dependency_spy 0.3.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 0bd2e870a6e0baec4974d3d1eb6603c73b2d40cd
4
- data.tar.gz: c07f0e46d2954d97a1787cc06355a97a465a2c64
2
+ SHA256:
3
+ metadata.gz: bb58e1e3a80a6baba1c4c5386805977e22efba6b5a3e2631f732d08846034a2e
4
+ data.tar.gz: 989f3375b5eed793e0711592b17aafa2444de743cdf5a234fb9888fe309a26bc
5
5
  SHA512:
6
- metadata.gz: b8b3607be32c792bc9457a5c67fb539cbbacdfbffd09283c0aacff793c484be82f546ab88d5c6ef4bf23989b2eb47a86e85829e21abf169b6d70ffeedfececda
7
- data.tar.gz: f9fe9f2185c0dc51514632c4a6b9cd1c2449dd517f369cfc77d5541e00bb2b4fa67f7e464f8db852ed0c984eea49a5283072fdd2ea33e193ba5cbc185854ae42
6
+ metadata.gz: 5d1be8417cab3fb934aab4d31a531f6a3da7587e09565080afbf0ef91d76e70bb48c054b8d470e8d80dcd6e5e80292ffd73e31372f08df00a3dc1b9b1e0dda19
7
+ data.tar.gz: 467f4211c000f6439701f3ec494f09928daa4f858300f837d5366b77b2dbd306586cb3636bbaca4e095a307a606836359c6645a1e9b7311e6a3036a2045b7eb8
@@ -4,21 +4,20 @@ jobs:
4
4
  build-lint-test:
5
5
  working_directory: ~/dependency_spy
6
6
  docker:
7
- - image: circleci/ruby:2.3.7
7
+ - image: circleci/ruby:2.5.5
8
8
  steps:
9
9
  - checkout
10
10
 
11
- - name: Install Bundler Version
12
- type: shell
13
- command: gem install bundler -v 1.16
14
-
15
11
  - name: Restore cache
16
12
  type: cache-restore
17
13
  key: yavdb-{{ checksum "Gemfile.lock" }}
18
14
 
19
15
  - name: Bundle Install
20
16
  type: shell
21
- command: bundle install --path /tmp/vendor/bundle
17
+ command: |
18
+ sudo gem update --system
19
+ gem install bundler
20
+ bundle install --path /tmp/vendor/bundle
22
21
 
23
22
  - name: Save cache
24
23
  type: cache-save
@@ -28,7 +27,7 @@ jobs:
28
27
 
29
28
  - name: Vulnerable dependencies
30
29
  type: shell
31
- command: bundle exec depspy check --files Gemfile,Gemfile.lock
30
+ command: bundle exec bin/depspy check --files Gemfile,Gemfile.lock
32
31
 
33
32
  - name: Rubocop
34
33
  type: shell
@@ -0,0 +1,32 @@
1
+ ---
2
+ name: Bug report
3
+ about: Create a report to help us improve
4
+ title: ''
5
+ labels: ''
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ **Describe the bug**
11
+ A clear and concise description of what the bug is.
12
+
13
+ **To Reproduce**
14
+ Steps to reproduce the behavior:
15
+ 1. Go to '...'
16
+ 2. Click on '....'
17
+ 3. Scroll down to '....'
18
+ 4. See error
19
+
20
+ **Expected behavior**
21
+ A clear and concise description of what you expected to happen.
22
+
23
+ **Screenshots**
24
+ If applicable, add screenshots to help explain your problem.
25
+
26
+ **Desktop (please complete the following information):**
27
+ - OS: [e.g. Windows, Linux, Mac]
28
+ - Ruby Version [e.g. 2.5.5]
29
+ - Version [e.g. 22]
30
+
31
+ **Additional context**
32
+ Add any other context about the problem here.
@@ -0,0 +1,20 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for this project
4
+ title: ''
5
+ labels: ''
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ **Is your feature request related to a problem? Please describe.**
11
+ A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12
+
13
+ **Describe the solution you'd like**
14
+ A clear and concise description of what you want to happen.
15
+
16
+ **Describe alternatives you've considered**
17
+ A clear and concise description of any alternative solutions or features you've considered.
18
+
19
+ **Additional context**
20
+ Add any other context or screenshots about the feature request here.
data/.gitignore CHANGED
@@ -112,3 +112,5 @@ build-iPhoneSimulator/
112
112
  *.iml
113
113
 
114
114
  # End of https://www.gitignore.io/api/jetbrains,ruby
115
+
116
+ .depspy.yml
@@ -1,63 +1,69 @@
1
+ inherit_from: .rubocop_todo.yml
2
+
3
+ require:
4
+ - rubocop-performance
5
+ - rubocop-rspec
6
+
1
7
  AllCops:
2
8
  # Include common Ruby source files.
3
9
  Include:
4
- - '**/*.builder'
5
- - '**/*.fcgi'
6
- - '**/*.gemspec'
7
- - '**/*.god'
8
- - '**/*.jb'
9
- - '**/*.jbuilder'
10
- - '**/*.mspec'
11
- - '**/*.opal'
12
- - '**/*.pluginspec'
13
- - '**/*.podspec'
14
- - '**/*.rabl'
15
- - '**/*.rake'
16
- - '**/*.rb'
17
- - '**/*.rbuild'
18
- - '**/*.rbw'
19
- - '**/*.rbx'
20
- - '**/*.ru'
21
- - '**/*.ruby'
22
- - '**/*.spec'
23
- - '**/*.thor'
24
- - '**/*.watchr'
25
- - '**/.irbrc'
26
- - '**/.pryrc'
27
- - '**/buildfile'
28
- - '**/config.ru'
29
- - '**/Appraisals'
30
- - '**/Berksfile'
31
- - '**/Brewfile'
32
- - '**/Buildfile'
33
- - '**/Capfile'
34
- - '**/Cheffile'
35
- - '**/Dangerfile'
36
- - '**/Deliverfile'
37
- - '**/Fastfile'
38
- - '**/*Fastfile'
39
- - '**/Gemfile'
40
- - '**/Guardfile'
41
- - '**/Jarfile'
42
- - '**/Mavenfile'
43
- - '**/Podfile'
44
- - '**/Puppetfile'
45
- - '**/Rakefile'
46
- - '**/Snapfile'
47
- - '**/Thorfile'
48
- - '**/Vagabondfile'
49
- - '**/Vagrantfile'
10
+ - "**/*.builder"
11
+ - "**/*.fcgi"
12
+ - "**/*.gemspec"
13
+ - "**/*.god"
14
+ - "**/*.jb"
15
+ - "**/*.jbuilder"
16
+ - "**/*.mspec"
17
+ - "**/*.opal"
18
+ - "**/*.pluginspec"
19
+ - "**/*.podspec"
20
+ - "**/*.rabl"
21
+ - "**/*.rake"
22
+ - "**/*.rb"
23
+ - "**/*.rbuild"
24
+ - "**/*.rbw"
25
+ - "**/*.rbx"
26
+ - "**/*.ru"
27
+ - "**/*.ruby"
28
+ - "**/*.spec"
29
+ - "**/*.thor"
30
+ - "**/*.watchr"
31
+ - "**/.irbrc"
32
+ - "**/.pryrc"
33
+ - "**/buildfile"
34
+ - "**/config.ru"
35
+ - "**/Appraisals"
36
+ - "**/Berksfile"
37
+ - "**/Brewfile"
38
+ - "**/Buildfile"
39
+ - "**/Capfile"
40
+ - "**/Cheffile"
41
+ - "**/Dangerfile"
42
+ - "**/Deliverfile"
43
+ - "**/Fastfile"
44
+ - "**/*Fastfile"
45
+ - "**/Gemfile"
46
+ - "**/Guardfile"
47
+ - "**/Jarfile"
48
+ - "**/Mavenfile"
49
+ - "**/Podfile"
50
+ - "**/Puppetfile"
51
+ - "**/Rakefile"
52
+ - "**/Snapfile"
53
+ - "**/Thorfile"
54
+ - "**/Vagabondfile"
55
+ - "**/Vagrantfile"
50
56
  Exclude:
51
- - 'database/**/*'
52
- - 'db/**/*'
53
- - 'tmp/**/*'
54
- - 'vendor/**/*'
55
- - 'bin/**/*'
56
- - 'log/**/*'
57
+ - "database/**/*"
58
+ - "db/**/*"
59
+ - "tmp/**/*"
60
+ - "vendor/**/*"
61
+ - "bin/**/*"
62
+ - "log/**/*"
57
63
  DefaultFormatter: progress
58
64
  UseCache: false
59
65
  DisplayCopNames: false
60
- TargetRubyVersion: 2.3.7
66
+ TargetRubyVersion: 2.5.5
61
67
 
62
68
  Gemspec/OrderedDependencies:
63
69
  Enabled: true
@@ -82,7 +88,7 @@ Layout/EmptyLinesAroundClassBody:
82
88
  Enabled: true
83
89
  EnforcedStyle: empty_lines_except_namespace
84
90
  Exclude:
85
- - "lib/dependency_spy/dtos/dependency.rb"
91
+ - "lib/dependency_spy/dtos/dependency.rb"
86
92
 
87
93
  Layout/EmptyLinesAroundMethodBody:
88
94
  Enabled: true
@@ -94,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
94
100
  Layout/ExtraSpacing:
95
101
  Enabled: true
96
102
 
97
- Layout/FirstParameterIndentation:
103
+ Layout/FirstArgumentIndentation:
98
104
  Enabled: true
99
105
  EnforcedStyle: consistent
100
106
  IndentationWidth: 2
101
107
 
102
- Layout/IndentArray:
108
+ Layout/FirstArrayElementIndentation:
103
109
  Enabled: true
104
110
 
105
- Layout/IndentAssignment:
111
+ Layout/AssignmentIndentation:
106
112
  Enabled: true
107
113
 
108
- Layout/IndentHash:
114
+ Layout/FirstHashElementIndentation:
109
115
  Enabled: true
110
116
 
111
117
  Layout/MultilineHashBraceLayout:
@@ -122,7 +128,7 @@ Layout/MultilineOperationIndentation:
122
128
  Layout/SpaceAfterComma:
123
129
  Enabled: true
124
130
 
125
- Layout/AlignParameters:
131
+ Layout/ParameterAlignment:
126
132
  Enabled: true
127
133
  EnforcedStyle: with_fixed_indentation
128
134
 
@@ -153,7 +159,7 @@ Lint/UselessAccessModifier:
153
159
  Lint/UselessAssignment:
154
160
  Enabled: true
155
161
 
156
- Lint/HandleExceptions:
162
+ Lint/SuppressedException:
157
163
  Enabled: true
158
164
 
159
165
  Metrics/AbcSize:
@@ -164,7 +170,7 @@ Metrics/BlockLength:
164
170
  Enabled: true
165
171
  Max: 51
166
172
  Exclude:
167
- - "spec/snyk_io_spec.rb"
173
+ - "spec/snyk_io_spec.rb"
168
174
 
169
175
  Metrics/ClassLength:
170
176
  Enabled: false
@@ -174,7 +180,7 @@ Metrics/CyclomaticComplexity:
174
180
  Enabled: false
175
181
  Max: 15
176
182
 
177
- Metrics/LineLength:
183
+ Layout/LineLength:
178
184
  Enabled: false
179
185
  Max: 147
180
186
 
@@ -316,10 +322,10 @@ Style/TrailingCommaInHashLiteral:
316
322
  Enabled: true
317
323
  EnforcedStyleForMultiline: no_comma
318
324
 
319
- Style/UnneededInterpolation:
325
+ Style/RedundantInterpolation:
320
326
  Enabled: true
321
327
 
322
- Style/UnneededPercentQ:
328
+ Style/RedundantPercentQ:
323
329
  Enabled: true
324
330
 
325
331
  Style/WhileUntilDo:
@@ -0,0 +1,34 @@
1
+ # This configuration was generated by
2
+ # `rubocop --auto-gen-config --auto-gen-only-exclude`
3
+ # on 2020-01-01 22:58:30 +0000 using RuboCop version 0.78.0.
4
+ # The point is for the user to remove these configuration records
5
+ # one by one as the offenses are removed from the code base.
6
+ # Note that changes in the inspected code, or installation of new
7
+ # versions of RuboCop, may require this file to be generated again.
8
+
9
+ # Offense count: 4
10
+ # Configuration parameters: Max.
11
+ RSpec/ExampleLength:
12
+ Exclude:
13
+ - 'spec/dependency_spy_cli_spec.rb'
14
+ - 'spec/dependency_spy_spec.rb'
15
+
16
+ # Offense count: 2
17
+ # Configuration parameters: CustomTransform, IgnoreMethods.
18
+ RSpec/FilePath:
19
+ Exclude:
20
+ - 'spec/dependency_spy_cli_spec.rb'
21
+ - 'spec/dependency_spy_spec.rb'
22
+
23
+ # Offense count: 5
24
+ # Configuration parameters: .
25
+ # SupportedStyles: have_received, receive
26
+ RSpec/MessageSpies:
27
+ EnforcedStyle: receive
28
+
29
+ # Offense count: 3
30
+ # Configuration parameters: Max, AggregateFailuresByDefault.
31
+ RSpec/MultipleExpectations:
32
+ Exclude:
33
+ - 'spec/dependency_spy_cli_spec.rb'
34
+ - 'spec/dependency_spy_spec.rb'
@@ -1 +1 @@
1
- 2.3.7
1
+ 2.5.5
@@ -0,0 +1,60 @@
1
+ ## How to contribute to dependency_spy
2
+
3
+ ### Main rules
4
+
5
+ * Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/dependency_spy/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
6
+
7
+ * If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
8
+
9
+ * Before sending a pull request make sure your code is tested.
10
+
11
+ * Before sending a pull request for a feature, be sure to run tests.
12
+
13
+ * Use the same coding style as the rest of the codebase.
14
+
15
+ * Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
16
+
17
+ * After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/dependency_spy)
18
+ and that [Codacy](https://www.codacy.com/app/rtfpessoa/dependency_spy) is also confident in the code quality.
19
+
20
+ ### Commit Style
21
+
22
+ Writing good commit logs is important. A commit log should describe what changed and why.
23
+ Follow these guidelines when writing one:
24
+
25
+ 1. The first line should be 50 characters or less and contain a short
26
+ description of the change prefixed with the name of the changed
27
+ subsystem (e.g. "net: add localAddress and localPort to Socket").
28
+ 2. Keep the second line blank.
29
+ 3. Wrap all other lines at 72 columns.
30
+
31
+ A good commit log can look something like this:
32
+
33
+ ```
34
+ subsystem: explaining the commit in one line
35
+
36
+ Body of commit message is a few lines of text, explaining things
37
+ in more detail, possibly giving some background about the issue
38
+ being fixed, etc. etc.
39
+
40
+ The body of the commit message can be several paragraphs, and
41
+ please do proper word-wrap and keep columns shorter than about
42
+ 72 characters or so. That way `git log` will show things
43
+ nicely even when it is indented.
44
+ ```
45
+
46
+ ### Developer's Certificate of Origin 1.0
47
+
48
+ By making a contribution to this project, I certify that:
49
+
50
+ * (a) The contribution was created in whole or in part by me and I
51
+ have the right to submit it under the open source license indicated
52
+ in the file; or
53
+ * (b) The contribution is based upon previous work that, to the best
54
+ of my knowledge, is covered under an appropriate open source license
55
+ and I have the right under that license to submit that work with
56
+ modifications, whether created in whole or in part by me, under the
57
+ same open source license (unless I am permitted to submit under a
58
+ different license), as indicated in the file; or
59
+ * (c) The contribution was provided directly to me by some other
60
+ person who certified (a), (b) or (c) and I have not modified it.
@@ -1,116 +1,135 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dependency_spy (0.3.0)
5
- bibliothecary (~> 6.3)
6
- colorize (~> 0.8.1)
7
- semantic_range (~> 2.1)
4
+ dependency_spy (0.6.1)
5
+ bibliothecary (~> 6.6)
6
+ colorize (= 0.8.1)
7
+ semantic_range (~> 2.2)
8
8
  thor (~> 0.20)
9
- yavdb (~> 0.4)
9
+ yavdb (~> 0.5)
10
10
 
11
11
  GEM
12
12
  remote: https://rubygems.org/
13
13
  specs:
14
14
  ansi (1.5.0)
15
15
  ast (2.4.0)
16
- bibliothecary (6.3.1)
16
+ bibliothecary (6.8.5)
17
17
  commander
18
18
  deb_control
19
19
  librariesio-gem-parser
20
20
  ox (>= 2.8.1)
21
21
  sdl4r
22
+ strings
23
+ strings-ansi
22
24
  toml-rb (~> 1.0)
23
25
  typhoeus
24
26
  citrus (3.0.2)
25
- codacy-coverage (2.1.0)
27
+ codacy-coverage (2.2.0)
26
28
  simplecov
27
29
  colorize (0.8.1)
28
30
  commander (4.4.7)
29
31
  highline (~> 2.0.0)
30
32
  deb_control (0.0.1)
31
33
  diff-lcs (1.3)
32
- docile (1.3.1)
33
- ethon (0.11.0)
34
+ docile (1.3.2)
35
+ ethon (0.12.0)
34
36
  ffi (>= 1.3.0)
35
- ffi (1.9.25)
36
- highline (2.0.0)
37
- jaro_winkler (1.5.1)
38
- json (2.1.0)
39
- kramdown (1.17.0)
37
+ execjs (2.7.0)
38
+ ffi (1.11.3)
39
+ highline (2.0.3)
40
+ jaro_winkler (1.5.4)
41
+ json (2.3.0)
42
+ kramdown (2.3.0)
43
+ rexml
40
44
  librariesio-gem-parser (1.0.0)
45
+ libv8 (3.16.14.19-x86_64-linux)
41
46
  oga (2.15)
42
47
  ast
43
48
  ruby-ll (~> 2.1)
44
- ox (2.10.0)
45
- parallel (1.12.1)
46
- parser (2.5.1.2)
49
+ ox (2.12.0)
50
+ parallel (1.19.1)
51
+ parser (2.7.0.2)
47
52
  ast (~> 2.4.0)
48
- powerpack (0.1.2)
49
53
  rainbow (3.0.0)
50
- rake (12.3.1)
51
- rspec (3.8.0)
52
- rspec-core (~> 3.8.0)
53
- rspec-expectations (~> 3.8.0)
54
- rspec-mocks (~> 3.8.0)
55
- rspec-collection_matchers (1.1.3)
54
+ rake (13.0.1)
55
+ ref (2.0.0)
56
+ rexml (3.2.4)
57
+ rspec (3.9.0)
58
+ rspec-core (~> 3.9.0)
59
+ rspec-expectations (~> 3.9.0)
60
+ rspec-mocks (~> 3.9.0)
61
+ rspec-collection_matchers (1.2.0)
56
62
  rspec-expectations (>= 2.99.0.beta1)
57
- rspec-core (3.8.0)
58
- rspec-support (~> 3.8.0)
59
- rspec-expectations (3.8.2)
63
+ rspec-core (3.9.1)
64
+ rspec-support (~> 3.9.1)
65
+ rspec-expectations (3.9.0)
60
66
  diff-lcs (>= 1.2.0, < 2.0)
61
- rspec-support (~> 3.8.0)
62
- rspec-mocks (3.8.0)
67
+ rspec-support (~> 3.9.0)
68
+ rspec-mocks (3.9.1)
63
69
  diff-lcs (>= 1.2.0, < 2.0)
64
- rspec-support (~> 3.8.0)
65
- rspec-support (3.8.0)
66
- rubocop (0.60.0)
70
+ rspec-support (~> 3.9.0)
71
+ rspec-support (3.9.2)
72
+ rubocop (0.79.0)
67
73
  jaro_winkler (~> 1.5.1)
68
74
  parallel (~> 1.10)
69
- parser (>= 2.5, != 2.5.1.1)
70
- powerpack (~> 0.1)
75
+ parser (>= 2.7.0.1)
71
76
  rainbow (>= 2.2.2, < 4.0)
72
77
  ruby-progressbar (~> 1.7)
73
- unicode-display_width (~> 1.4.0)
74
- rubocop-rspec (1.30.0)
75
- rubocop (>= 0.58.0)
78
+ unicode-display_width (>= 1.4.0, < 1.7)
79
+ rubocop-performance (1.5.2)
80
+ rubocop (>= 0.71.0)
81
+ rubocop-rspec (1.37.1)
82
+ rubocop (>= 0.68.1)
76
83
  ruby-ll (2.1.2)
77
84
  ansi
78
85
  ast
79
- ruby-progressbar (1.10.0)
86
+ ruby-progressbar (1.10.1)
80
87
  sdl4r (0.9.11)
81
88
  semantic_interval (0.1.0)
82
- semantic_range (2.1.0)
83
- simplecov (0.16.1)
89
+ semantic_range (2.2.1)
90
+ simplecov (0.17.1)
84
91
  docile (~> 1.1)
85
92
  json (>= 1.8, < 3)
86
93
  simplecov-html (~> 0.10.0)
87
94
  simplecov-html (0.10.2)
88
- thor (0.20.0)
95
+ strings (0.1.8)
96
+ strings-ansi (~> 0.1)
97
+ unicode-display_width (~> 1.5)
98
+ unicode_utils (~> 1.4)
99
+ strings-ansi (0.2.0)
100
+ therubyracer (0.12.3)
101
+ libv8 (~> 3.16.14.15)
102
+ ref
103
+ thor (0.20.3)
89
104
  toml-rb (1.1.2)
90
105
  citrus (~> 3.0, > 3.0)
91
- typhoeus (1.3.0)
106
+ typhoeus (1.3.1)
92
107
  ethon (>= 0.9.0)
93
- unicode-display_width (1.4.0)
94
- yavdb (0.4.1)
95
- json (~> 2.1)
96
- kramdown (~> 1.17)
108
+ unicode-display_width (1.6.0)
109
+ unicode_utils (1.4.0)
110
+ yavdb (0.5.5)
111
+ execjs (~> 2.7)
112
+ json (~> 2.2)
113
+ kramdown (~> 2.1)
97
114
  oga (~> 2.15)
98
115
  semantic_interval (~> 0.1)
116
+ therubyracer (~> 0.12)
99
117
  thor (~> 0.20)
118
+ toml-rb (~> 1.1)
100
119
 
101
120
  PLATFORMS
102
121
  ruby
103
122
 
104
123
  DEPENDENCIES
105
- bundler (~> 1.16)
106
124
  codacy-coverage
107
125
  dependency_spy!
108
- rake (~> 12.3)
126
+ rake (~> 13.0)
109
127
  rspec (~> 3.8)
110
128
  rspec-collection_matchers (~> 1.1)
111
129
  rubocop (~> 0.59)
130
+ rubocop-performance (~> 1.5)
112
131
  rubocop-rspec (~> 1.29)
113
132
  simplecov
114
133
 
115
134
  BUNDLED WITH
116
- 1.16.6
135
+ 2.1.4
data/README.md CHANGED
@@ -26,11 +26,11 @@ Use as a complement to other tools at your own risk.
26
26
  * Packagist
27
27
  * Pypi
28
28
  * Go
29
+ * Cargo
29
30
 
30
31
  ## Prerequisites
31
32
 
32
33
  * Ruby 2.3 or newer
33
- * Bundler `gem install bundler`
34
34
 
35
35
  ## Installation
36
36
 
@@ -20,24 +20,24 @@ Gem::Specification.new do |spec|
20
20
  spec.executables = ['dependency_spy', 'depspy']
21
21
  spec.require_paths = ['lib']
22
22
 
23
- spec.required_ruby_version = '>= 2.3.7'
23
+ spec.required_ruby_version = '>= 2.5.5'
24
24
 
25
25
  # Development
26
- spec.add_development_dependency 'bundler', ['~> 1.16']
27
26
  spec.add_development_dependency 'codacy-coverage'
28
- spec.add_development_dependency 'rake', ['~> 12.3']
27
+ spec.add_development_dependency 'rake', '~> 13.0'
29
28
  spec.add_development_dependency 'rspec', ['~> 3.8']
30
29
  spec.add_development_dependency 'rspec-collection_matchers', ['~> 1.1']
31
30
  spec.add_development_dependency 'simplecov'
32
31
 
33
32
  # Linters
34
33
  spec.add_development_dependency 'rubocop', ['~> 0.59']
34
+ spec.add_development_dependency 'rubocop-performance', ['~> 1.5']
35
35
  spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
36
36
 
37
37
  # Runtime
38
- spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
39
- spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
40
- spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
38
+ spec.add_runtime_dependency 'bibliothecary', ['~> 6.6']
39
+ spec.add_runtime_dependency 'colorize', ['0.8.1']
40
+ spec.add_runtime_dependency 'semantic_range', ['~> 2.2']
41
41
  spec.add_runtime_dependency 'thor', ['~> 0.20']
42
- spec.add_runtime_dependency 'yavdb', ['~> 0.4']
42
+ spec.add_runtime_dependency 'yavdb', ['~> 0.5']
43
43
  end
@@ -0,0 +1,12 @@
1
+ path: '/path/to/files' # Path to find files. DEFAULT: Dir.pwd
2
+ files: 'comma.sep,file.list' # Specific file list relative to `path`. DEFAULT: All files
3
+ formatter: 'text' # Output format. DEFAULT: text; AVAILABLE: text,json,yaml
4
+ platform: 'rubygems' # Supported YAVDB package manager lookup. DEFAULT: not specified (ALL); AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L31)
5
+ output-path: '/path/to/output' # Path to generate report to. DEFAULT: not specified (console output)
6
+ database-path: '/path/to/yavdb/database' # Path to find/store local YAVDB DB. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L28)
7
+ offline: false # Operate in offline mode (don't try to get YAVDB). Must have local YAVDB available. DEFAULT: false; AVAILABLE: true,false
8
+ severity-threshold: 'low' # Threshold for non-zero exit status. Doesn't change output. DEFAULT: 'low'; AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L33)
9
+ with-color: true # Generate colored console output. DEFAULT: true; AVAILABLE: true,false
10
+ ignore: # A list of all YAVDB vulnerability identifiers to ignore. Removes from output.
11
+ - "identifier:to:ignore:19551105"
12
+ vuln-db-path: '/path/to/yavdb' # Path to local YAVDB for updating. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L27)
@@ -28,25 +28,32 @@ require_relative 'dependency_spy/semver'
28
28
  module DependencySpy
29
29
  class API
30
30
 
31
- def self.check(path = Dir.pwd, files = nil, platform = nil, database_path = YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH, offline = false)
31
+ def self.check(options)
32
+ verbose = options[:verbose]
33
+ path = options[:path] || Dir.pwd
34
+ files = options[:files]
35
+ platform = options[:platform]
36
+ database_path = options[:database_path] || YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH
37
+ offline = options[:offline] || false
38
+ ignore = options[:ignore] || []
39
+
32
40
  if !File.exist?(database_path) && offline
33
41
  puts 'No local database found. Cannot obtain database since offline mode is enabled.'
34
42
  exit(10)
35
43
  elsif !offline
36
- puts 'Going to update the local vulnerability database.'
44
+ puts 'Going to update the local vulnerability database.' if verbose
37
45
  YAVDB::API.download_database(false, YAVDB::Constants::DEFAULT_YAVDB_PATH)
38
46
  end
39
47
 
40
48
  path = File.expand_path(path)
41
49
  package_managers = find_platform(platform)
42
50
  file_list = if !files.nil?
43
- files.split(',')
51
+ files.split(',').map { |f| "#{path}/#{f}" }
44
52
  elsif File.file?(path)
45
53
  path = File.dirname(path)
46
54
  [File.basename(path)]
47
55
  else
48
- cmd = `find #{path} -type f | grep -vE "#{Bibliothecary.ignored_files_regex}"`
49
- cmd.split("\n").sort
56
+ Bibliothecary.load_file_info_list(path).map(&:full_path)
50
57
  end
51
58
  manifests = package_managers.map { |pm| pm.analyse(path, file_list) }.flatten.compact
52
59
  manifests.map do |manifest|
@@ -65,9 +72,13 @@ module DependencySpy
65
72
  vulnerable = vuln.vulnerable_versions ? vuln.vulnerable_versions.any? { |vv| DependencySpy::SemVer.intersects(vv, version) } : false
66
73
  unaffected = vuln.unaffected_versions ? vuln.unaffected_versions.any? { |vu| DependencySpy::SemVer.intersects(vu, version) } : false
67
74
  patched = vuln.patched_versions ? vuln.patched_versions.any? { |vp| DependencySpy::SemVer.intersects(vp, version) } : false
75
+ ignored = ignore.include?(vuln.id)
68
76
 
69
77
  if unaffected || patched
70
78
  false
79
+ elsif ignored
80
+ puts "Skipping ignored vulnerability with #{vuln.id}." if verbose
81
+ false
71
82
  else
72
83
  vulnerable
73
84
  end
@@ -24,6 +24,7 @@ require_relative 'formatters/yaml'
24
24
  require_relative 'outputs/stdout'
25
25
  require_relative 'outputs/file'
26
26
  require_relative 'helper/helper'
27
+ require_relative 'helper/config_file'
27
28
 
28
29
  module DependencySpy
29
30
  class CLI < Thor
@@ -37,31 +38,49 @@ module DependencySpy
37
38
  DependencySpy::Formatters::Yaml
38
39
  ]
39
40
 
40
- class_option('verbose', :type => :boolean, :default => false)
41
+ class_option('verbose', :type => :boolean)
41
42
 
42
43
  desc('check', 'Check dependencies for known vulnerabilities')
43
- method_option('path', :aliases => :p, :type => :string, :default => Dir.pwd)
44
+ method_option('config-file-path', :aliases => :c, :type => :string)
45
+ method_option('path', :aliases => :p, :type => :string)
44
46
  method_option('files', :type => :string)
45
- method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase }, :default => FORMATTERS.first.name.split('::').last.downcase)
47
+ method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase })
46
48
  method_option('platform', :aliases => :m, :type => :string, :enum => YAVDB::Constants::POSSIBLE_PACKAGE_MANAGERS.map(&:downcase))
47
49
  method_option('output-path', :aliases => :o, :type => :string)
48
- method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
49
- method_option('offline', :type => :boolean, :default => false)
50
- method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
51
- method_option('with-color', :type => :boolean, :default => true)
50
+ method_option('database-path', :type => :string, :aliases => :p)
51
+ method_option('offline', :type => :boolean)
52
+ method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES)
53
+ method_option('with-color', :type => :boolean)
54
+ method_option('ignore', :aliases => :i, :type => :array)
52
55
  def check
53
- manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
56
+ defaults = {
57
+ 'verbose' => false,
58
+ 'path' => Dir.pwd,
59
+ 'formatter' => FORMATTERS.first.name.split('::').last.downcase,
60
+ 'database-path' => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH,
61
+ 'offline' => false,
62
+ 'severity-threshold' => 'low',
63
+ 'with-color' => true,
64
+ 'ignore' => []
65
+ }
66
+ the_options = defaults.merge(options)
54
67
 
55
- formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
56
- DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
68
+ api_options = the_options.transform_keys(&:to_sym)
69
+ api_options[:database_path] = api_options[:'database-path']
70
+ the_options.freeze
71
+ api_options.freeze
72
+ manifests = API.check(api_options)
73
+
74
+ formatted_output = if (the_options['formatter'] == 'text') && !the_options['output-path'] && the_options['with-color']
75
+ DependencySpy::Formatters::Text.format(manifests, the_options['severity-threshold'])
57
76
  else
58
77
  FORMATTERS
59
- .find { |f| f.name.split('::').last.downcase == options['formatter'] }
78
+ .find { |f| f.name.split('::').last.downcase == the_options['formatter'] }
60
79
  .format(manifests)
61
80
  end
62
81
 
63
- if options['output-path']
64
- DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
82
+ if the_options['output-path']
83
+ DependencySpy::Outputs::FileSystem.write(the_options['output-path'], formatted_output)
65
84
  else
66
85
  DependencySpy::Outputs::StdOut.write(formatted_output)
67
86
  end
@@ -70,7 +89,7 @@ module DependencySpy
70
89
  manifests.any? do |manifest|
71
90
  manifest[:dependencies]&.any? do |dependency|
72
91
  dependency[:vulnerabilities]&.any? do |vuln|
73
- DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
92
+ DependencySpy::Helper.severity_above_threshold?(vuln.severity, the_options['severity-threshold'])
74
93
  end
75
94
  end
76
95
  end
@@ -78,11 +97,25 @@ module DependencySpy
78
97
  exit(1) if has_vulnerabilities
79
98
  end
80
99
 
81
- method_option('vuln-db-path', :aliases => :d, :type => :string, :default => YAVDB::Constants::DEFAULT_YAVDB_PATH)
100
+ method_option('vuln-db-path', :aliases => :d, :type => :string)
82
101
  desc('update', 'Download or update database from the official yavdb repository.')
83
102
 
84
103
  def update
85
- API.update(options['vuln-db-path'])
104
+ defaults = {
105
+ 'verbose' => false,
106
+ 'vuln-db-path' => YAVDB::Constants::DEFAULT_YAVDB_PATH
107
+ }
108
+ the_options = defaults.merge(options)
109
+ the_options.freeze
110
+ API.update(the_options['vuln-db-path'])
111
+ end
112
+
113
+ private
114
+
115
+ def options
116
+ cli_options = super
117
+ config_file_options = DependencySpy::ConfigFile.get_config(cli_options[:'config-file-path'])
118
+ config_file_options.merge(cli_options)
86
119
  end
87
120
 
88
121
  end
@@ -29,7 +29,7 @@ module DependencySpy
29
29
 
30
30
  filtered_manifests
31
31
  .reject { |m| m[:dependencies].nil? }
32
- .map(&:to_json)
32
+ .to_json
33
33
  end
34
34
 
35
35
  end
@@ -28,13 +28,15 @@ module DependencySpy
28
28
 
29
29
  package_header = " Vulnerable: #{package.name}/#{package.type}:#{package.version}"
30
30
  package_body = package.vulnerabilities.map do |vuln|
31
- first = " Title: #{vuln.title}\n"
32
- second = " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
33
- third = " Source: #{vuln.source_url}\n\n"
31
+ body = ''
32
+ body += " Title: #{vuln.title}\n"
33
+ body += " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
34
+ body += " Source: #{vuln.source_url}\n"
35
+ body += " Identifier: #{vuln.id}\n\n"
34
36
  if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
35
- "#{first}#{second}#{third}".red
37
+ body.red
36
38
  else
37
- "#{first}#{second}#{third}"
39
+ body
38
40
  end
39
41
  end
40
42
 
@@ -29,7 +29,7 @@ module DependencySpy
29
29
 
30
30
  filtered_manifests
31
31
  .reject { |m| m[:dependencies].nil? }
32
- .map(&:to_json)
32
+ .to_yaml
33
33
  end
34
34
 
35
35
  end
@@ -0,0 +1,41 @@
1
+ require 'yaml'
2
+
3
+ module DependencySpy
4
+ class ConfigFile
5
+
6
+ SAFE_CONFIG_PARAMS = [
7
+ 'path',
8
+ 'files',
9
+ 'formatter',
10
+ 'platform',
11
+ 'output-path',
12
+ 'database-path',
13
+ 'offline',
14
+ 'severity-threshold',
15
+ 'with-color',
16
+ 'ignore',
17
+ 'vuln-db-path'
18
+ ].freeze
19
+
20
+ def self.get_config(config_file_path = nil)
21
+ if !config_file_path.nil? && !File.file?(config_file_path)
22
+ puts 'Config file specified but not found.'
23
+ exit(10)
24
+
25
+ end
26
+
27
+ begin
28
+ file_path = config_file_path || '.depspy.yml'
29
+ config = YAML.load_file(file_path) || {}
30
+ config.slice(*SAFE_CONFIG_PARAMS)
31
+ rescue Errno::ENOENT
32
+ {}
33
+ rescue Psych::SyntaxError => e
34
+ puts 'Config File Parsing Error:'
35
+ puts e.message
36
+ exit(10)
37
+ end
38
+ end
39
+
40
+ end
41
+ end
@@ -42,6 +42,7 @@ module DependencySpy
42
42
  private
43
43
 
44
44
  def parse(version_or_range, loose = false)
45
+ version_or_range = '>= 0.0.0' if version_or_range == '*'
45
46
  return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
46
47
  version_or_range.is_a?(SemanticRange::Version)
47
48
 
@@ -16,6 +16,6 @@
16
16
 
17
17
  module DependencySpy
18
18
 
19
- VERSION = '0.3.0'
19
+ VERSION = '0.6.1'
20
20
 
21
21
  end
metadata CHANGED
@@ -1,29 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependency_spy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-28 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: bundler
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '1.16'
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '1.16'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: codacy-coverage
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -44,14 +30,14 @@ dependencies:
44
30
  requirements:
45
31
  - - "~>"
46
32
  - !ruby/object:Gem::Version
47
- version: '12.3'
33
+ version: '13.0'
48
34
  type: :development
49
35
  prerelease: false
50
36
  version_requirements: !ruby/object:Gem::Requirement
51
37
  requirements:
52
38
  - - "~>"
53
39
  - !ruby/object:Gem::Version
54
- version: '12.3'
40
+ version: '13.0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rspec
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -108,6 +94,20 @@ dependencies:
108
94
  - - "~>"
109
95
  - !ruby/object:Gem::Version
110
96
  version: '0.59'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop-performance
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1.5'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.5'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-rspec
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,26 +128,26 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: '6.3'
131
+ version: '6.6'
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: '6.3'
138
+ version: '6.6'
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: colorize
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
- - - "~>"
143
+ - - '='
144
144
  - !ruby/object:Gem::Version
145
145
  version: 0.8.1
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
- - - "~>"
150
+ - - '='
151
151
  - !ruby/object:Gem::Version
152
152
  version: 0.8.1
153
153
  - !ruby/object:Gem::Dependency
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: '2.1'
159
+ version: '2.2'
160
160
  type: :runtime
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: '2.1'
166
+ version: '2.2'
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: thor
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: '0.4'
187
+ version: '0.5'
188
188
  type: :runtime
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: '0.4'
194
+ version: '0.5'
195
195
  description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
196
196
  snyk.io, ossindex.net, nodesecurity.io\n "
197
197
  email:
@@ -203,11 +203,15 @@ extensions: []
203
203
  extra_rdoc_files: []
204
204
  files:
205
205
  - ".circleci/config.yml"
206
+ - ".github/ISSUE_TEMPLATE/bug_report.md"
207
+ - ".github/ISSUE_TEMPLATE/feature_request.md"
206
208
  - ".gitignore"
207
209
  - ".rspec"
208
210
  - ".rubocop.yml"
211
+ - ".rubocop_todo.yml"
209
212
  - ".ruby-version"
210
213
  - CODE_OF_CONDUCT.md
214
+ - CONTRIBUTING.md
211
215
  - Gemfile
212
216
  - Gemfile.lock
213
217
  - LICENSE
@@ -218,6 +222,7 @@ files:
218
222
  - bin/depspy
219
223
  - bin/setup
220
224
  - dependency_spy.gemspec
225
+ - example.depspy.yml
221
226
  - examples/Gemfile
222
227
  - examples/Gemfile.lock
223
228
  - examples/npm-shrinkwrap.json
@@ -229,6 +234,7 @@ files:
229
234
  - lib/dependency_spy/formatters/json.rb
230
235
  - lib/dependency_spy/formatters/text.rb
231
236
  - lib/dependency_spy/formatters/yaml.rb
237
+ - lib/dependency_spy/helper/config_file.rb
232
238
  - lib/dependency_spy/helper/helper.rb
233
239
  - lib/dependency_spy/outputs/file.rb
234
240
  - lib/dependency_spy/outputs/stdout.rb
@@ -246,7 +252,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
246
252
  requirements:
247
253
  - - ">="
248
254
  - !ruby/object:Gem::Version
249
- version: 2.3.7
255
+ version: 2.5.5
250
256
  required_rubygems_version: !ruby/object:Gem::Requirement
251
257
  requirements:
252
258
  - - ">="
@@ -254,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
254
260
  version: '0'
255
261
  requirements: []
256
262
  rubyforge_project:
257
- rubygems_version: 2.5.2.3
263
+ rubygems_version: 2.7.6.2
258
264
  signing_key:
259
265
  specification_version: 4
260
266
  summary: Finds known vulnerabilities in your dependencies