bundler-patch 0.6.0 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +13 -12
- data/lib/bundler/patch/scanner.rb +1 -3
- data/lib/bundler/patch/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d81e3f4667e6cb684ba7caf5ff5ab7778712964e
|
|
4
|
+
data.tar.gz: f54482f58a5e12f47b740a9bc4dfe0992daa49ca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 419579e3bbbe1653877d8fe227995bdac95208141804eea933171108851ae317df0d4c5f2a5defbe82aff46342ddb10954c3330f543e0f9e787a805aac37f127
|
|
7
|
+
data.tar.gz: 85f1d8f4b1d2b7cb316a62efb85f84fcf041552db77c97ee15c5adecb967514f9470c660c0c9bf2f76158639236ecb1d1ee36f731427abcf8920dff11b0d4dad
|
data/README.md
CHANGED
|
@@ -5,9 +5,11 @@
|
|
|
5
5
|
## Goals
|
|
6
6
|
|
|
7
7
|
- Update the Gemfile, .ruby-version and other files to patch an app according to `ruby-advisory-db` content.
|
|
8
|
-
-
|
|
8
|
+
- Provide conservative update of select or all gems. Conservative meaning to the latest release (default) or minor (optional) version.
|
|
9
|
+
- Don't security patch past the minimum gem version required. (This may change).
|
|
9
10
|
- Minimal munging to existing version spec.
|
|
10
11
|
- Support a database of custom advisories for internal gems.
|
|
12
|
+
- Provide reasonable support for keeping a large number of apps and services up-to-date as automatically as possible.
|
|
11
13
|
|
|
12
14
|
## Installation
|
|
13
15
|
|
|
@@ -107,6 +109,16 @@ the downloading the full dependency data from remote sources.
|
|
|
107
109
|
|
|
108
110
|
## Development
|
|
109
111
|
|
|
112
|
+
### Status
|
|
113
|
+
|
|
114
|
+
0.x versions are subject to breaking changes, there's a fair amount of experimenting going on and some future plans to
|
|
115
|
+
not only revisit the command names but also investigate making this a proper Bundler plugin.
|
|
116
|
+
|
|
117
|
+
We'd love to get real world scenarios where things don't go as planned to help flesh out varying details of what many
|
|
118
|
+
believe a conservative update should be.
|
|
119
|
+
|
|
120
|
+
### How To
|
|
121
|
+
|
|
110
122
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can
|
|
111
123
|
also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
112
124
|
|
|
@@ -122,14 +134,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/living
|
|
|
122
134
|
## License
|
|
123
135
|
|
|
124
136
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
## Misc
|
|
128
|
-
|
|
129
|
-
None of these do what we need, but may have some code doing some similar work in places.
|
|
130
|
-
|
|
131
|
-
- http://www.rubydoc.info/gems/bundler-auto-update/0.1.0 (runs tests after each gem upgrade)
|
|
132
|
-
- http://www.rubydoc.info/gems/bundler-updater/0.0.3 (interactive prompt for what's available to upgrade to)
|
|
133
|
-
- https://github.com/rosylilly/bundler-add (outputs Gemfile line for adding a gem)
|
|
134
|
-
|
|
135
|
-
|
|
@@ -20,9 +20,7 @@ module Bundler::Patch
|
|
|
20
20
|
puts # extra line to separate from advisory db update text
|
|
21
21
|
puts 'Detected vulnerabilities:'
|
|
22
22
|
puts '-------------------------'
|
|
23
|
-
gem_patches.
|
|
24
|
-
puts "Need to update #{gp.gem_name}: #{gp.old_version} => #{gp.new_version}" # TODO: Bundler.ui
|
|
25
|
-
end
|
|
23
|
+
puts gem_patches.map(&:to_s).uniq.sort.join("\n")
|
|
26
24
|
end
|
|
27
25
|
end
|
|
28
26
|
|