bundler-patch 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +13 -12
- data/lib/bundler/patch/scanner.rb +1 -3
- data/lib/bundler/patch/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d81e3f4667e6cb684ba7caf5ff5ab7778712964e
|
|
4
|
+
data.tar.gz: f54482f58a5e12f47b740a9bc4dfe0992daa49ca
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 419579e3bbbe1653877d8fe227995bdac95208141804eea933171108851ae317df0d4c5f2a5defbe82aff46342ddb10954c3330f543e0f9e787a805aac37f127
|
|
7
|
+
data.tar.gz: 85f1d8f4b1d2b7cb316a62efb85f84fcf041552db77c97ee15c5adecb967514f9470c660c0c9bf2f76158639236ecb1d1ee36f731427abcf8920dff11b0d4dad
|
data/README.md
CHANGED
|
@@ -5,9 +5,11 @@
|
|
|
5
5
|
## Goals
|
|
6
6
|
|
|
7
7
|
- Update the Gemfile, .ruby-version and other files to patch an app according to `ruby-advisory-db` content.
|
|
8
|
-
-
|
|
8
|
+
- Provide conservative update of select or all gems. Conservative meaning to the latest release (default) or minor (optional) version.
|
|
9
|
+
- Don't security patch past the minimum gem version required. (This may change).
|
|
9
10
|
- Minimal munging to existing version spec.
|
|
10
11
|
- Support a database of custom advisories for internal gems.
|
|
12
|
+
- Provide reasonable support for keeping a large number of apps and services up-to-date as automatically as possible.
|
|
11
13
|
|
|
12
14
|
## Installation
|
|
13
15
|
|
|
@@ -107,6 +109,16 @@ the downloading the full dependency data from remote sources.
|
|
|
107
109
|
|
|
108
110
|
## Development
|
|
109
111
|
|
|
112
|
+
### Status
|
|
113
|
+
|
|
114
|
+
0.x versions are subject to breaking changes, there's a fair amount of experimenting going on and some future plans to
|
|
115
|
+
not only revisit the command names but also investigate making this a proper Bundler plugin.
|
|
116
|
+
|
|
117
|
+
We'd love to get real world scenarios where things don't go as planned to help flesh out varying details of what many
|
|
118
|
+
believe a conservative update should be.
|
|
119
|
+
|
|
120
|
+
### How To
|
|
121
|
+
|
|
110
122
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can
|
|
111
123
|
also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
112
124
|
|
|
@@ -122,14 +134,3 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/living
|
|
|
122
134
|
## License
|
|
123
135
|
|
|
124
136
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
## Misc
|
|
128
|
-
|
|
129
|
-
None of these do what we need, but may have some code doing some similar work in places.
|
|
130
|
-
|
|
131
|
-
- http://www.rubydoc.info/gems/bundler-auto-update/0.1.0 (runs tests after each gem upgrade)
|
|
132
|
-
- http://www.rubydoc.info/gems/bundler-updater/0.0.3 (interactive prompt for what's available to upgrade to)
|
|
133
|
-
- https://github.com/rosylilly/bundler-add (outputs Gemfile line for adding a gem)
|
|
134
|
-
|
|
135
|
-
|
|
@@ -20,9 +20,7 @@ module Bundler::Patch
|
|
|
20
20
|
puts # extra line to separate from advisory db update text
|
|
21
21
|
puts 'Detected vulnerabilities:'
|
|
22
22
|
puts '-------------------------'
|
|
23
|
-
gem_patches.
|
|
24
|
-
puts "Need to update #{gp.gem_name}: #{gp.old_version} => #{gp.new_version}" # TODO: Bundler.ui
|
|
25
|
-
end
|
|
23
|
+
puts gem_patches.map(&:to_s).uniq.sort.join("\n")
|
|
26
24
|
end
|
|
27
25
|
end
|
|
28
26
|
|