RubyGems - bundler-audit - Versions diffs - 0.6.0 → 0.6.1 - Mend

bundler-audit 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +5 -5
data/.travis.yml +4 -3
data/ChangeLog.md +4 -0
data/Gemfile +1 -1
data/README.md +8 -8
data/gemspec.yml +1 -1
data/lib/bundler/audit.rb +1 -1
data/lib/bundler/audit/advisory.rb +1 -1
data/lib/bundler/audit/cli.rb +1 -1
data/lib/bundler/audit/database.rb +1 -1
data/lib/bundler/audit/scanner.rb +5 -2
data/lib/bundler/audit/version.rb +2 -2
data/spec/bundle/insecure_sources/Gemfile +2 -37
data/spec/bundle/secure/Gemfile +1 -36
data/spec/bundle/unpatched_gems/Gemfile +1 -36
data/spec/integration_spec.rb +5 -5
metadata +13 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b0f922ef909402f6b0285e60d2a36e772b2427a2
-  data.tar.gz: ba58dffc77a682e3441b76a1b4ce3983b6d675e3
+SHA256:
+  metadata.gz: 9a3d576304278048394827d4322e8e4be389a2a899b3e22bff638a0aaffcf91a
+  data.tar.gz: 025cf42cf42c6e868b1de3b07066aafe6e55878fe13f53f34c3e40396b44ba27
 SHA512:
-  metadata.gz: af61e9d2970568342a984a4dc0b617ed42fb9bff22cb510dda8daac2460bc0023c2a9f1e33b3d36e1f3e7ea92a12fdf0cefc769da3bc302da41e61996b635808
-  data.tar.gz: ae6ef78b2786d7b0da5b90ee8a450116e501ffe5ad4f29094a55c4bcd86b16408a712cbb5f3cc44334b9cc7ef9cd8939ca9abef493f59a7474050bb13c2b4359
+  metadata.gz: 4485f6c903fcda454232c9305aaefb7d170edc6d6ea4bb8d766880a4135460dde1b3249cb28a87434ae3f01138d60c8bc0792e36b31e2b2893d314ae8cfb5acd
+  data.tar.gz: c273401ad1f90286ff8a0981e858320cd2b14aa65718338ab7c54bb43b77cbf423848d982852217ab763e44b32ea9f6d977ce26e8dbc1f793cb405c52da3be82

data/.travis.yml CHANGED

@@ -1,8 +1,9 @@
 language: ruby
 rvm:
-  - 2.1.8
-  - 2.2.4
-  - 2.3.0
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
   - jruby
   - rbx-3

data/ChangeLog.md CHANGED

@@ -1,3 +1,7 @@
+### 0.6.1 / 2019-01-17
+* Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
 ### 0.6.0 / 2017-07-18
 * Added `--quiet` option to `check` and `update` commands (@jaredbeck).

data/Gemfile CHANGED

@@ -8,6 +8,6 @@ group :development do
   gem 'rubygems-tasks', '~> 0.2'
   gem 'rspec',          '~> 3.0'
-  gem 'yard',           '~> 0.8'
+  gem 'yard',           '~> 0.9'
   gem 'simplecov',      '~> 0.7', :require => false
 end

data/README.md CHANGED

@@ -3,13 +3,13 @@
 * [Homepage](https://github.com/rubysec/bundler-audit#readme)
 * [Issues](https://github.com/rubysec/bundler-audit/issues)
 * [Documentation](http://rubydoc.info/gems/bundler-audit/frames)
-* [Email](mailto:rubysec.mod3 at gmail.com)
+* [Email](mailto:postmodern.mod3 at gmail.com)
 * [![Build Status](https://travis-ci.org/rubysec/bundler-audit.svg)](https://travis-ci.org/rubysec/bundler-audit)
 * [![Code Climate](https://codeclimate.com/github/rubysec/bundler-audit.svg)](https://codeclimate.com/github/rubysec/bundler-audit)
 ## Description
-Patch-level verification for [Bundler][bundler].
+Patch-level verification for [bundler].
 ## Features
@@ -127,8 +127,8 @@ task default: 'bundle:audit'
 ## Requirements
-* [Ruby] >= 1.9.3
-* [RubyGems] >= 1.8
+* [ruby] >= 1.9.3
+* [rubygems] >= 1.8
 * [thor] ~> 0.18
 * [bundler] ~> 1.2
@@ -139,12 +139,12 @@ task default: 'bundle:audit'
 ## Contributing
 1. Clone the repo
-1. `git submodule update --init` # To populate data dir.
+1. `git submodule update --init` # To populate data/ruby-advisory-db
 1. `bundle exec rake`
 ## License
-Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 bundler-audit is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -159,8 +159,8 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with bundler-audit.  If not, see <http://www.gnu.org/licenses/>.
-[Ruby]: https://ruby-lang.org
-[RubyGems]: https://rubygems.org
+[ruby]: https://ruby-lang.org
+[rubygems]: https://rubygems.org
 [thor]: http://whatisthor.com/
 [bundler]: https://github.com/carlhuda/bundler#readme

data/gemspec.yml CHANGED

@@ -11,4 +11,4 @@ required_rubygems_version: ">= 1.8.0"
 dependencies:
   thor: ~> 0.18
-  bundler: ~> 1.2
+  bundler: ">= 1.2.0, < 3"

data/lib/bundler/audit.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/advisory.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/cli.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/database.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/bundler/audit/scanner.rb CHANGED

@@ -36,11 +36,14 @@ module Bundler
       # @param [String] root
       #   The path to the project root.
       #
-      def initialize(root=Dir.pwd)
+      # @param [String] gemfile_lock
+      #   Alternative name for the `Gemfile.lock` file.
+      #
+      def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock')
         @root     = File.expand_path(root)
         @database = Database.new
         @lockfile = LockfileParser.new(
-          File.read(File.join(@root,'Gemfile.lock'))
+          File.read(File.join(@root,gemfile_lock))
         )
       end

data/lib/bundler/audit/version.rb CHANGED

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # bundler-audit is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,6 +18,6 @@
 module Bundler
   module Audit
     # bundler-audit version
-    VERSION = '0.6.0'
+    VERSION = '0.6.1'
   end
 end

data/spec/bundle/insecure_sources/Gemfile CHANGED

@@ -1,39 +1,4 @@
 source 'http://rubygems.org'
-gem 'rails', '3.2.12'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails', :git => 'git://github.com/rails/jquery-rails.git',
-                    :tag => 'v2.2.1'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'rails'
+gem 'jquery-rails', git: 'git://github.com/rails/jquery-rails.git'

data/spec/bundle/secure/Gemfile CHANGED

@@ -1,38 +1,3 @@
 source 'https://rubygems.org'
-gem 'rails', '~> 4.2.7.1'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'rails', '~> 5.2'

data/spec/bundle/unpatched_gems/Gemfile CHANGED

@@ -1,38 +1,3 @@
 source 'https://rubygems.org'
-gem 'rails', '3.2.10'
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-gem 'sqlite3', platform: [:mri, :rbx]
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-  # gem 'uglifier', '>= 1.0.3'
-end
-gem 'jquery-rails'
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-# Use unicorn as the app server
-# gem 'unicorn'
-# Deploy with Capistrano
-# gem 'capistrano'
-# To use debugger
-# gem 'debugger'
+gem 'activerecord', '4.2.7'

data/spec/integration_spec.rb CHANGED

@@ -20,13 +20,13 @@ describe "CLI" do
     end
     it "should print advisory information for the vulnerable gems" do
-      advisory_pattern = /(Name: [^\n]+
-Version: \d+.\d+.\d+
+      advisory_pattern = %r{(Name: [^\n]+
+Version: \d+\.\d+\.\d+(\.\d+)?
 Advisory: CVE-[0-9]{4}-[0-9]{4}
-Criticality: (High|Medium)
-URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
+Criticality: (High|Medium|Low|Unknown)
+URL: https?://(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#!?&//=]*)
 Title: [^\n]*?
-Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
+Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+)?)*[\s\n]*?)}
       expect(subject).to match(advisory_pattern)
       expect(subject).to include("Vulnerabilities found!")

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundler-audit
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-18 00:00:00.000000000 Z
+date: 2019-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -28,16 +28,22 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3'
 description: bundler-audit provides patch-level verification for Bundled apps.
 email: postmodern.mod3@gmail.com
 executables:
@@ -472,7 +478,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.8.0
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Patch-level verification for Bundler