bundler-leak 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d6a7260a91e09321434a8b2ce2106896144db3a27a7fe32cf519f904bbbabf86
-  data.tar.gz: 6b1dbb00bf846c7e52c5a24be5f46048b7ca9b61ecec3c801c2c40eb78516516
+  metadata.gz: da3d27fec7acee6b26df26e77f7efdb5d4d5c4783bab50a5ffee8c70344c9791
+  data.tar.gz: 16104345f72340b3b14d5106a08c24a3b4627ead89aa4bc48423346c255f483f
 SHA512:
-  metadata.gz: 1d9523794f9ee066976bf5ba73bfc072ac2291cfa8c3e53c3f2021f2449bccc4d3d6a3497114e210168d8114239a00b60b1b25c40f18057ee503f3447ae5bd5d
-  data.tar.gz: 4d7e7319fc73914ae027c00c7f5d578030fdc3966cc69e6d07014b13a02b900c6eaa8f5d1e1e94b7844444a10119fa1925b26aba8777292a236dad4535886c20
+  metadata.gz: 2556087c7303334229b4957a28915795b8bc2df3ea05834cac8c3d81f67fee5a17bf454493590131f3a9950e8dc7f26f5c7b8bca0ab06e437c766feed360dda3
+  data.tar.gz: 64f11cfcedce51dafa622b0453f0ce0e77d8a0e48ce0bb3b5d437f0648fba1a775b3116b28d05814ef4b860fa6c7958ff74355fb6ed236cd5cba10dc04114117

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,59 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: ''
+assignees: ''
+
+---
+
+**IMPORTANT: please make sure you ask yourself all intro questions and fill all sections of the template.**
+
+**Before we start...:**
+
+- [ ] I checked the documentation and found no answer
+- [ ] I checked to make sure that this issue has not already been filed
+- [ ] I'm reporting the issue to the correct repository (for multi-repository projects)
+
+
+**Branch/Commit:**
+
+Inform what branch/commit of bundler-leak you are using.
+
+**Expected behavior:**
+
+Please include a detailed description of the behavior you were expecting when you encountered this issue.
+
+**Actual behavior:**
+
+Please include a detailed description of the actual behavior of the application.
+
+**Steps to reproduce:**
+
+How do I achieve this behavior? Use the following format to provide a step-by-step guide:
+
+1. Step 1: ...
+2. Step 2: ...
+
+**Context and environment:**
+
+Provide any relevant information about your setup (Customize the list accordingly based on what info is relevant to this project)
+
+1. Version of the software the issue is being opened for.
+2. Operating System
+3. Operating System version
+4. Ruby version
+
+_Delete any information that is not relevant._
+
+If you are unable to reproduce the bug, add the **Non-Reproducible** tag and describe the steps you followed leading to the bug to the best of your recollection.
+
+**Screenshots and Videos**
+
+If the issue has an effect in the frontend, include any relevant screenshots and videos here.
+
+**Logs**
+
+Include relevant log snippets or files here.
+
+**I will abide by the [code of conduct] (code_of_conduct.md)**

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,47 @@
+---
+name: Feature request
+about: Request a new feature
+title: "[REQUEST]"
+labels: 'enhancement'
+assignees: ''
+
+---
+
+**IMPORTANT: please make sure you ask yourself all intro questions and fill all sections of the template.**
+
+**Before we start...:**
+
+- [ ] I checked the documentation and didn't find this feature
+- [ ] I checked to make sure that this feature has not already been requested
+
+
+**Branch/Commit:**
+
+Inform what branch/commit/version of bundler-leak you are using.
+
+**Describe the feature:**
+
+Please include a detailed description of the feature you are requesting and any detail on it’s expected behavior.
+
+> **As a \<role name\>**
+> **I do \<something\>**
+> **And then I do \<another action\>**
+> **And I see \<some result\>**
+
+**Problem:**
+
+Please include a detailed description of the problem this feature would solve.
+
+> **As a \<role name\>**
+> **I want to \<do something\>**
+> **So that I can achieve a \<goal\>**
+
+**Mockups:**
+
+Include any mockup idea related to the requested feature if it applies.
+
+**Resources:**
+
+If you have resources related to the implementation or research for this feature, add them here.
+
+**I will abide by the [code of conduct] (code_of_conduct.md)**

data/.github/workflows/test.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        ruby: ['2.6', '2.7', '3.0', '3.1']
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Run tests
+      run: |
+        ./bin/setup
+        bundle exec rspec spec

data/.gitignore

@@ -5,7 +5,6 @@ doc/
 .yardoc/
 coverage/
 pkg/
-spec/bundle/*/Gemfile.lock
-spec/bundle/*/.bundle/
+spec/bundle/unpatched_gems/.bundle/
 vendor/bundle/
 tmp/

data/Gemfile

@@ -9,7 +9,7 @@ group :development do
   gem 'rubygems-tasks', '~> 0.2'
   gem 'rspec',          '~> 3.0'
   gem 'yard',           '~> 0.9'
-  gem 'simplecov',      '~> 0.7', :require => false
+  gem 'simplecov',      '~> 0.21.2', :require => false
 end
 
 gem "byebug", "~> 11.0", :groups => [:development, :test]

data/README.md

@@ -4,7 +4,7 @@
 * [Issues](https://github.com/rubymem/bundler-leak/issues)
 * [Documentation](http://rubydoc.info/gems/bundler-leak/frames)
 * [Email](mailto:oss at ombulabs.com)
-* [![Build Status](https://travis-ci.org/rubymem/bundler-leak.svg?branch=master)](https://travis-ci.org/rubymem/bundler-leak)
+* [![Build Status](https://travis-ci.org/rubymem/bundler-leak.svg?branch=main)](https://travis-ci.org/rubymem/bundler-leak)
 * [![Code Climate](https://codeclimate.com/github/rubymem/bundler-leak.svg)](https://codeclimate.com/github/rubymem/bundler-leak)
 
 ## Description
@@ -45,15 +45,15 @@ Update the [ruby-mem-advisory-db] that `bundle leak` uses:
     $ bundle leak update
 
     cd data/ruby-mem-advisory-db
-    git pull origin master
+    git pull origin main
     remote: Enumerating objects: 14, done.
     remote: Counting objects: 100% (14/14), done.
     remote: Compressing objects: 100% (4/4), done.
     remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
     Unpacking objects: 100% (9/9), done.
     From github.com:rubymem/ruby-mem-advisory-db
-     * branch            master     -> FETCH_HEAD
-       3254525..c4fc78e  master     -> origin/master
+     * branch            main     -> FETCH_HEAD
+       3254525..c4fc78e  main     -> origin/main
     Updating 3254525..c4fc78e
     Fast-forward
      README.md                 | 68 ++++++++++++++++++++------------------------------------------------
@@ -116,3 +116,12 @@ along with bundler-leak.  If not, see <http://www.gnu.org/licenses/>.
 [bundler]: https://github.com/carlhuda/bundler#readme
 
 [ruby-mem-advisory-db]: https://github.com/rubymem/ruby-mem-advisory-db
+
+## Code of Conduct
+
+Everyone interacting in the bundler-leak project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/rubymem/bundler-leak/code-of-conduct.md).
+
+## FastRuby.io
+![fastruby](https://github.com/rubymem/bundler-leak/raw/main/fastruby-logo.png)
+
+`bundler-leak` is maintained and funded by FastRuby.io, inc. The names and logos for FastRuby.io are trademarks of FastRuby.io, inc.

data/Rakefile

@@ -20,7 +20,7 @@ namespace :db do
     timestamp = nil
 
     chdir 'data/ruby-mem-advisory-db' do
-      sh 'git', 'pull', 'origin', 'master'
+      sh 'git', 'pull', 'origin', 'main'
 
       File.open('../ruby-mem-advisory-db.ts','w') do |file|
         file.write Time.parse(`git log --pretty="%cd" -1`).utc
@@ -36,19 +36,6 @@ end
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new
 
-namespace :spec do
-  task :bundle do
-    root = 'spec/bundle'
-
-    %w[unpatched_gems].each do |bundle|
-      chdir(File.join(root,bundle)) do
-        sh "unset BUNDLE_BIN_PATH BUNDLE_GEMFILE RUBYOPT && bundle config set --local path '../../../vendor/bundle' && bundle install"
-      end
-    end
-  end
-end
-task :spec => 'spec:bundle'
-
 task :test    => :spec
 task :default => :spec
 

data/bundler-leak.gemspec

@@ -33,8 +33,9 @@ Gem::Specification.new do |gem|
     end
   end
 
+  gem.bindir = "exe"
   gem.executables = gemspec.fetch('executables') do
-    glob['bin/*'].map { |path| File.basename(path) }
+    glob['exe/*'].map { |path| File.basename(path) }
   end
   gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
 

data/code-of-conduct.md

@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to make participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [oss@ombulabs.com]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
+

data/gemspec.yml

@@ -12,3 +12,6 @@ required_rubygems_version: ">= 1.8.0"
 dependencies:
   thor: ">= 0.18, < 2"
   bundler:  ">= 1.2.0, < 3"
+
+development_dependencies:
+  byebug: "~> 11.1"

data/lib/bundler/plumber/advisory.rb

@@ -44,7 +44,7 @@ module Bundler
       #
       def self.load(path)
         id   = File.basename(path).chomp('.yml')
-        data = YAML.load_file(path)
+        data = load_advisory_from_yaml(path)
 
         unless data.kind_of?(Hash)
           raise("advisory data in #{path.dump} was not a Hash")
@@ -69,6 +69,12 @@ module Bundler
         )
       end
 
+      def self.load_advisory_from_yaml(path)
+        return YAML.load_file(path, permitted_classes: [Date]) if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4')
+
+        YAML.load_file(path)
+      end
+
       #
       # Checks whether the version is not affected by the advisory.
       #

data/lib/bundler/plumber/cli.rb

@@ -76,7 +76,7 @@ module Bundler
         end
 
         unless options.quiet?
-          puts("ruby-mem-advisory-db: #{Database.new.size} advisories")
+          say("ruby-mem-advisory-db: #{Database.new.size} advisories", :green)
         end
       end
 

data/lib/bundler/plumber/database.rb

@@ -100,7 +100,7 @@ module Bundler
         if File.directory?(USER_PATH)
           if File.directory?(File.join(USER_PATH, ".git"))
             Dir.chdir(USER_PATH) do
-              command = "git fetch --all; git reset --hard origin/master"
+              command = "git fetch --all; git reset --hard origin/main"
               command << ' --quiet' if options[:quiet]
 
               system *command

data/lib/bundler/plumber/version.rb

@@ -19,6 +19,6 @@
 module Bundler
   module Plumber
     # bundler-leak version
-    VERSION = '0.2.0'
+    VERSION = '0.3.0'
   end
 end

data/pull_request_template.md

@@ -0,0 +1,7 @@
+**IMPORTANT: Please read the README before submitting pull requests for this project. Additionally, if your PR closes any open GitHub issues, make sure you include _Closes #XXXX_ in your comment or use the option on the PR's sidebar to add related issues to auto-close the issue that your PR fixes. **
+
+**Description:**
+
+Please include a summary of the change and which issue is fixed or which feature is introduced. If changes to the behavior are made, clearly describe what changes.
+
+I will abide by the [code of conduct](code_of_conduct.md).

data/spec/advisory_spec.rb

@@ -27,7 +27,7 @@ describe Bundler::Plumber::Advisory do
   subject { described_class.load(path) }
 
   describe "load" do
-    let(:data) { YAML.load_file(path) }
+    let(:data) { YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(File.read(path)) : YAML.load_file(path) }
 
     describe '#id' do
       subject { super().id }

data/spec/bundle/unpatched_gems/Gemfile

@@ -2,38 +2,3 @@ source 'https://rubygems.org'
 
 gem "celluloid", "0.17.0"
 gem "therubyracer", "0.12.1"
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
-gem 'sqlite3', platform: [:mri, :rbx]
-
-
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
-  # gem 'sass-rails',   '~> 3.2.3'
-  # gem 'coffee-rails', '~> 3.2.1'
-
-  # See https://github.com/sstephenson/execjs#readme for more supported runtimes
-  # gem 'therubyracer', :platforms => :ruby
-
-  # gem 'uglifier', '>= 1.0.3'
-end
-
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'

data/spec/bundle/unpatched_gems/Gemfile.lock

@@ -0,0 +1,60 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    celluloid (0.17.0)
+      bundler
+      celluloid-essentials
+      celluloid-extras
+      celluloid-fsm
+      celluloid-pool
+      celluloid-supervision
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    celluloid-essentials (0.20.2)
+      bundler
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    celluloid-extras (0.20.0)
+      bundler
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    celluloid-fsm (0.20.0)
+      bundler
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    celluloid-pool (0.20.0)
+      bundler
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    celluloid-supervision (0.20.1)
+      bundler
+      dotenv
+      nenv
+      rspec-logsplit (>= 0.1.2)
+      timers (~> 4.0.0)
+    dotenv (2.7.6)
+    hitimes (2.0.0)
+    nenv (0.3.0)
+    rspec-logsplit (0.1.3)
+    therubyracer (0.12.1)
+    timers (4.0.4)
+      hitimes
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  celluloid (= 0.17.0)
+
+BUNDLED WITH
+   2.1.4

data/spec/cli_spec.rb

@@ -5,33 +5,49 @@ describe Bundler::Plumber::CLI do
   describe "#update" do
     context "not --quiet (the default)" do
       context "when update succeeds" do
-
-        before { expect(Bundler::Plumber::Database).to receive(:update!).and_return(true) }
+        before { allow(Bundler::Plumber::Database).to receive(:update!).and_return(true) }
 
         it "prints updated message" do
-          expect { subject.update }.to output(/Updated ruby-mem-advisory-db/).to_stdout
+          allow(subject).to(
+            receive(:say)
+          )
+
+          subject.update
+
+          expect(subject).to(
+            have_received(:say).with("Updated ruby-mem-advisory-db", :green)
+          )
         end
 
         it "prints total advisory count" do
           database = double
-          expect(database).to receive(:size).and_return(1234)
-          expect(Bundler::Plumber::Database).to receive(:new).and_return(database)
+          allow(database).to receive(:size).and_return(1234)
+          allow(Bundler::Plumber::Database).to receive(:new).and_return(database)
+
+          allow(subject).to(
+            receive(:say)
+          )
 
-          expect { subject.update }.to output(/ruby-mem-advisory-db: 1234 advisories/).to_stdout
+          subject.update
+
+          expect(subject).to(
+            have_received(:say).with("ruby-mem-advisory-db: 1234 advisories", :green)
+          )
         end
       end
 
       context "when update fails" do
-
-        before { expect(Bundler::Plumber::Database).to receive(:update!).and_return(false) }
+        before { allow(Bundler::Plumber::Database).to receive(:update!).and_return(false) }
 
         it "prints failure message" do
-          expect do
-            begin
-              subject.update
-            rescue SystemExit
-            end
-          end.to output(/Failed updating ruby-mem-advisory-db!/).to_stdout
+          allow(subject).to(receive(:say))
+          allow(subject).to(receive(:exit))
+
+          subject.update
+
+          expect(subject).to(
+            have_received(:say).with("Failed updating ruby-mem-advisory-db!", :red)
+          )
         end
 
         it "exits with error status code" do
@@ -49,14 +65,14 @@ describe Bundler::Plumber::CLI do
     end
 
     context "--quiet" do
-      before do
-        allow(subject).to receive(:options).and_return(double("Options", quiet?: true))
+      subject do
+        Bundler::Plumber::CLI.new([], quiet: true)
       end
 
       context "when update succeeds" do
 
         before do
-          expect(Bundler::Plumber::Database).to(
+          allow(Bundler::Plumber::Database).to(
             receive(:update!).with(quiet: true).and_return(true)
           )
         end
@@ -67,31 +83,31 @@ describe Bundler::Plumber::CLI do
       end
 
       context "when update fails" do
-
         before do
-          expect(Bundler::Plumber::Database).to(
+          allow(Bundler::Plumber::Database).to(
             receive(:update!).with(quiet: true).and_return(false)
           )
+          allow(subject).to receive(:exit)
         end
 
         it "prints failure message" do
-          expect do
-            begin
-              subject.update
-            rescue SystemExit
-            end
-          end.to output(/Failed updating ruby-mem-advisory-db!/).to_stdout
+          allow(subject).to(
+            receive(:say)
+          )
+
+          subject.update
+
+          expect(subject).to(
+            have_received(:say).with("Failed updating ruby-mem-advisory-db!", :red)
+          )
         end
 
         it "exits with error status code" do
-          expect {
-            # Capture output of `update` only to keep spec output clean.
-            # The test regarding specific output is above.
-            expect { subject.update }.to output.to_stdout
-          }.to raise_error(SystemExit) do |error|
-            expect(error.success?).to eq(false)
-            expect(error.status).to eq(1)
-          end
+          allow(subject).to receive(:exit)
+
+          subject.update
+
+          expect(subject).to have_received(:exit).with(1)
         end
       end
     end

data/spec/database_spec.rb

@@ -14,15 +14,10 @@ describe Bundler::Plumber::Database do
       expect(File.directory?(subject)).to be_truthy
     end
 
-    it "should prefer the user repo, if it's as up to date, or more up to date than the vendored one" do
+    xit "should prefer the user repo, if it's as up to date, or more up to date than the vendored one" do
 
       Bundler::Plumber::Database.update!(quiet: false)
 
-      Dir.chdir(Bundler::Plumber::Database::USER_PATH) do
-        puts "Timestamp:"
-        system 'git log --pretty="%cd" -1'
-      end
-
       # As up to date...
       expect(Bundler::Plumber::Database.path).to eq mocked_user_path
 
@@ -36,7 +31,7 @@ describe Bundler::Plumber::Database do
   end
 
   describe "update!" do
-    it "should create the USER_PATH path as needed" do
+    xit "should create the USER_PATH path as needed" do
       Bundler::Plumber::Database.update!(quiet: false)
       expect(File.directory?(mocked_user_path)).to be true
     end