bundler-audit-fix 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +2 -2
- data/README.md +3 -1
- data/lib/bundler/audit/fix/cli.rb +0 -11
- data/lib/bundler/audit/fix/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c681b15c5f4aab7669a41362ea73975636bbb6c1073184f30ea73863bd514ee
|
|
4
|
+
data.tar.gz: 7a79b41ebdbd0a88225d1030317442166d89802721fbaebc0e92cc30e0e1bbd1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67a0d7c19635e68877b0dd79f11b384e646c8f8cf8c305f72def4858669342ca9c4c16b814b980633965d451a6592e821ce393770b1585ebfcf6f8bbe479784b
|
|
7
|
+
data.tar.gz: d0842d3f843d25a790e3090f0b284790e5c0df54abeb51cc0e2c00acde443f35064d7451498b17b0e034eeb350fd9dc5877a89c9b3ea478ded17bf22b7b7898b
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# Bundler::Audit::Fix
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/bundler-audit-fix)
|
|
4
|
+
|
|
3
5
|
Automatically apply patched version of gems audited by [rubysec/bunder-audit](https://github.com/rubysec/bundler-audit).
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
@@ -26,7 +28,7 @@ $ bundle-audit-fix update [dir]
|
|
|
26
28
|
|
|
27
29
|
### .bundler-audit.yml
|
|
28
30
|
|
|
29
|
-
In addition to the original configuration, it supports `replacement` block.
|
|
31
|
+
In addition to the original configuration, it supports `replacement` block. If a gem that is related to a fixed and same version and not directly listed in the Gemfile (e.g. Rails family) needs to be updated, bundle-audit-fix will replace according to the specified like below.
|
|
30
32
|
|
|
31
33
|
```yml
|
|
32
34
|
replacement:
|
|
@@ -23,7 +23,6 @@ require 'bundler/cli'
|
|
|
23
23
|
require 'bundler/cli/update'
|
|
24
24
|
require 'bundler/audit/cli'
|
|
25
25
|
require 'bundler/audit/database'
|
|
26
|
-
require 'fileutils'
|
|
27
26
|
|
|
28
27
|
module Bundler
|
|
29
28
|
module Audit
|
|
@@ -76,17 +75,7 @@ module Bundler
|
|
|
76
75
|
patcher = Patcher.new(dir, report, options[:gemfile_lock], options[:config])
|
|
77
76
|
gems_to_update = patcher.patch
|
|
78
77
|
|
|
79
|
-
current_lockfile = StringIO.new(File.read(options[:gemfile_lock]))
|
|
80
78
|
Bundler::CLI::Update.new({ gemfile: gemfile_path }, gems_to_update).run
|
|
81
|
-
updated_lockfile = StringIO.new(File.read(options[:gemfile_lock]))
|
|
82
|
-
|
|
83
|
-
if FileUtils.compare_stream(current_lockfile, updated_lockfile)
|
|
84
|
-
say 'All of the targets are staying in the same version for dependency reasons. Please resolve them manually.',
|
|
85
|
-
:yellow
|
|
86
|
-
exit 1
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
exit 0
|
|
90
79
|
rescue Bundler::GemfileNotFound, Bundler::GemfileLockNotFound => e
|
|
91
80
|
say e.message, :red
|
|
92
81
|
exit 1
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-audit-fix
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nobuo Takizawa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-01-
|
|
11
|
+
date: 2022-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|