bundler-audit 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +11 -6
- data/ChangeLog.md +7 -1
- data/Gemfile +1 -1
- data/README.md +13 -7
- data/bin/bundler-audit +3 -0
- data/data/ruby-advisory-db.ts +1 -1
- data/data/ruby-advisory-db/.gitignore +0 -1
- data/data/ruby-advisory-db/.travis.yml +0 -6
- data/data/ruby-advisory-db/CONTRIBUTING.md +34 -21
- data/data/ruby-advisory-db/CONTRIBUTORS.md +2 -0
- data/data/ruby-advisory-db/Gemfile +1 -1
- data/data/ruby-advisory-db/README.md +38 -21
- data/data/ruby-advisory-db/gems/RedCloth/{OSVDB-115941.yml → CVE-2012-6684.yml} +6 -1
- data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7576.yml +102 -102
- data/data/ruby-advisory-db/gems/actionpack/CVE-2015-7581.yml +2 -2
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0751.yml +45 -45
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-0752.yml +96 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2097.yml +90 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-2098.yml +89 -0
- data/data/ruby-advisory-db/gems/actionpack/CVE-2016-6316.yml +57 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-0752.yml +80 -80
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-2097.yml +89 -0
- data/data/ruby-advisory-db/gems/actionview/CVE-2016-6316.yml +56 -0
- data/data/ruby-advisory-db/gems/activemodel/CVE-2016-0753.yml +78 -78
- data/data/ruby-advisory-db/gems/activerecord/CVE-2015-7577.yml +91 -91
- data/data/ruby-advisory-db/gems/activerecord/CVE-2016-6317.yml +73 -0
- data/data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml +14 -0
- data/data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml +10 -0
- data/data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml +16 -0
- data/data/ruby-advisory-db/gems/colorscore/CVE-2015-7541.yml +2 -1
- data/data/ruby-advisory-db/gems/doorkeeper/CVE-2016-6582.yml +43 -0
- data/data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml +15 -0
- data/data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml +12 -0
- data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8968.yml +21 -0
- data/data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8969.yml +13 -0
- data/data/ruby-advisory-db/gems/mail/OSVDB-131677.yml +18 -11
- data/data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml +16 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml +42 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml +32 -0
- data/data/ruby-advisory-db/gems/nokogiri/CVE-2017-5029.yml +44 -0
- data/data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml +16 -0
- data/data/ruby-advisory-db/gems/rack-mini-profiler/CVE-2016-4442.yml +17 -0
- data/data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml +17 -0
- data/data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml +14 -0
- data/data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml +13 -0
- data/data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml +16 -0
- data/data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml +1 -1
- data/data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml +17 -0
- data/data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml +19 -0
- data/data/ruby-advisory-db/spec/advisory_example.rb +19 -4
- data/gemspec.yml +1 -1
- data/lib/bundler/audit/cli.rb +10 -5
- data/lib/bundler/audit/database.rb +13 -3
- data/lib/bundler/audit/version.rb +1 -1
- data/spec/bundle/secure/Gemfile +1 -1
- data/spec/cli_spec.rb +80 -25
- data/spec/database_spec.rb +5 -5
- data/spec/integration_spec.rb +2 -2
- metadata +35 -5
data/spec/cli_spec.rb
CHANGED
@@ -2,43 +2,98 @@ require 'spec_helper'
|
|
2
2
|
require 'bundler/audit/cli'
|
3
3
|
|
4
4
|
describe Bundler::Audit::CLI do
|
5
|
+
describe "#update" do
|
6
|
+
context "not --quiet (the default)" do
|
7
|
+
context "when update succeeds" do
|
5
8
|
|
6
|
-
|
9
|
+
before { expect(Bundler::Audit::Database).to receive(:update!).and_return(true) }
|
7
10
|
|
8
|
-
|
11
|
+
it "prints updated message" do
|
12
|
+
expect { subject.update }.to output(/Updated ruby-advisory-db/).to_stdout
|
13
|
+
end
|
9
14
|
|
10
|
-
|
11
|
-
|
12
|
-
|
15
|
+
it "prints total advisory count" do
|
16
|
+
database = double
|
17
|
+
expect(database).to receive(:size).and_return(1234)
|
18
|
+
expect(Bundler::Audit::Database).to receive(:new).and_return(database)
|
13
19
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
expect(Bundler::Audit::Database).to receive(:new).and_return(database)
|
20
|
+
expect { subject.update }.to output(/ruby-advisory-db: 1234 advisories/).to_stdout
|
21
|
+
end
|
22
|
+
end
|
18
23
|
|
19
|
-
|
20
|
-
end
|
21
|
-
end
|
24
|
+
context "when update fails" do
|
22
25
|
|
23
|
-
|
26
|
+
before { expect(Bundler::Audit::Database).to receive(:update!).and_return(false) }
|
24
27
|
|
25
|
-
|
28
|
+
it "prints failure message" do
|
29
|
+
expect do
|
30
|
+
begin
|
31
|
+
subject.update
|
32
|
+
rescue SystemExit
|
33
|
+
end
|
34
|
+
end.to output(/Failed updating ruby-advisory-db!/).to_stdout
|
35
|
+
end
|
26
36
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
37
|
+
it "exits with error status code" do
|
38
|
+
expect {
|
39
|
+
# Capture output of `update` only to keep spec output clean.
|
40
|
+
# The test regarding specific output is above.
|
41
|
+
expect { subject.update }.to output.to_stdout
|
42
|
+
}.to raise_error(SystemExit) do |error|
|
43
|
+
expect(error.success?).to eq(false)
|
44
|
+
expect(error.status).to eq(1)
|
45
|
+
end
|
32
46
|
end
|
33
|
-
end.to output(/Failed updating ruby-advisory-db!/).to_stdout
|
34
|
-
end
|
35
47
|
|
36
|
-
it "exits with error status code" do
|
37
|
-
expect { subject.update }.to raise_error(SystemExit) do |error|
|
38
|
-
expect(error.success?).to eq(false)
|
39
|
-
expect(error.status).to eq(1)
|
40
48
|
end
|
41
49
|
end
|
42
50
|
|
51
|
+
context "--quiet" do
|
52
|
+
before do
|
53
|
+
allow(subject).to receive(:options).and_return(double("Options", quiet?: true))
|
54
|
+
end
|
55
|
+
|
56
|
+
context "when update succeeds" do
|
57
|
+
|
58
|
+
before do
|
59
|
+
expect(Bundler::Audit::Database).to(
|
60
|
+
receive(:update!).with(quiet: true).and_return(true)
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
it "does not print any output" do
|
65
|
+
expect { subject.update }.to_not output.to_stdout
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
context "when update fails" do
|
70
|
+
|
71
|
+
before do
|
72
|
+
expect(Bundler::Audit::Database).to(
|
73
|
+
receive(:update!).with(quiet: true).and_return(false)
|
74
|
+
)
|
75
|
+
end
|
76
|
+
|
77
|
+
it "prints failure message" do
|
78
|
+
expect do
|
79
|
+
begin
|
80
|
+
subject.update
|
81
|
+
rescue SystemExit
|
82
|
+
end
|
83
|
+
end.to output(/Failed updating ruby-advisory-db!/).to_stdout
|
84
|
+
end
|
85
|
+
|
86
|
+
it "exits with error status code" do
|
87
|
+
expect {
|
88
|
+
# Capture output of `update` only to keep spec output clean.
|
89
|
+
# The test regarding specific output is above.
|
90
|
+
expect { subject.update }.to output.to_stdout
|
91
|
+
}.to raise_error(SystemExit) do |error|
|
92
|
+
expect(error.success?).to eq(false)
|
93
|
+
expect(error.status).to eq(1)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
43
98
|
end
|
44
99
|
end
|
data/spec/database_spec.rb
CHANGED
@@ -4,7 +4,7 @@ require 'tmpdir'
|
|
4
4
|
|
5
5
|
describe Bundler::Audit::Database do
|
6
6
|
let(:vendored_advisories) do
|
7
|
-
Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, '
|
7
|
+
Dir[File.join(Bundler::Audit::Database::VENDORED_PATH, 'gems/*/*.yml')].sort
|
8
8
|
end
|
9
9
|
|
10
10
|
describe "path" do
|
@@ -15,7 +15,7 @@ describe Bundler::Audit::Database do
|
|
15
15
|
end
|
16
16
|
|
17
17
|
it "should prefer the user repo, iff it's as up to date, or more up to date than the vendored one" do
|
18
|
-
Bundler::Audit::Database.update!
|
18
|
+
Bundler::Audit::Database.update!(quiet: false)
|
19
19
|
|
20
20
|
Dir.chdir(Bundler::Audit::Database::USER_PATH) do
|
21
21
|
puts "Timestamp:"
|
@@ -36,17 +36,17 @@ describe Bundler::Audit::Database do
|
|
36
36
|
|
37
37
|
describe "update!" do
|
38
38
|
it "should create the USER_PATH path as needed" do
|
39
|
-
Bundler::Audit::Database.update!
|
39
|
+
Bundler::Audit::Database.update!(quiet: false)
|
40
40
|
expect(File.directory?(mocked_user_path)).to be true
|
41
41
|
end
|
42
42
|
|
43
43
|
it "should create the repo, then update it given multple successive calls." do
|
44
44
|
expect_update_to_clone_repo!
|
45
|
-
Bundler::Audit::Database.update!
|
45
|
+
Bundler::Audit::Database.update!(quiet: false)
|
46
46
|
expect(File.directory?(mocked_user_path)).to be true
|
47
47
|
|
48
48
|
expect_update_to_update_repo!
|
49
|
-
Bundler::Audit::Database.update!
|
49
|
+
Bundler::Audit::Database.update!(quiet: false)
|
50
50
|
expect(File.directory?(mocked_user_path)).to be true
|
51
51
|
end
|
52
52
|
end
|
data/spec/integration_spec.rb
CHANGED
@@ -4,7 +4,7 @@ describe "CLI" do
|
|
4
4
|
include Helpers
|
5
5
|
|
6
6
|
let(:command) do
|
7
|
-
File.expand_path(File.join(File.dirname(__FILE__),'..','bin','
|
7
|
+
File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-audit'))
|
8
8
|
end
|
9
9
|
|
10
10
|
context "when auditing a bundle with unpatched gems" do
|
@@ -38,7 +38,7 @@ Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
|
|
38
38
|
let(:directory) { File.join('spec','bundle',bundle) }
|
39
39
|
|
40
40
|
let(:command) do
|
41
|
-
File.expand_path(File.join(File.dirname(__FILE__),'..','bin','
|
41
|
+
File.expand_path(File.join(File.dirname(__FILE__),'..','bin','bundler-audit -i OSVDB-89026'))
|
42
42
|
end
|
43
43
|
|
44
44
|
subject do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-07-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -42,6 +42,7 @@ description: bundler-audit provides patch-level verification for Bundled apps.
|
|
42
42
|
email: postmodern.mod3@gmail.com
|
43
43
|
executables:
|
44
44
|
- bundle-audit
|
45
|
+
- bundler-audit
|
45
46
|
extensions: []
|
46
47
|
extra_rdoc_files:
|
47
48
|
- COPYING.txt
|
@@ -60,6 +61,7 @@ files:
|
|
60
61
|
- README.md
|
61
62
|
- Rakefile
|
62
63
|
- bin/bundle-audit
|
64
|
+
- bin/bundler-audit
|
63
65
|
- bundler-audit.gemspec
|
64
66
|
- data/ruby-advisory-db.ts
|
65
67
|
- data/ruby-advisory-db/.gitignore
|
@@ -68,11 +70,12 @@ files:
|
|
68
70
|
- data/ruby-advisory-db/CONTRIBUTING.md
|
69
71
|
- data/ruby-advisory-db/CONTRIBUTORS.md
|
70
72
|
- data/ruby-advisory-db/Gemfile
|
73
|
+
- data/ruby-advisory-db/Gemfile.lock
|
71
74
|
- data/ruby-advisory-db/LICENSE.txt
|
72
75
|
- data/ruby-advisory-db/README.md
|
73
76
|
- data/ruby-advisory-db/Rakefile
|
74
77
|
- data/ruby-advisory-db/gems/Arabic-Prawn/OSVDB-104365.yml
|
75
|
-
- data/ruby-advisory-db/gems/RedCloth/
|
78
|
+
- data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
|
76
79
|
- data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4995.yml
|
77
80
|
- data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
|
78
81
|
- data/ruby-advisory-db/gems/actionmailer/OSVDB-98629.yml
|
@@ -82,6 +85,10 @@ files:
|
|
82
85
|
- data/ruby-advisory-db/gems/actionpack/CVE-2015-7576.yml
|
83
86
|
- data/ruby-advisory-db/gems/actionpack/CVE-2015-7581.yml
|
84
87
|
- data/ruby-advisory-db/gems/actionpack/CVE-2016-0751.yml
|
88
|
+
- data/ruby-advisory-db/gems/actionpack/CVE-2016-0752.yml
|
89
|
+
- data/ruby-advisory-db/gems/actionpack/CVE-2016-2097.yml
|
90
|
+
- data/ruby-advisory-db/gems/actionpack/CVE-2016-2098.yml
|
91
|
+
- data/ruby-advisory-db/gems/actionpack/CVE-2016-6316.yml
|
85
92
|
- data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
|
86
93
|
- data/ruby-advisory-db/gems/actionpack/OSVDB-100525.yml
|
87
94
|
- data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml
|
@@ -99,11 +106,14 @@ files:
|
|
99
106
|
- data/ruby-advisory-db/gems/actionpack/OSVDB-91452.yml
|
100
107
|
- data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
|
101
108
|
- data/ruby-advisory-db/gems/actionview/CVE-2016-0752.yml
|
109
|
+
- data/ruby-advisory-db/gems/actionview/CVE-2016-2097.yml
|
110
|
+
- data/ruby-advisory-db/gems/actionview/CVE-2016-6316.yml
|
102
111
|
- data/ruby-advisory-db/gems/activemodel/CVE-2016-0753.yml
|
103
112
|
- data/ruby-advisory-db/gems/activerecord-jdbc-adapter/OSVDB-114854.yml
|
104
113
|
- data/ruby-advisory-db/gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
|
105
114
|
- data/ruby-advisory-db/gems/activerecord/CVE-2014-3514.yml
|
106
115
|
- data/ruby-advisory-db/gems/activerecord/CVE-2015-7577.yml
|
116
|
+
- data/ruby-advisory-db/gems/activerecord/CVE-2016-6317.yml
|
107
117
|
- data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
|
108
118
|
- data/ruby-advisory-db/gems/activerecord/OSVDB-108664.yml
|
109
119
|
- data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
|
@@ -121,6 +131,9 @@ files:
|
|
121
131
|
- data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
|
122
132
|
- data/ruby-advisory-db/gems/activesupport/OSVDB-89594.yml
|
123
133
|
- data/ruby-advisory-db/gems/activesupport/OSVDB-91451.yml
|
134
|
+
- data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
|
135
|
+
- data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
|
136
|
+
- data/ruby-advisory-db/gems/archive-tar-minitar/CVE-2016-10173.yml
|
124
137
|
- data/ruby-advisory-db/gems/as/OSVDB-112683.yml
|
125
138
|
- data/ruby-advisory-db/gems/authlogic/OSVDB-89064.yml
|
126
139
|
- data/ruby-advisory-db/gems/auto_awesomplete/OSVDB-132800.yml
|
@@ -158,6 +171,7 @@ files:
|
|
158
171
|
- data/ruby-advisory-db/gems/devise/OSVDB-114435.yml
|
159
172
|
- data/ruby-advisory-db/gems/devise/OSVDB-89642.yml
|
160
173
|
- data/ruby-advisory-db/gems/doorkeeper/CVE-2014-8144.yml
|
174
|
+
- data/ruby-advisory-db/gems/doorkeeper/CVE-2016-6582.yml
|
161
175
|
- data/ruby-advisory-db/gems/doorkeeper/OSVDB-118830.yml
|
162
176
|
- data/ruby-advisory-db/gems/dragonfly/OSVDB-110439.yml
|
163
177
|
- data/ruby-advisory-db/gems/dragonfly/OSVDB-90647.yml
|
@@ -172,6 +186,7 @@ files:
|
|
172
186
|
- data/ruby-advisory-db/gems/ember-source/CVE-2015-1866.yml
|
173
187
|
- data/ruby-advisory-db/gems/ember-source/CVE-2015-7565.yml
|
174
188
|
- data/ruby-advisory-db/gems/enum_column3/OSVDB-94679.yml
|
189
|
+
- data/ruby-advisory-db/gems/espeak-ruby/CVE-2016-10193.yml
|
175
190
|
- data/ruby-advisory-db/gems/extlib/OSVDB-90740.yml
|
176
191
|
- data/ruby-advisory-db/gems/fastreader/OSVDB-91232.yml
|
177
192
|
- data/ruby-advisory-db/gems/fat_free_crm/OSVDB-101445.yml
|
@@ -182,6 +197,7 @@ files:
|
|
182
197
|
- data/ruby-advisory-db/gems/fat_free_crm/OSVDB-110420.yml
|
183
198
|
- data/ruby-advisory-db/gems/fat_free_crm/OSVDB-118465.yml
|
184
199
|
- data/ruby-advisory-db/gems/features/OSVDB-96975.yml
|
200
|
+
- data/ruby-advisory-db/gems/festivaltts4r/CVE-2016-10194.yml
|
185
201
|
- data/ruby-advisory-db/gems/fileutils/OSVDB-90715.yml
|
186
202
|
- data/ruby-advisory-db/gems/fileutils/OSVDB-90716.yml
|
187
203
|
- data/ruby-advisory-db/gems/fileutils/OSVDB-90717.yml
|
@@ -194,6 +210,8 @@ files:
|
|
194
210
|
- data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-96798.yml
|
195
211
|
- data/ruby-advisory-db/gems/fog-dragonfly/OSVDB-97854.yml
|
196
212
|
- data/ruby-advisory-db/gems/ftpd/OSVDB-90784.yml
|
213
|
+
- data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8968.yml
|
214
|
+
- data/ruby-advisory-db/gems/git-fastclone/CVE-2015-8969.yml
|
197
215
|
- data/ruby-advisory-db/gems/gitlab-grit/OSVDB-99370.yml
|
198
216
|
- data/ruby-advisory-db/gems/gnms/OSVDB-108594.yml
|
199
217
|
- data/ruby-advisory-db/gems/gollum-grit_adapter/CVE-2014-9489.yml
|
@@ -236,6 +254,7 @@ files:
|
|
236
254
|
- data/ruby-advisory-db/gems/mapbox-rails/OSVDB-132871.yml
|
237
255
|
- data/ruby-advisory-db/gems/md2pdf/OSVDB-92290.yml
|
238
256
|
- data/ruby-advisory-db/gems/mini_magick/OSVDB-91231.yml
|
257
|
+
- data/ruby-advisory-db/gems/minitar/CVE-2016-10173.yml
|
239
258
|
- data/ruby-advisory-db/gems/moped/CVE-2015-4410.yml
|
240
259
|
- data/ruby-advisory-db/gems/multi_xml/OSVDB-89148.yml
|
241
260
|
- data/ruby-advisory-db/gems/mustache-js-rails/OSVDB-131671.yml
|
@@ -244,6 +263,9 @@ files:
|
|
244
263
|
- data/ruby-advisory-db/gems/nokogiri/CVE-2015-1819.yml
|
245
264
|
- data/ruby-advisory-db/gems/nokogiri/CVE-2015-5312.yml
|
246
265
|
- data/ruby-advisory-db/gems/nokogiri/CVE-2015-7499.yml
|
266
|
+
- data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
|
267
|
+
- data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml
|
268
|
+
- data/ruby-advisory-db/gems/nokogiri/CVE-2017-5029.yml
|
247
269
|
- data/ruby-advisory-db/gems/nokogiri/OSVDB-101179.yml
|
248
270
|
- data/ruby-advisory-db/gems/nokogiri/OSVDB-101458.yml
|
249
271
|
- data/ruby-advisory-db/gems/nokogiri/OSVDB-118481.yml
|
@@ -260,6 +282,7 @@ files:
|
|
260
282
|
- data/ruby-advisory-db/gems/passenger/CVE-2014-1831.yml
|
261
283
|
- data/ruby-advisory-db/gems/passenger/CVE-2014-1832.yml
|
262
284
|
- data/ruby-advisory-db/gems/passenger/CVE-2015-7519.yml
|
285
|
+
- data/ruby-advisory-db/gems/passenger/CVE-2016-10345.yml
|
263
286
|
- data/ruby-advisory-db/gems/passenger/OSVDB-90738.yml
|
264
287
|
- data/ruby-advisory-db/gems/passenger/OSVDB-93752.yml
|
265
288
|
- data/ruby-advisory-db/gems/passenger/OSVDB-94074.yml
|
@@ -268,6 +291,7 @@ files:
|
|
268
291
|
- data/ruby-advisory-db/gems/quick_magick/OSVDB-106954.yml
|
269
292
|
- data/ruby-advisory-db/gems/rack-attack/OSVDB-132234.yml
|
270
293
|
- data/ruby-advisory-db/gems/rack-cache/OSVDB-83077.yml
|
294
|
+
- data/ruby-advisory-db/gems/rack-mini-profiler/CVE-2016-4442.yml
|
271
295
|
- data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
|
272
296
|
- data/ruby-advisory-db/gems/rack/CVE-2015-3225.yml
|
273
297
|
- data/ruby-advisory-db/gems/rack/OSVDB-78121.yml
|
@@ -288,10 +312,13 @@ files:
|
|
288
312
|
- data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
|
289
313
|
- data/ruby-advisory-db/gems/rest-client/OSVDB-117461.yml
|
290
314
|
- data/ruby-advisory-db/gems/rgpg/OSVDB-95948.yml
|
315
|
+
- data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml
|
291
316
|
- data/ruby-advisory-db/gems/ruby-saml/OSVDB-117903.yml
|
292
317
|
- data/ruby-advisory-db/gems/ruby-saml/OSVDB-124383.yml
|
293
318
|
- data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
|
294
319
|
- data/ruby-advisory-db/gems/ruby_parser/OSVDB-90561.yml
|
320
|
+
- data/ruby-advisory-db/gems/rubyzip/CVE-2017-5946.yml
|
321
|
+
- data/ruby-advisory-db/gems/safemode/CVE-2016-3693.yml
|
295
322
|
- data/ruby-advisory-db/gems/screen_capture/OSVDB-107783.yml
|
296
323
|
- data/ruby-advisory-db/gems/sentry-raven/OSVDB-115654.yml
|
297
324
|
- data/ruby-advisory-db/gems/sfpagent/OSVDB-105971.yml
|
@@ -303,6 +330,7 @@ files:
|
|
303
330
|
- data/ruby-advisory-db/gems/sidekiq/OSVDB-125676.yml
|
304
331
|
- data/ruby-advisory-db/gems/sidekiq/OSVDB-125678.yml
|
305
332
|
- data/ruby-advisory-db/gems/sounder/OSVDB-96278.yml
|
333
|
+
- data/ruby-advisory-db/gems/spina/CVE-2015-4619.yml
|
306
334
|
- data/ruby-advisory-db/gems/spree/OSVDB-119205.yml
|
307
335
|
- data/ruby-advisory-db/gems/spree/OSVDB-125699.yml
|
308
336
|
- data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
|
@@ -367,7 +395,9 @@ files:
|
|
367
395
|
- data/ruby-advisory-db/rubies/ruby/CVE-2012-4464.yml
|
368
396
|
- data/ruby-advisory-db/rubies/ruby/CVE-2012-4466.yml
|
369
397
|
- data/ruby-advisory-db/rubies/ruby/CVE-2012-4481.yml
|
398
|
+
- data/ruby-advisory-db/rubies/ruby/CVE-2015-1855.yml
|
370
399
|
- data/ruby-advisory-db/rubies/ruby/CVE-2015-7551.yml
|
400
|
+
- data/ruby-advisory-db/rubies/ruby/CVE-2015-9096.yml
|
371
401
|
- data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
|
372
402
|
- data/ruby-advisory-db/rubies/ruby/OSVDB-105027.yml
|
373
403
|
- data/ruby-advisory-db/rubies/ruby/OSVDB-107478.yml
|
@@ -424,7 +454,7 @@ files:
|
|
424
454
|
- spec/spec_helper.rb
|
425
455
|
homepage: https://github.com/rubysec/bundler-audit#readme
|
426
456
|
licenses:
|
427
|
-
-
|
457
|
+
- GPL-3.0+
|
428
458
|
metadata: {}
|
429
459
|
post_install_message:
|
430
460
|
rdoc_options: []
|
@@ -442,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
442
472
|
version: 1.8.0
|
443
473
|
requirements: []
|
444
474
|
rubyforge_project:
|
445
|
-
rubygems_version: 2.
|
475
|
+
rubygems_version: 2.5.2
|
446
476
|
signing_key:
|
447
477
|
specification_version: 4
|
448
478
|
summary: Patch-level verification for Bundler
|