RubyGems - bundler-audit - Versions diffs - 0.6.0 → 0.6.1 - Mend

bundler-audit 0.6.0 → 0.6.1

Files changed (17) hide show

checksums.yaml +5 -5
data/.travis.yml +4 -3
data/ChangeLog.md +4 -0
data/Gemfile +1 -1
data/README.md +8 -8
data/gemspec.yml +1 -1
data/lib/bundler/audit.rb +1 -1
data/lib/bundler/audit/advisory.rb +1 -1
data/lib/bundler/audit/cli.rb +1 -1
data/lib/bundler/audit/database.rb +1 -1
data/lib/bundler/audit/scanner.rb +5 -2
data/lib/bundler/audit/version.rb +2 -2
data/spec/bundle/insecure_sources/Gemfile +2 -37
data/spec/bundle/secure/Gemfile +1 -36
data/spec/bundle/unpatched_gems/Gemfile +1 -36
data/spec/integration_spec.rb +5 -5
metadata +13 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b0f922ef909402f6b0285e60d2a36e772b2427a2
-  data.tar.gz: ba58dffc77a682e3441b76a1b4ce3983b6d675e3
+SHA256:
+  metadata.gz: 9a3d576304278048394827d4322e8e4be389a2a899b3e22bff638a0aaffcf91a
+  data.tar.gz: 025cf42cf42c6e868b1de3b07066aafe6e55878fe13f53f34c3e40396b44ba27
 SHA512:
-  metadata.gz: af61e9d2970568342a984a4dc0b617ed42fb9bff22cb510dda8daac2460bc0023c2a9f1e33b3d36e1f3e7ea92a12fdf0cefc769da3bc302da41e61996b635808
-  data.tar.gz: ae6ef78b2786d7b0da5b90ee8a450116e501ffe5ad4f29094a55c4bcd86b16408a712cbb5f3cc44334b9cc7ef9cd8939ca9abef493f59a7474050bb13c2b4359
+  metadata.gz: 4485f6c903fcda454232c9305aaefb7d170edc6d6ea4bb8d766880a4135460dde1b3249cb28a87434ae3f01138d60c8bc0792e36b31e2b2893d314ae8cfb5acd
+  data.tar.gz: c273401ad1f90286ff8a0981e858320cd2b14aa65718338ab7c54bb43b77cbf423848d982852217ab763e44b32ea9f6d977ce26e8dbc1f793cb405c52da3be82

data/.travis.yml CHANGED

@@ -1,8 +1,9 @@
 language: ruby
 rvm:
-  - 2.1.8
-  - 2.2.4
-  - 2.3.0
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
   - jruby
   - rbx-3

data/ChangeLog.md CHANGED

@@ -1,3 +1,7 @@
+### 0.6.1 / 2019-01-17
+* Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
 ### 0.6.0 / 2017-07-18
 * Added `--quiet` option to `check` and `update` commands (@jaredbeck).

data/Gemfile CHANGED

@@ -8,6 +8,6 @@ group :development do
   gem 'rubygems-tasks', '~> 0.2'
   gem 'rspec',          '~> 3.0'
-  gem 'yard',           '~> 0.8'
+  gem 'yard',           '~> 0.9'
   gem 'simplecov',      '~> 0.7', :require => false
 end

data/README.md CHANGED

@@ -3,13 +3,13 @@
 * [Homepage](https://github.com/rubysec/bundler-audit#readme)
 * [Issues](https://github.com/rubysec/bundler-audit/issues)
 * [Documentation](http://rubydoc.info/gems/bundler-audit/frames)
-* [Email](mailto:rubysec.mod3 at gmail.com)
+* [Email](mailto:postmodern.mod3 at gmail.com)
 * [![Build Status](https://travis-ci.org/rubysec/bundler-audit.svg)](https://travis-ci.org/rubysec/bundler-audit)
 * [![Code Climate](https://codeclimate.com/github/rubysec/bundler-audit.svg)](https://codeclimate.com/github/rubysec/bundler-audit)
 ## Description
-Patch-level verification for [Bundler][bundler].
+Patch-level verification for [bundler].
 ## Features
@@ -127,8 +127,8 @@ task default: 'bundle:audit'
 ## Requirements
-* [Ruby] >= 1.9.3
-* [RubyGems] >= 1.8
+* [ruby] >= 1.9.3
+* [rubygems] >= 1.8
 * [thor] ~> 0.18
 * [bundler] ~> 1.2
@@ -139,12 +139,12 @@ task default: 'bundle:audit'
 ## Contributing
 1. Clone the repo
-1. `git submodule update --init` # To populate data dir.
+1. `git submodule update --init` # To populate data/ruby-advisory-db
 1. `bundle exec rake`
 ## License
-Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 bundler-audit is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -159,8 +159,8 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with bundler-audit.  If not, see <http://www.gnu.org/licenses/>.
-[Ruby]: https://ruby-lang.org
-[RubyGems]: https://rubygems.org
+[ruby]: https://ruby-lang.org
+[rubygems]: https://rubygems.org
 [thor]: http://whatisthor.com/
 [bundler]: https://github.com/carlhuda/bundler#readme

data/gemspec.yml CHANGED

@@ -11,4 +11,4 @@ required_rubygems_version: ">= 1.8.0"
 dependencies:
   thor: ~> 0.18
-  bundler: ~> 1.2
+  bundler: ">= 1.2.0, < 3"

data/lib/bundler/audit.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/advisory.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/cli.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/database.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/scanner.rb CHANGED

@@ -36,11 +36,14 @@ module Bundler
       # @param [String] root
       #   The path to the project root.
       #
-      def initialize(root=Dir.pwd)
+      # @param [String] gemfile_lock
+      #   Alternative name for the `Gemfile.lock` file.
+      #
+      def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock')
         @root     = File.expand_path(root)
         @database = Database.new
         @lockfile = LockfileParser.new(
-          File.read(File.join(@root,'Gemfile.lock'))
+          File.read(File.join(@root,gemfile_lock))
         )
       end

data/lib/bundler/audit/version.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,6 +18,6 @@
 module Bundler
   module Audit
     # bundler-audit version
-    VERSION = '0.6.0'
+    VERSION = '0.6.1'
   end
 end

data/spec/bundle/insecure_sources/Gemfile CHANGED

@@ -1,39 +1,4 @@
 source 'http://rubygems.org'
-gem 'rails', '3.2.12'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails', :git => 'git://github.com/rails/jquery-rails.git',
-                    :tag => 'v2.2.1'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'rails'
+gem 'jquery-rails', git: 'git://github.com/rails/jquery-rails.git'

data/spec/bundle/secure/Gemfile CHANGED

@@ -1,38 +1,3 @@
 source 'https://rubygems.org'
-gem 'rails', '~> 4.2.7.1'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'rails', '~> 5.2'

data/spec/bundle/unpatched_gems/Gemfile CHANGED

@@ -1,38 +1,3 @@
 source 'https://rubygems.org'
-gem 'rails', '3.2.10'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'activerecord', '4.2.7'

data/spec/integration_spec.rb CHANGED

@@ -20,13 +20,13 @@ describe "CLI" do
     end
     it "should print advisory information for the vulnerable gems" do
-      advisory_pattern = /(Name: [^\n]+
-Version: \d+.\d+.\d+
+      advisory_pattern = %r{(Name: [^\n]+
+Version: \d+\.\d+\.\d+(\.\d+)?
 Advisory: CVE-[0-9]{4}-[0-9]{4}
-Criticality: (High|Medium)
-URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
+Criticality: (High|Medium|Low|Unknown)
+URL: https?://(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#!?&//=]*)
 Title: [^\n]*?
-Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
+Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+)?)*[\s\n]*?)}
       expect(subject).to match(advisory_pattern)
       expect(subject).to include("Vulnerabilities found!")

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-18 00:00:00.000000000 Z
+date: 2019-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -28,16 +28,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
 description: bundler-audit provides patch-level verification for Bundled apps.
 email: postmodern.mod3@gmail.com
 executables:
@@ -472,7 +478,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.8.0
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Patch-level verification for Bundler