replacement` block. If a gem that is related to a fixed and same version and not directly listed in the Gemfile (e.g. Rails family) needs to be updated, bundle-audit-fix will replace according to the specified like below.
|
|
30
32
|
|
|
31
33
|
```yml
|
|
32
34
|
replacement:
|
data/config/default.yml
ADDED
|
@@ -29,34 +29,60 @@ module Bundler
|
|
|
29
29
|
class Configuration < Configuration
|
|
30
30
|
attr_accessor :replacements
|
|
31
31
|
|
|
32
|
-
|
|
33
|
-
|
|
32
|
+
class << self
|
|
33
|
+
def load(file_path)
|
|
34
|
+
instance = super(file_path)
|
|
34
35
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
36
|
+
doc = YAML.parse(File.new(file_path))
|
|
37
|
+
doc.root.children.each_slice(2) do |key, value|
|
|
38
|
+
case key.value
|
|
39
|
+
when 'replacement'
|
|
40
|
+
unless value.children.is_a?(Array)
|
|
41
|
+
raise(InvalidConfigurationError, "'replacement' key found in config file, but is not an Array")
|
|
42
|
+
end
|
|
42
43
|
|
|
43
|
-
|
|
44
|
+
instance.replacements ||= {}
|
|
45
|
+
instance.replacements = instance.replacements.merge(build_replacements(value))
|
|
46
|
+
end
|
|
44
47
|
end
|
|
48
|
+
|
|
49
|
+
instance
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def build_replacements(params)
|
|
53
|
+
params.children.each_slice(2).map do |key, value|
|
|
54
|
+
unless value.children
|
|
55
|
+
raise(InvalidConfigurationError,
|
|
56
|
+
"'replacement.#{key.value}' in config file is empty")
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
unless value.children.all? { |node| node.is_a?(YAML::Nodes::Scalar) }
|
|
60
|
+
raise(InvalidConfigurationError,
|
|
61
|
+
"'replacement.#{key.value}' array in config file contains a non-String")
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
{ key.value => value.children.map(&:value) }
|
|
65
|
+
end.inject(&:merge)
|
|
45
66
|
end
|
|
67
|
+
end
|
|
46
68
|
|
|
47
|
-
|
|
69
|
+
def initialize(config = {})
|
|
70
|
+
super(config)
|
|
71
|
+
load_default
|
|
48
72
|
end
|
|
49
73
|
|
|
50
|
-
|
|
51
|
-
params.children.each_slice(2).map do |key, value|
|
|
52
|
-
raise(InvalidConfigurationError, "'replacement.#{key.value}' in config file is empty") unless value.children
|
|
74
|
+
private
|
|
53
75
|
|
|
54
|
-
|
|
55
|
-
|
|
76
|
+
def load_default
|
|
77
|
+
base_dir = File.realpath(File.join(File.dirname(__FILE__), '..', '..', '..', '..'))
|
|
78
|
+
default_config_path = File.join(base_dir, 'config', 'default.yml')
|
|
79
|
+
doc = YAML.parse(File.new(default_config_path))
|
|
80
|
+
doc.root.children.each_slice(2) do |key, value|
|
|
81
|
+
case key.value
|
|
82
|
+
when 'replacement'
|
|
83
|
+
self.replacements = self.class.build_replacements(value)
|
|
56
84
|
end
|
|
57
|
-
|
|
58
|
-
{ key.value => value.children.map(&:value) }
|
|
59
|
-
end.inject(&:merge)
|
|
85
|
+
end
|
|
60
86
|
end
|
|
61
87
|
end
|
|
62
88
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-audit-fix
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nobuo Takizawa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -81,6 +81,7 @@ files:
|
|
|
81
81
|
- bin/bundler-audit-fix
|
|
82
82
|
- bin/console
|
|
83
83
|
- bundler-audit-fix.gemspec
|
|
84
|
+
- config/default.yml
|
|
84
85
|
- lib/bundler/audit/fix.rb
|
|
85
86
|
- lib/bundler/audit/fix/cli.rb
|
|
86
87
|
- lib/bundler/audit/fix/configuration.rb
|
|
@@ -106,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
106
107
|
- !ruby/object:Gem::Version
|
|
107
108
|
version: '0'
|
|
108
109
|
requirements: []
|
|
109
|
-
rubygems_version: 3.2
|
|
110
|
+
rubygems_version: 3.1.2
|
|
110
111
|
signing_key:
|
|
111
112
|
specification_version: 4
|
|
112
113
|
summary: Automatic apply security update inspected by bundler-audit.
|