bundler-audited_update 0.1.5 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/audited_bundle_update +2 -1
- data/lib/bundler/audited_update.rb +168 -93
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a9174a9bf0cb0da49d4745367579726c143eff1a3554f6aa220e83fd85f7669
|
4
|
+
data.tar.gz: 76f1d7d4ea260d78912810f6a06fe03dad8f95d965e93f130295ee1554b5009b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9bb0d700e4dafd1166531f54e4e449b0f4e8e3ca7dade188bda6434cd077981a4449d8b29f0cc4c35d87cd1c89739438bb3c0a40ec6c65f0cc2704f45346602b
|
7
|
+
data.tar.gz: 963183e6e4c72fa587bde87b87041a312dd052c160ba9ace28252cd6f3374a7e7f743a6e6cdfe22aa759dc8f4eba7f00ac2c7eb013861dbdf52c86e93936c19d
|
data/bin/audited_bundle_update
CHANGED
@@ -1,8 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'bundler'
|
2
4
|
require 'bundler/lockfile_parser'
|
3
|
-
require
|
4
|
-
require
|
5
|
-
require
|
5
|
+
require 'bundler/cli'
|
6
|
+
require 'bundler/cli/update'
|
7
|
+
require 'open-uri'
|
6
8
|
require 'net/http'
|
7
9
|
require 'json'
|
8
10
|
require 'versionomy'
|
@@ -10,25 +12,31 @@ require 'launchy'
|
|
10
12
|
|
11
13
|
module Bundler
|
12
14
|
class AuditedUpdate
|
15
|
+
CHANGELOG_URLS = {
|
16
|
+
"graphql-pro" => "https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG-pro.md",
|
17
|
+
"sidekiq" => "https://github.com/mperham/sidekiq/blob/main/Changes.md",
|
18
|
+
"faraday" => "https://github.com/lostisland/faraday/releases"
|
19
|
+
}
|
20
|
+
|
13
21
|
def run!
|
14
22
|
@before_specs = gem_specs
|
15
23
|
bundle_update
|
16
24
|
@after_specs = gem_specs
|
17
25
|
|
18
|
-
@output =
|
26
|
+
@output = ''
|
19
27
|
@output += "# Gem Changes\n"
|
20
28
|
@output += "\n"
|
21
29
|
|
22
|
-
output_gems(
|
23
|
-
output_gems(
|
30
|
+
output_gems('Added Gems', added_gems)
|
31
|
+
output_gems('Removed Gems', removed_gems)
|
24
32
|
output_changed_gems(changed_gems)
|
25
33
|
|
26
34
|
puts "\n\n\n\n\n"
|
27
35
|
|
28
|
-
puts
|
29
|
-
puts
|
30
|
-
puts
|
31
|
-
puts
|
36
|
+
puts '--------------------------------'
|
37
|
+
puts 'Upgraded Gems'
|
38
|
+
puts '(Generated with bundler-audited_updated https://github.com/bmulholland/audited_bundle_update)'
|
39
|
+
puts '--------------------------------'
|
32
40
|
|
33
41
|
puts @output
|
34
42
|
end
|
@@ -46,16 +54,20 @@ module Bundler
|
|
46
54
|
def output_changed_gems(gems)
|
47
55
|
return if gems.empty?
|
48
56
|
|
49
|
-
major_upgrades = gems.
|
50
|
-
minor_upgrades = gems.select
|
51
|
-
|
57
|
+
major_upgrades = gems.reject { |_, versions| versions[:before].major == versions[:after].major }
|
58
|
+
minor_upgrades = gems.select do |name, versions|
|
59
|
+
!major_upgrades.keys.include?(name) && versions[:before].minor != versions[:after].minor
|
60
|
+
end
|
61
|
+
point_upgrades = gems.reject do |name, _|
|
62
|
+
major_upgrades.keys.include?(name) || minor_upgrades.keys.include?(name)
|
63
|
+
end
|
52
64
|
|
53
65
|
@output += "## Upgraded Gems\n"
|
54
66
|
@output += "\n"
|
55
67
|
|
56
|
-
output_changed_gems_section(
|
57
|
-
output_changed_gems_section(
|
58
|
-
output_changed_gems_section(
|
68
|
+
output_changed_gems_section('Major', major_upgrades)
|
69
|
+
output_changed_gems_section('Minor', minor_upgrades)
|
70
|
+
output_changed_gems_section('Point', point_upgrades)
|
59
71
|
|
60
72
|
@output += "\n"
|
61
73
|
end
|
@@ -69,82 +81,138 @@ module Bundler
|
|
69
81
|
end
|
70
82
|
|
71
83
|
def gem_output(name, version)
|
72
|
-
|
73
|
-
|
74
|
-
|
84
|
+
# gems that are continuously released and therefore have no helpful
|
85
|
+
# changelog
|
86
|
+
continuously_released_gems = %w[
|
87
|
+
aws-partitions aws-sdk-core sorbet sorbet-runtime sorbet-static
|
88
|
+
sorbet-static-and-runtime]
|
89
|
+
|
90
|
+
if continuously_released_gems.include?(name)
|
91
|
+
puts "\n\n\n"
|
92
|
+
puts '--------------------------------'
|
93
|
+
puts "#{name} updated"
|
94
|
+
puts '--------------------------------'
|
95
|
+
|
96
|
+
if version.is_a? Hash
|
97
|
+
info = gem_info(name, version[:after])
|
98
|
+
version_string = "#{version[:before]} -> #{version[:after]}"
|
99
|
+
else
|
100
|
+
info = gem_info(name, version)
|
101
|
+
version_string = version
|
102
|
+
end
|
75
103
|
|
76
104
|
guessed_source = gem_source_url(info)
|
105
|
+
change_detail = guessed_source
|
77
106
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
elsif answer == "n"
|
100
|
-
impact = "No impact"
|
101
|
-
elsif answer == "o"
|
102
|
-
Launchy.open(changelog_url)
|
103
|
-
else
|
104
|
-
puts "Invalid answer"
|
105
|
-
end
|
106
|
-
end
|
107
|
+
puts 'This gem is continuously updated, with no meaningful changelog.'
|
108
|
+
|
109
|
+
impact = nil
|
110
|
+
while impact.nil?
|
111
|
+
puts "Does #{name} #{version_string} impact your application? (y/n/[o]pen in browser)"
|
112
|
+
answer = gets
|
113
|
+
answer = answer.downcase.strip
|
114
|
+
case answer
|
115
|
+
when 'y'
|
116
|
+
puts "What's a short description of the impact?"
|
117
|
+
impact = gets
|
118
|
+
when 'n'
|
119
|
+
impact = 'No impact'
|
120
|
+
when 'o'
|
121
|
+
Launchy.open(guessed_source)
|
122
|
+
else
|
123
|
+
puts 'Invalid answer'
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
change_detail = impact
|
107
128
|
|
108
|
-
|
129
|
+
elsif version.is_a? Hash
|
130
|
+
version_string = "#{version[:before]} -> #{version[:after]}"
|
131
|
+
info = gem_info(name, version[:after])
|
132
|
+
|
133
|
+
changelog_text, changelog_url = guess_changelog(
|
134
|
+
name, gem_source_url(info)
|
135
|
+
)
|
136
|
+
|
137
|
+
if changelog_text && !changelog_text.empty?
|
138
|
+
puts "\n\n\n"
|
139
|
+
puts '--------------------------------'
|
140
|
+
puts "#{name} changes from #{version_string}"
|
141
|
+
puts '--------------------------------'
|
142
|
+
|
143
|
+
# Output the changelog text from top until the line that contains the previous version
|
144
|
+
changelog_output = changelog_text.split(/^.*#{Regexp.escape(version[:before].to_s)}/, 2).first
|
145
|
+
|
146
|
+
# Max 200 lines
|
147
|
+
changelog_output = changelog_output.lines.to_a[0...200].join
|
148
|
+
|
149
|
+
puts changelog_output
|
150
|
+
impact = nil
|
151
|
+
while impact.nil?
|
152
|
+
puts "Does #{name} #{version_string} impact your application? (y/n/[o]pen in browser)"
|
153
|
+
answer = gets
|
154
|
+
answer = answer.downcase.strip
|
155
|
+
case answer
|
156
|
+
when 'y'
|
157
|
+
puts "What's a short description of the impact?"
|
158
|
+
impact = gets
|
159
|
+
when 'n'
|
160
|
+
impact = 'No impact'
|
161
|
+
when 'o'
|
162
|
+
Launchy.open(changelog_url)
|
163
|
+
else
|
164
|
+
puts 'Invalid answer'
|
165
|
+
end
|
109
166
|
end
|
167
|
+
|
168
|
+
change_detail = impact
|
110
169
|
end
|
111
170
|
|
112
171
|
else
|
113
172
|
version_string = version
|
114
173
|
info = gem_info(name, version)
|
115
|
-
|
116
|
-
change_detail = guessed_source
|
174
|
+
change_detail = gem_source_url(info)
|
117
175
|
end
|
118
176
|
|
119
|
-
change_detail ||=
|
120
|
-
|
177
|
+
change_detail ||= 'Unsupported source URL, cannot search for changelog'
|
121
178
|
|
122
179
|
@output += "* #{name} (#{version_string}): #{change_detail}\n"
|
123
180
|
end
|
124
181
|
|
125
|
-
def guess_changelog(root_url)
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
182
|
+
def guess_changelog(name, root_url)
|
183
|
+
# There are always going to be exceptions, so just hardcode those.
|
184
|
+
root_url = CHANGELOG_URLS[name] if CHANGELOG_URLS.key?(name)
|
185
|
+
|
186
|
+
return nil unless root_url
|
187
|
+
|
188
|
+
filenames = %w[
|
189
|
+
CHANGELOG
|
190
|
+
CHANGELOG.md
|
191
|
+
Changelog
|
192
|
+
Changelog.md
|
193
|
+
History
|
194
|
+
History.md
|
195
|
+
HISTORY.md
|
196
|
+
History.rdoc
|
197
|
+
Changes
|
198
|
+
CHANGES
|
199
|
+
CHANGES.md
|
200
|
+
NEWS
|
201
|
+
]
|
140
202
|
changelog_text = nil
|
141
203
|
changelog_url = nil
|
142
204
|
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
205
|
+
root_url_is_releases_page = root_url.end_with?("/releases")
|
206
|
+
|
207
|
+
changelog_url = root_url if root_url_is_releases_page
|
208
|
+
|
209
|
+
unless changelog_url
|
210
|
+
filenames.each do |filename|
|
211
|
+
changelog_text = try_changelog_url(root_url, filename)
|
212
|
+
if changelog_text
|
213
|
+
changelog_url = changelog_url_for(root_url, filename)
|
214
|
+
break
|
215
|
+
end
|
148
216
|
end
|
149
217
|
end
|
150
218
|
|
@@ -154,7 +222,7 @@ module Bundler
|
|
154
222
|
end
|
155
223
|
|
156
224
|
unless changelog_text
|
157
|
-
changelog_text =
|
225
|
+
changelog_text = 'Could not find changelog URL, try manually'
|
158
226
|
changelog_url = root_url
|
159
227
|
end
|
160
228
|
|
@@ -162,8 +230,10 @@ module Bundler
|
|
162
230
|
end
|
163
231
|
|
164
232
|
def gem_source_url(info)
|
165
|
-
|
166
|
-
|
233
|
+
return nil unless info
|
234
|
+
|
235
|
+
source_url_guess = info['source_code_uri'] || info['homepage_uri']
|
236
|
+
if source_url_guess&.include?('github.com')
|
167
237
|
source_url_guess
|
168
238
|
else
|
169
239
|
# Unsupported source URL
|
@@ -172,22 +242,22 @@ module Bundler
|
|
172
242
|
end
|
173
243
|
|
174
244
|
def added_gems
|
175
|
-
@after_specs.reject {|spec| @before_specs.map(&:name).include?(spec.name) }
|
245
|
+
@after_specs.reject { |spec| @before_specs.map(&:name).include?(spec.name) }
|
176
246
|
end
|
177
247
|
|
178
248
|
def removed_gems
|
179
|
-
@before_specs.reject {|spec| @after_specs.map(&:name).include?(spec.name) }
|
249
|
+
@before_specs.reject { |spec| @after_specs.map(&:name).include?(spec.name) }
|
180
250
|
end
|
181
251
|
|
182
252
|
def changed_gems
|
183
253
|
gems = @after_specs.reject do |after_spec|
|
184
|
-
before_spec = @before_specs.find {|before_spec| before_spec && before_spec.name == after_spec.name }
|
254
|
+
before_spec = @before_specs.find { |before_spec| before_spec && before_spec.name == after_spec.name }
|
185
255
|
!before_spec || before_spec.version == after_spec.version
|
186
256
|
end
|
187
257
|
|
188
258
|
gems.map! do |the_gem|
|
189
|
-
before_gem = @before_specs.find {|before_spec| before_spec.name == the_gem.name }
|
190
|
-
after_gem = @after_specs.find {|after_spec| after_spec.name == the_gem.name }
|
259
|
+
before_gem = @before_specs.find { |before_spec| before_spec.name == the_gem.name }
|
260
|
+
after_gem = @after_specs.find { |after_spec| after_spec.name == the_gem.name }
|
191
261
|
versions = {
|
192
262
|
before: Versionomy.parse(before_gem.version.to_s),
|
193
263
|
after: Versionomy.parse(after_gem.version.to_s)
|
@@ -199,42 +269,47 @@ module Bundler
|
|
199
269
|
end
|
200
270
|
|
201
271
|
def github_releases_url(source_root)
|
202
|
-
api_source_root = source_root.gsub(
|
203
|
-
"#{api_source_root}/releases"
|
272
|
+
api_source_root = source_root.gsub('github.com/', 'api.github.com/repos/')
|
273
|
+
api_source_root.end_with?("/releases") ? api_source_root : "#{api_source_root}/releases"
|
204
274
|
end
|
205
275
|
|
206
276
|
def github_releases_bodies(source_root)
|
207
|
-
response = URI.parse(github_releases_url(source_root)).read
|
277
|
+
response = ::URI.parse(github_releases_url(source_root)).read
|
208
278
|
releases = JSON.parse(response)
|
209
|
-
release_notes =
|
279
|
+
release_notes = ''
|
210
280
|
releases.each do |release|
|
211
|
-
next unless release[
|
212
|
-
|
281
|
+
next unless release['body']
|
282
|
+
|
283
|
+
release_notes += release['name']
|
213
284
|
release_notes += "\n"
|
214
|
-
release_notes += release[
|
285
|
+
release_notes += release['body']
|
215
286
|
release_notes += "\n"
|
216
287
|
release_notes += "\n"
|
217
288
|
end
|
218
289
|
release_notes
|
219
290
|
rescue OpenURI::HTTPError
|
220
|
-
|
291
|
+
nil
|
221
292
|
end
|
222
293
|
|
223
294
|
def changelog_url_for(source_root, filename)
|
224
|
-
raw_source_root = source_root.gsub(
|
295
|
+
raw_source_root = source_root.gsub('github.com', 'raw.githubusercontent.com')
|
225
296
|
url = "#{raw_source_root}/master/#{filename}"
|
226
297
|
end
|
227
298
|
|
228
299
|
def try_changelog_url(source_root, filename)
|
229
|
-
URI.parse(changelog_url_for(source_root, filename)).read
|
300
|
+
::URI.parse(changelog_url_for(source_root, filename)).read
|
230
301
|
rescue OpenURI::HTTPError
|
231
|
-
|
302
|
+
nil
|
232
303
|
end
|
233
304
|
|
234
305
|
def gem_info(name, version)
|
235
306
|
gem_url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}"
|
236
|
-
response = URI.parse(gem_url).read
|
307
|
+
response = ::URI.parse(gem_url).read
|
237
308
|
JSON.parse(response)
|
309
|
+
rescue OpenURI::HTTPError => e
|
310
|
+
# return nil for 404 - which means the gem doens't exist on rubygems,
|
311
|
+
# probably private
|
312
|
+
raise unless e.message.include?('404')
|
238
313
|
end
|
239
314
|
|
240
315
|
def gem_specs
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bundler-audited_update
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brendan Mulholland
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -39,7 +39,7 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: launchy
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
@@ -53,7 +53,7 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
56
|
+
name: versionomy
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
@@ -79,8 +79,9 @@ files:
|
|
79
79
|
homepage: http://rubygems.org/gems/bundler-audited_update
|
80
80
|
licenses:
|
81
81
|
- MIT
|
82
|
-
metadata:
|
83
|
-
|
82
|
+
metadata:
|
83
|
+
rubygems_mfa_required: 'true'
|
84
|
+
post_install_message:
|
84
85
|
rdoc_options: []
|
85
86
|
require_paths:
|
86
87
|
- lib
|
@@ -95,9 +96,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
95
96
|
- !ruby/object:Gem::Version
|
96
97
|
version: '0'
|
97
98
|
requirements: []
|
98
|
-
|
99
|
-
|
100
|
-
signing_key:
|
99
|
+
rubygems_version: 3.3.7
|
100
|
+
signing_key:
|
101
101
|
specification_version: 4
|
102
102
|
summary: Streamlined bundler audit with Changelog detection and summary ouput
|
103
103
|
test_files: []
|