dependency_spy 0.3.0 → 0.6.1

This diff has not been reviewed by any users.
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 0bd2e870a6e0baec4974d3d1eb6603c73b2d40cd
4
- data.tar.gz: c07f0e46d2954d97a1787cc06355a97a465a2c64
2
+ SHA256:
3
+ metadata.gz: bb58e1e3a80a6baba1c4c5386805977e22efba6b5a3e2631f732d08846034a2e
4
+ data.tar.gz: 989f3375b5eed793e0711592b17aafa2444de743cdf5a234fb9888fe309a26bc
5
5
  SHA512:
6
- metadata.gz: b8b3607be32c792bc9457a5c67fb539cbbacdfbffd09283c0aacff793c484be82f546ab88d5c6ef4bf23989b2eb47a86e85829e21abf169b6d70ffeedfececda
7
- data.tar.gz: f9fe9f2185c0dc51514632c4a6b9cd1c2449dd517f369cfc77d5541e00bb2b4fa67f7e464f8db852ed0c984eea49a5283072fdd2ea33e193ba5cbc185854ae42
6
+ metadata.gz: 5d1be8417cab3fb934aab4d31a531f6a3da7587e09565080afbf0ef91d76e70bb48c054b8d470e8d80dcd6e5e80292ffd73e31372f08df00a3dc1b9b1e0dda19
7
+ data.tar.gz: 467f4211c000f6439701f3ec494f09928daa4f858300f837d5366b77b2dbd306586cb3636bbaca4e095a307a606836359c6645a1e9b7311e6a3036a2045b7eb8
@@ -4,21 +4,20 @@ jobs:
4
4
  build-lint-test:
5
5
  working_directory: ~/dependency_spy
6
6
  docker:
7
- - image: circleci/ruby:2.3.7
7
+ - image: circleci/ruby:2.5.5
8
8
  steps:
9
9
  - checkout
10
10
 
11
- - name: Install Bundler Version
12
- type: shell
13
- command: gem install bundler -v 1.16
14
-
15
11
  - name: Restore cache
16
12
  type: cache-restore
17
13
  key: yavdb-{{ checksum "Gemfile.lock" }}
18
14
 
19
15
  - name: Bundle Install
20
16
  type: shell
21
- command: bundle install --path /tmp/vendor/bundle
17
+ command: |
18
+ sudo gem update --system
19
+ gem install bundler
20
+ bundle install --path /tmp/vendor/bundle
22
21
 
23
22
  - name: Save cache
24
23
  type: cache-save
@@ -28,7 +27,7 @@ jobs:
28
27
 
29
28
  - name: Vulnerable dependencies
30
29
  type: shell
31
- command: bundle exec depspy check --files Gemfile,Gemfile.lock
30
+ command: bundle exec bin/depspy check --files Gemfile,Gemfile.lock
32
31
 
33
32
  - name: Rubocop
34
33
  type: shell
@@ -0,0 +1,32 @@
1
+ ---
2
+ name: Bug report
3
+ about: Create a report to help us improve
4
+ title: ''
5
+ labels: ''
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ **Describe the bug**
11
+ A clear and concise description of what the bug is.
12
+
13
+ **To Reproduce**
14
+ Steps to reproduce the behavior:
15
+ 1. Go to '...'
16
+ 2. Click on '....'
17
+ 3. Scroll down to '....'
18
+ 4. See error
19
+
20
+ **Expected behavior**
21
+ A clear and concise description of what you expected to happen.
22
+
23
+ **Screenshots**
24
+ If applicable, add screenshots to help explain your problem.
25
+
26
+ **Desktop (please complete the following information):**
27
+ - OS: [e.g. Windows, Linux, Mac]
28
+ - Ruby Version [e.g. 2.5.5]
29
+ - Version [e.g. 22]
30
+
31
+ **Additional context**
32
+ Add any other context about the problem here.
@@ -0,0 +1,20 @@
1
+ ---
2
+ name: Feature request
3
+ about: Suggest an idea for this project
4
+ title: ''
5
+ labels: ''
6
+ assignees: ''
7
+
8
+ ---
9
+
10
+ **Is your feature request related to a problem? Please describe.**
11
+ A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12
+
13
+ **Describe the solution you'd like**
14
+ A clear and concise description of what you want to happen.
15
+
16
+ **Describe alternatives you've considered**
17
+ A clear and concise description of any alternative solutions or features you've considered.
18
+
19
+ **Additional context**
20
+ Add any other context or screenshots about the feature request here.
data/.gitignore CHANGED
@@ -112,3 +112,5 @@ build-iPhoneSimulator/
112
112
  *.iml
113
113
 
114
114
  # End of https://www.gitignore.io/api/jetbrains,ruby
115
+
116
+ .depspy.yml
@@ -1,63 +1,69 @@
1
+ inherit_from: .rubocop_todo.yml
2
+
3
+ require:
4
+ - rubocop-performance
5
+ - rubocop-rspec
6
+
1
7
  AllCops:
2
8
  # Include common Ruby source files.
3
9
  Include:
4
- - '**/*.builder'
5
- - '**/*.fcgi'
6
- - '**/*.gemspec'
7
- - '**/*.god'
8
- - '**/*.jb'
9
- - '**/*.jbuilder'
10
- - '**/*.mspec'
11
- - '**/*.opal'
12
- - '**/*.pluginspec'
13
- - '**/*.podspec'
14
- - '**/*.rabl'
15
- - '**/*.rake'
16
- - '**/*.rb'
17
- - '**/*.rbuild'
18
- - '**/*.rbw'
19
- - '**/*.rbx'
20
- - '**/*.ru'
21
- - '**/*.ruby'
22
- - '**/*.spec'
23
- - '**/*.thor'
24
- - '**/*.watchr'
25
- - '**/.irbrc'
26
- - '**/.pryrc'
27
- - '**/buildfile'
28
- - '**/config.ru'
29
- - '**/Appraisals'
30
- - '**/Berksfile'
31
- - '**/Brewfile'
32
- - '**/Buildfile'
33
- - '**/Capfile'
34
- - '**/Cheffile'
35
- - '**/Dangerfile'
36
- - '**/Deliverfile'
37
- - '**/Fastfile'
38
- - '**/*Fastfile'
39
- - '**/Gemfile'
40
- - '**/Guardfile'
41
- - '**/Jarfile'
42
- - '**/Mavenfile'
43
- - '**/Podfile'
44
- - '**/Puppetfile'
45
- - '**/Rakefile'
46
- - '**/Snapfile'
47
- - '**/Thorfile'
48
- - '**/Vagabondfile'
49
- - '**/Vagrantfile'
10
+ - "**/*.builder"
11
+ - "**/*.fcgi"
12
+ - "**/*.gemspec"
13
+ - "**/*.god"
14
+ - "**/*.jb"
15
+ - "**/*.jbuilder"
16
+ - "**/*.mspec"
17
+ - "**/*.opal"
18
+ - "**/*.pluginspec"
19
+ - "**/*.podspec"
20
+ - "**/*.rabl"
21
+ - "**/*.rake"
22
+ - "**/*.rb"
23
+ - "**/*.rbuild"
24
+ - "**/*.rbw"
25
+ - "**/*.rbx"
26
+ - "**/*.ru"
27
+ - "**/*.ruby"
28
+ - "**/*.spec"
29
+ - "**/*.thor"
30
+ - "**/*.watchr"
31
+ - "**/.irbrc"
32
+ - "**/.pryrc"
33
+ - "**/buildfile"
34
+ - "**/config.ru"
35
+ - "**/Appraisals"
36
+ - "**/Berksfile"
37
+ - "**/Brewfile"
38
+ - "**/Buildfile"
39
+ - "**/Capfile"
40
+ - "**/Cheffile"
41
+ - "**/Dangerfile"
42
+ - "**/Deliverfile"
43
+ - "**/Fastfile"
44
+ - "**/*Fastfile"
45
+ - "**/Gemfile"
46
+ - "**/Guardfile"
47
+ - "**/Jarfile"
48
+ - "**/Mavenfile"
49
+ - "**/Podfile"
50
+ - "**/Puppetfile"
51
+ - "**/Rakefile"
52
+ - "**/Snapfile"
53
+ - "**/Thorfile"
54
+ - "**/Vagabondfile"
55
+ - "**/Vagrantfile"
50
56
  Exclude:
51
- - 'database/**/*'
52
- - 'db/**/*'
53
- - 'tmp/**/*'
54
- - 'vendor/**/*'
55
- - 'bin/**/*'
56
- - 'log/**/*'
57
+ - "database/**/*"
58
+ - "db/**/*"
59
+ - "tmp/**/*"
60
+ - "vendor/**/*"
61
+ - "bin/**/*"
62
+ - "log/**/*"
57
63
  DefaultFormatter: progress
58
64
  UseCache: false
59
65
  DisplayCopNames: false
60
- TargetRubyVersion: 2.3.7
66
+ TargetRubyVersion: 2.5.5
61
67
 
62
68
  Gemspec/OrderedDependencies:
63
69
  Enabled: true
@@ -82,7 +88,7 @@ Layout/EmptyLinesAroundClassBody:
82
88
  Enabled: true
83
89
  EnforcedStyle: empty_lines_except_namespace
84
90
  Exclude:
85
- - "lib/dependency_spy/dtos/dependency.rb"
91
+ - "lib/dependency_spy/dtos/dependency.rb"
86
92
 
87
93
  Layout/EmptyLinesAroundMethodBody:
88
94
  Enabled: true
@@ -94,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
94
100
  Layout/ExtraSpacing:
95
101
  Enabled: true
96
102
 
97
- Layout/FirstParameterIndentation:
103
+ Layout/FirstArgumentIndentation:
98
104
  Enabled: true
99
105
  EnforcedStyle: consistent
100
106
  IndentationWidth: 2
101
107
 
102
- Layout/IndentArray:
108
+ Layout/FirstArrayElementIndentation:
103
109
  Enabled: true
104
110
 
105
- Layout/IndentAssignment:
111
+ Layout/AssignmentIndentation:
106
112
  Enabled: true
107
113
 
108
- Layout/IndentHash:
114
+ Layout/FirstHashElementIndentation:
109
115
  Enabled: true
110
116
 
111
117
  Layout/MultilineHashBraceLayout:
@@ -122,7 +128,7 @@ Layout/MultilineOperationIndentation:
122
128
  Layout/SpaceAfterComma:
123
129
  Enabled: true
124
130
 
125
- Layout/AlignParameters:
131
+ Layout/ParameterAlignment:
126
132
  Enabled: true
127
133
  EnforcedStyle: with_fixed_indentation
128
134
 
@@ -153,7 +159,7 @@ Lint/UselessAccessModifier:
153
159
  Lint/UselessAssignment:
154
160
  Enabled: true
155
161
 
156
- Lint/HandleExceptions:
162
+ Lint/SuppressedException:
157
163
  Enabled: true
158
164
 
159
165
  Metrics/AbcSize:
@@ -164,7 +170,7 @@ Metrics/BlockLength:
164
170
  Enabled: true
165
171
  Max: 51
166
172
  Exclude:
167
- - "spec/snyk_io_spec.rb"
173
+ - "spec/snyk_io_spec.rb"
168
174
 
169
175
  Metrics/ClassLength:
170
176
  Enabled: false
@@ -174,7 +180,7 @@ Metrics/CyclomaticComplexity:
174
180
  Enabled: false
175
181
  Max: 15
176
182
 
177
- Metrics/LineLength:
183
+ Layout/LineLength:
178
184
  Enabled: false
179
185
  Max: 147
180
186
 
@@ -316,10 +322,10 @@ Style/TrailingCommaInHashLiteral:
316
322
  Enabled: true
317
323
  EnforcedStyleForMultiline: no_comma
318
324
 
319
- Style/UnneededInterpolation:
325
+ Style/RedundantInterpolation:
320
326
  Enabled: true
321
327
 
322
- Style/UnneededPercentQ:
328
+ Style/RedundantPercentQ:
323
329
  Enabled: true
324
330
 
325
331
  Style/WhileUntilDo:
@@ -0,0 +1,34 @@
1
+ # This configuration was generated by
2
+ # `rubocop --auto-gen-config --auto-gen-only-exclude`
3
+ # on 2020-01-01 22:58:30 +0000 using RuboCop version 0.78.0.
4
+ # The point is for the user to remove these configuration records
5
+ # one by one as the offenses are removed from the code base.
6
+ # Note that changes in the inspected code, or installation of new
7
+ # versions of RuboCop, may require this file to be generated again.
8
+
9
+ # Offense count: 4
10
+ # Configuration parameters: Max.
11
+ RSpec/ExampleLength:
12
+ Exclude:
13
+ - 'spec/dependency_spy_cli_spec.rb'
14
+ - 'spec/dependency_spy_spec.rb'
15
+
16
+ # Offense count: 2
17
+ # Configuration parameters: CustomTransform, IgnoreMethods.
18
+ RSpec/FilePath:
19
+ Exclude:
20
+ - 'spec/dependency_spy_cli_spec.rb'
21
+ - 'spec/dependency_spy_spec.rb'
22
+
23
+ # Offense count: 5
24
+ # Configuration parameters: .
25
+ # SupportedStyles: have_received, receive
26
+ RSpec/MessageSpies:
27
+ EnforcedStyle: receive
28
+
29
+ # Offense count: 3
30
+ # Configuration parameters: Max, AggregateFailuresByDefault.
31
+ RSpec/MultipleExpectations:
32
+ Exclude:
33
+ - 'spec/dependency_spy_cli_spec.rb'
34
+ - 'spec/dependency_spy_spec.rb'
@@ -1 +1 @@
1
- 2.3.7
1
+ 2.5.5
@@ -0,0 +1,60 @@
1
+ ## How to contribute to dependency_spy
2
+
3
+ ### Main rules
4
+
5
+ * Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/dependency_spy/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
6
+
7
+ * If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
8
+
9
+ * Before sending a pull request make sure your code is tested.
10
+
11
+ * Before sending a pull request for a feature, be sure to run tests.
12
+
13
+ * Use the same coding style as the rest of the codebase.
14
+
15
+ * Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
16
+
17
+ * After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/dependency_spy)
18
+ and that [Codacy](https://www.codacy.com/app/rtfpessoa/dependency_spy) is also confident in the code quality.
19
+
20
+ ### Commit Style
21
+
22
+ Writing good commit logs is important. A commit log should describe what changed and why.
23
+ Follow these guidelines when writing one:
24
+
25
+ 1. The first line should be 50 characters or less and contain a short
26
+ description of the change prefixed with the name of the changed
27
+ subsystem (e.g. "net: add localAddress and localPort to Socket").
28
+ 2. Keep the second line blank.
29
+ 3. Wrap all other lines at 72 columns.
30
+
31
+ A good commit log can look something like this:
32
+
33
+ ```
34
+ subsystem: explaining the commit in one line
35
+
36
+ Body of commit message is a few lines of text, explaining things
37
+ in more detail, possibly giving some background about the issue
38
+ being fixed, etc. etc.
39
+
40
+ The body of the commit message can be several paragraphs, and
41
+ please do proper word-wrap and keep columns shorter than about
42
+ 72 characters or so. That way `git log` will show things
43
+ nicely even when it is indented.
44
+ ```
45
+
46
+ ### Developer's Certificate of Origin 1.0
47
+
48
+ By making a contribution to this project, I certify that:
49
+
50
+ * (a) The contribution was created in whole or in part by me and I
51
+ have the right to submit it under the open source license indicated
52
+ in the file; or
53
+ * (b) The contribution is based upon previous work that, to the best
54
+ of my knowledge, is covered under an appropriate open source license
55
+ and I have the right under that license to submit that work with
56
+ modifications, whether created in whole or in part by me, under the
57
+ same open source license (unless I am permitted to submit under a
58
+ different license), as indicated in the file; or
59
+ * (c) The contribution was provided directly to me by some other
60
+ person who certified (a), (b) or (c) and I have not modified it.
@@ -1,116 +1,135 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- dependency_spy (0.3.0)
5
- bibliothecary (~> 6.3)
6
- colorize (~> 0.8.1)
7
- semantic_range (~> 2.1)
4
+ dependency_spy (0.6.1)
5
+ bibliothecary (~> 6.6)
6
+ colorize (= 0.8.1)
7
+ semantic_range (~> 2.2)
8
8
  thor (~> 0.20)
9
- yavdb (~> 0.4)
9
+ yavdb (~> 0.5)
10
10
 
11
11
  GEM
12
12
  remote: https://rubygems.org/
13
13
  specs:
14
14
  ansi (1.5.0)
15
15
  ast (2.4.0)
16
- bibliothecary (6.3.1)
16
+ bibliothecary (6.8.5)
17
17
  commander
18
18
  deb_control
19
19
  librariesio-gem-parser
20
20
  ox (>= 2.8.1)
21
21
  sdl4r
22
+ strings
23
+ strings-ansi
22
24
  toml-rb (~> 1.0)
23
25
  typhoeus
24
26
  citrus (3.0.2)
25
- codacy-coverage (2.1.0)
27
+ codacy-coverage (2.2.0)
26
28
  simplecov
27
29
  colorize (0.8.1)
28
30
  commander (4.4.7)
29
31
  highline (~> 2.0.0)
30
32
  deb_control (0.0.1)
31
33
  diff-lcs (1.3)
32
- docile (1.3.1)
33
- ethon (0.11.0)
34
+ docile (1.3.2)
35
+ ethon (0.12.0)
34
36
  ffi (>= 1.3.0)
35
- ffi (1.9.25)
36
- highline (2.0.0)
37
- jaro_winkler (1.5.1)
38
- json (2.1.0)
39
- kramdown (1.17.0)
37
+ execjs (2.7.0)
38
+ ffi (1.11.3)
39
+ highline (2.0.3)
40
+ jaro_winkler (1.5.4)
41
+ json (2.3.0)
42
+ kramdown (2.3.0)
43
+ rexml
40
44
  librariesio-gem-parser (1.0.0)
45
+ libv8 (3.16.14.19-x86_64-linux)
41
46
  oga (2.15)
42
47
  ast
43
48
  ruby-ll (~> 2.1)
44
- ox (2.10.0)
45
- parallel (1.12.1)
46
- parser (2.5.1.2)
49
+ ox (2.12.0)
50
+ parallel (1.19.1)
51
+ parser (2.7.0.2)
47
52
  ast (~> 2.4.0)
48
- powerpack (0.1.2)
49
53
  rainbow (3.0.0)
50
- rake (12.3.1)
51
- rspec (3.8.0)
52
- rspec-core (~> 3.8.0)
53
- rspec-expectations (~> 3.8.0)
54
- rspec-mocks (~> 3.8.0)
55
- rspec-collection_matchers (1.1.3)
54
+ rake (13.0.1)
55
+ ref (2.0.0)
56
+ rexml (3.2.4)
57
+ rspec (3.9.0)
58
+ rspec-core (~> 3.9.0)
59
+ rspec-expectations (~> 3.9.0)
60
+ rspec-mocks (~> 3.9.0)
61
+ rspec-collection_matchers (1.2.0)
56
62
  rspec-expectations (>= 2.99.0.beta1)
57
- rspec-core (3.8.0)
58
- rspec-support (~> 3.8.0)
59
- rspec-expectations (3.8.2)
63
+ rspec-core (3.9.1)
64
+ rspec-support (~> 3.9.1)
65
+ rspec-expectations (3.9.0)
60
66
  diff-lcs (>= 1.2.0, < 2.0)
61
- rspec-support (~> 3.8.0)
62
- rspec-mocks (3.8.0)
67
+ rspec-support (~> 3.9.0)
68
+ rspec-mocks (3.9.1)
63
69
  diff-lcs (>= 1.2.0, < 2.0)
64
- rspec-support (~> 3.8.0)
65
- rspec-support (3.8.0)
66
- rubocop (0.60.0)
70
+ rspec-support (~> 3.9.0)
71
+ rspec-support (3.9.2)
72
+ rubocop (0.79.0)
67
73
  jaro_winkler (~> 1.5.1)
68
74
  parallel (~> 1.10)
69
- parser (>= 2.5, != 2.5.1.1)
70
- powerpack (~> 0.1)
75
+ parser (>= 2.7.0.1)
71
76
  rainbow (>= 2.2.2, < 4.0)
72
77
  ruby-progressbar (~> 1.7)
73
- unicode-display_width (~> 1.4.0)
74
- rubocop-rspec (1.30.0)
75
- rubocop (>= 0.58.0)
78
+ unicode-display_width (>= 1.4.0, < 1.7)
79
+ rubocop-performance (1.5.2)
80
+ rubocop (>= 0.71.0)
81
+ rubocop-rspec (1.37.1)
82
+ rubocop (>= 0.68.1)
76
83
  ruby-ll (2.1.2)
77
84
  ansi
78
85
  ast
79
- ruby-progressbar (1.10.0)
86
+ ruby-progressbar (1.10.1)
80
87
  sdl4r (0.9.11)
81
88
  semantic_interval (0.1.0)
82
- semantic_range (2.1.0)
83
- simplecov (0.16.1)
89
+ semantic_range (2.2.1)
90
+ simplecov (0.17.1)
84
91
  docile (~> 1.1)
85
92
  json (>= 1.8, < 3)
86
93
  simplecov-html (~> 0.10.0)
87
94
  simplecov-html (0.10.2)
88
- thor (0.20.0)
95
+ strings (0.1.8)
96
+ strings-ansi (~> 0.1)
97
+ unicode-display_width (~> 1.5)
98
+ unicode_utils (~> 1.4)
99
+ strings-ansi (0.2.0)
100
+ therubyracer (0.12.3)
101
+ libv8 (~> 3.16.14.15)
102
+ ref
103
+ thor (0.20.3)
89
104
  toml-rb (1.1.2)
90
105
  citrus (~> 3.0, > 3.0)
91
- typhoeus (1.3.0)
106
+ typhoeus (1.3.1)
92
107
  ethon (>= 0.9.0)
93
- unicode-display_width (1.4.0)
94
- yavdb (0.4.1)
95
- json (~> 2.1)
96
- kramdown (~> 1.17)
108
+ unicode-display_width (1.6.0)
109
+ unicode_utils (1.4.0)
110
+ yavdb (0.5.5)
111
+ execjs (~> 2.7)
112
+ json (~> 2.2)
113
+ kramdown (~> 2.1)
97
114
  oga (~> 2.15)
98
115
  semantic_interval (~> 0.1)
116
+ therubyracer (~> 0.12)
99
117
  thor (~> 0.20)
118
+ toml-rb (~> 1.1)
100
119
 
101
120
  PLATFORMS
102
121
  ruby
103
122
 
104
123
  DEPENDENCIES
105
- bundler (~> 1.16)
106
124
  codacy-coverage
107
125
  dependency_spy!
108
- rake (~> 12.3)
126
+ rake (~> 13.0)
109
127
  rspec (~> 3.8)
110
128
  rspec-collection_matchers (~> 1.1)
111
129
  rubocop (~> 0.59)
130
+ rubocop-performance (~> 1.5)
112
131
  rubocop-rspec (~> 1.29)
113
132
  simplecov
114
133
 
115
134
  BUNDLED WITH
116
- 1.16.6
135
+ 2.1.4
data/README.md CHANGED
@@ -26,11 +26,11 @@ Use as a complement to other tools at your own risk.
26
26
  * Packagist
27
27
  * Pypi
28
28
  * Go
29
+ * Cargo
29
30
 
30
31
  ## Prerequisites
31
32
 
32
33
  * Ruby 2.3 or newer
33
- * Bundler `gem install bundler`
34
34
 
35
35
  ## Installation
36
36
 
@@ -20,24 +20,24 @@ Gem::Specification.new do |spec|
20
20
  spec.executables = ['dependency_spy', 'depspy']
21
21
  spec.require_paths = ['lib']
22
22
 
23
- spec.required_ruby_version = '>= 2.3.7'
23
+ spec.required_ruby_version = '>= 2.5.5'
24
24
 
25
25
  # Development
26
- spec.add_development_dependency 'bundler', ['~> 1.16']
27
26
  spec.add_development_dependency 'codacy-coverage'
28
- spec.add_development_dependency 'rake', ['~> 12.3']
27
+ spec.add_development_dependency 'rake', '~> 13.0'
29
28
  spec.add_development_dependency 'rspec', ['~> 3.8']
30
29
  spec.add_development_dependency 'rspec-collection_matchers', ['~> 1.1']
31
30
  spec.add_development_dependency 'simplecov'
32
31
 
33
32
  # Linters
34
33
  spec.add_development_dependency 'rubocop', ['~> 0.59']
34
+ spec.add_development_dependency 'rubocop-performance', ['~> 1.5']
35
35
  spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
36
36
 
37
37
  # Runtime
38
- spec.add_runtime_dependency 'bibliothecary', ['~> 6.3']
39
- spec.add_runtime_dependency 'colorize', ['~> 0.8.1']
40
- spec.add_runtime_dependency 'semantic_range', ['~> 2.1']
38
+ spec.add_runtime_dependency 'bibliothecary', ['~> 6.6']
39
+ spec.add_runtime_dependency 'colorize', ['0.8.1']
40
+ spec.add_runtime_dependency 'semantic_range', ['~> 2.2']
41
41
  spec.add_runtime_dependency 'thor', ['~> 0.20']
42
- spec.add_runtime_dependency 'yavdb', ['~> 0.4']
42
+ spec.add_runtime_dependency 'yavdb', ['~> 0.5']
43
43
  end
@@ -0,0 +1,12 @@
1
+ path: '/path/to/files' # Path to find files. DEFAULT: Dir.pwd
2
+ files: 'comma.sep,file.list' # Specific file list relative to `path`. DEFAULT: All files
3
+ formatter: 'text' # Output format. DEFAULT: text; AVAILABLE: text,json,yaml
4
+ platform: 'rubygems' # Supported YAVDB package manager lookup. DEFAULT: not specified (ALL); AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L31)
5
+ output-path: '/path/to/output' # Path to generate report to. DEFAULT: not specified (console output)
6
+ database-path: '/path/to/yavdb/database' # Path to find/store local YAVDB DB. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L28)
7
+ offline: false # Operate in offline mode (don't try to get YAVDB). Must have local YAVDB available. DEFAULT: false; AVAILABLE: true,false
8
+ severity-threshold: 'low' # Threshold for non-zero exit status. Doesn't change output. DEFAULT: 'low'; AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L33)
9
+ with-color: true # Generate colored console output. DEFAULT: true; AVAILABLE: true,false
10
+ ignore: # A list of all YAVDB vulnerability identifiers to ignore. Removes from output.
11
+ - "identifier:to:ignore:19551105"
12
+ vuln-db-path: '/path/to/yavdb' # Path to local YAVDB for updating. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L27)
@@ -28,25 +28,32 @@ require_relative 'dependency_spy/semver'
28
28
  module DependencySpy
29
29
  class API
30
30
 
31
- def self.check(path = Dir.pwd, files = nil, platform = nil, database_path = YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH, offline = false)
31
+ def self.check(options)
32
+ verbose = options[:verbose]
33
+ path = options[:path] || Dir.pwd
34
+ files = options[:files]
35
+ platform = options[:platform]
36
+ database_path = options[:database_path] || YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH
37
+ offline = options[:offline] || false
38
+ ignore = options[:ignore] || []
39
+
32
40
  if !File.exist?(database_path) && offline
33
41
  puts 'No local database found. Cannot obtain database since offline mode is enabled.'
34
42
  exit(10)
35
43
  elsif !offline
36
- puts 'Going to update the local vulnerability database.'
44
+ puts 'Going to update the local vulnerability database.' if verbose
37
45
  YAVDB::API.download_database(false, YAVDB::Constants::DEFAULT_YAVDB_PATH)
38
46
  end
39
47
 
40
48
  path = File.expand_path(path)
41
49
  package_managers = find_platform(platform)
42
50
  file_list = if !files.nil?
43
- files.split(',')
51
+ files.split(',').map { |f| "#{path}/#{f}" }
44
52
  elsif File.file?(path)
45
53
  path = File.dirname(path)
46
54
  [File.basename(path)]
47
55
  else
48
- cmd = `find #{path} -type f | grep -vE "#{Bibliothecary.ignored_files_regex}"`
49
- cmd.split("\n").sort
56
+ Bibliothecary.load_file_info_list(path).map(&:full_path)
50
57
  end
51
58
  manifests = package_managers.map { |pm| pm.analyse(path, file_list) }.flatten.compact
52
59
  manifests.map do |manifest|
@@ -65,9 +72,13 @@ module DependencySpy
65
72
  vulnerable = vuln.vulnerable_versions ? vuln.vulnerable_versions.any? { |vv| DependencySpy::SemVer.intersects(vv, version) } : false
66
73
  unaffected = vuln.unaffected_versions ? vuln.unaffected_versions.any? { |vu| DependencySpy::SemVer.intersects(vu, version) } : false
67
74
  patched = vuln.patched_versions ? vuln.patched_versions.any? { |vp| DependencySpy::SemVer.intersects(vp, version) } : false
75
+ ignored = ignore.include?(vuln.id)
68
76
 
69
77
  if unaffected || patched
70
78
  false
79
+ elsif ignored
80
+ puts "Skipping ignored vulnerability with #{vuln.id}." if verbose
81
+ false
71
82
  else
72
83
  vulnerable
73
84
  end
@@ -24,6 +24,7 @@ require_relative 'formatters/yaml'
24
24
  require_relative 'outputs/stdout'
25
25
  require_relative 'outputs/file'
26
26
  require_relative 'helper/helper'
27
+ require_relative 'helper/config_file'
27
28
 
28
29
  module DependencySpy
29
30
  class CLI < Thor
@@ -37,31 +38,49 @@ module DependencySpy
37
38
  DependencySpy::Formatters::Yaml
38
39
  ]
39
40
 
40
- class_option('verbose', :type => :boolean, :default => false)
41
+ class_option('verbose', :type => :boolean)
41
42
 
42
43
  desc('check', 'Check dependencies for known vulnerabilities')
43
- method_option('path', :aliases => :p, :type => :string, :default => Dir.pwd)
44
+ method_option('config-file-path', :aliases => :c, :type => :string)
45
+ method_option('path', :aliases => :p, :type => :string)
44
46
  method_option('files', :type => :string)
45
- method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase }, :default => FORMATTERS.first.name.split('::').last.downcase)
47
+ method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase })
46
48
  method_option('platform', :aliases => :m, :type => :string, :enum => YAVDB::Constants::POSSIBLE_PACKAGE_MANAGERS.map(&:downcase))
47
49
  method_option('output-path', :aliases => :o, :type => :string)
48
- method_option('database-path', :type => :string, :aliases => :p, :default => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH)
49
- method_option('offline', :type => :boolean, :default => false)
50
- method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES, :default => 'low')
51
- method_option('with-color', :type => :boolean, :default => true)
50
+ method_option('database-path', :type => :string, :aliases => :p)
51
+ method_option('offline', :type => :boolean)
52
+ method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES)
53
+ method_option('with-color', :type => :boolean)
54
+ method_option('ignore', :aliases => :i, :type => :array)
52
55
  def check
53
- manifests = API.check(options['path'], options['files'], options['platform'], options['database-path'], options['offline'])
56
+ defaults = {
57
+ 'verbose' => false,
58
+ 'path' => Dir.pwd,
59
+ 'formatter' => FORMATTERS.first.name.split('::').last.downcase,
60
+ 'database-path' => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH,
61
+ 'offline' => false,
62
+ 'severity-threshold' => 'low',
63
+ 'with-color' => true,
64
+ 'ignore' => []
65
+ }
66
+ the_options = defaults.merge(options)
54
67
 
55
- formatted_output = if (options['formatter'] == 'text') && !options['output-path'] && options['with-color']
56
- DependencySpy::Formatters::Text.format(manifests, options['severity-threshold'])
68
+ api_options = the_options.transform_keys(&:to_sym)
69
+ api_options[:database_path] = api_options[:'database-path']
70
+ the_options.freeze
71
+ api_options.freeze
72
+ manifests = API.check(api_options)
73
+
74
+ formatted_output = if (the_options['formatter'] == 'text') && !the_options['output-path'] && the_options['with-color']
75
+ DependencySpy::Formatters::Text.format(manifests, the_options['severity-threshold'])
57
76
  else
58
77
  FORMATTERS
59
- .find { |f| f.name.split('::').last.downcase == options['formatter'] }
78
+ .find { |f| f.name.split('::').last.downcase == the_options['formatter'] }
60
79
  .format(manifests)
61
80
  end
62
81
 
63
- if options['output-path']
64
- DependencySpy::Outputs::FileSystem.write(options['output-path'], formatted_output)
82
+ if the_options['output-path']
83
+ DependencySpy::Outputs::FileSystem.write(the_options['output-path'], formatted_output)
65
84
  else
66
85
  DependencySpy::Outputs::StdOut.write(formatted_output)
67
86
  end
@@ -70,7 +89,7 @@ module DependencySpy
70
89
  manifests.any? do |manifest|
71
90
  manifest[:dependencies]&.any? do |dependency|
72
91
  dependency[:vulnerabilities]&.any? do |vuln|
73
- DependencySpy::Helper.severity_above_threshold?(vuln.severity, options['severity-threshold'])
92
+ DependencySpy::Helper.severity_above_threshold?(vuln.severity, the_options['severity-threshold'])
74
93
  end
75
94
  end
76
95
  end
@@ -78,11 +97,25 @@ module DependencySpy
78
97
  exit(1) if has_vulnerabilities
79
98
  end
80
99
 
81
- method_option('vuln-db-path', :aliases => :d, :type => :string, :default => YAVDB::Constants::DEFAULT_YAVDB_PATH)
100
+ method_option('vuln-db-path', :aliases => :d, :type => :string)
82
101
  desc('update', 'Download or update database from the official yavdb repository.')
83
102
 
84
103
  def update
85
- API.update(options['vuln-db-path'])
104
+ defaults = {
105
+ 'verbose' => false,
106
+ 'vuln-db-path' => YAVDB::Constants::DEFAULT_YAVDB_PATH
107
+ }
108
+ the_options = defaults.merge(options)
109
+ the_options.freeze
110
+ API.update(the_options['vuln-db-path'])
111
+ end
112
+
113
+ private
114
+
115
+ def options
116
+ cli_options = super
117
+ config_file_options = DependencySpy::ConfigFile.get_config(cli_options[:'config-file-path'])
118
+ config_file_options.merge(cli_options)
86
119
  end
87
120
 
88
121
  end
@@ -29,7 +29,7 @@ module DependencySpy
29
29
 
30
30
  filtered_manifests
31
31
  .reject { |m| m[:dependencies].nil? }
32
- .map(&:to_json)
32
+ .to_json
33
33
  end
34
34
 
35
35
  end
@@ -28,13 +28,15 @@ module DependencySpy
28
28
 
29
29
  package_header = " Vulnerable: #{package.name}/#{package.type}:#{package.version}"
30
30
  package_body = package.vulnerabilities.map do |vuln|
31
- first = " Title: #{vuln.title}\n"
32
- second = " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
33
- third = " Source: #{vuln.source_url}\n\n"
31
+ body = ''
32
+ body += " Title: #{vuln.title}\n"
33
+ body += " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
34
+ body += " Source: #{vuln.source_url}\n"
35
+ body += " Identifier: #{vuln.id}\n\n"
34
36
  if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
35
- "#{first}#{second}#{third}".red
37
+ body.red
36
38
  else
37
- "#{first}#{second}#{third}"
39
+ body
38
40
  end
39
41
  end
40
42
 
@@ -29,7 +29,7 @@ module DependencySpy
29
29
 
30
30
  filtered_manifests
31
31
  .reject { |m| m[:dependencies].nil? }
32
- .map(&:to_json)
32
+ .to_yaml
33
33
  end
34
34
 
35
35
  end
@@ -0,0 +1,41 @@
1
+ require 'yaml'
2
+
3
+ module DependencySpy
4
+ class ConfigFile
5
+
6
+ SAFE_CONFIG_PARAMS = [
7
+ 'path',
8
+ 'files',
9
+ 'formatter',
10
+ 'platform',
11
+ 'output-path',
12
+ 'database-path',
13
+ 'offline',
14
+ 'severity-threshold',
15
+ 'with-color',
16
+ 'ignore',
17
+ 'vuln-db-path'
18
+ ].freeze
19
+
20
+ def self.get_config(config_file_path = nil)
21
+ if !config_file_path.nil? && !File.file?(config_file_path)
22
+ puts 'Config file specified but not found.'
23
+ exit(10)
24
+
25
+ end
26
+
27
+ begin
28
+ file_path = config_file_path || '.depspy.yml'
29
+ config = YAML.load_file(file_path) || {}
30
+ config.slice(*SAFE_CONFIG_PARAMS)
31
+ rescue Errno::ENOENT
32
+ {}
33
+ rescue Psych::SyntaxError => e
34
+ puts 'Config File Parsing Error:'
35
+ puts e.message
36
+ exit(10)
37
+ end
38
+ end
39
+
40
+ end
41
+ end
@@ -42,6 +42,7 @@ module DependencySpy
42
42
  private
43
43
 
44
44
  def parse(version_or_range, loose = false)
45
+ version_or_range = '>= 0.0.0' if version_or_range == '*'
45
46
  return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
46
47
  version_or_range.is_a?(SemanticRange::Version)
47
48
 
@@ -16,6 +16,6 @@
16
16
 
17
17
  module DependencySpy
18
18
 
19
- VERSION = '0.3.0'
19
+ VERSION = '0.6.1'
20
20
 
21
21
  end
metadata CHANGED
@@ -1,29 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependency_spy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Fernandes
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-28 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: bundler
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '1.16'
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '1.16'
27
13
  - !ruby/object:Gem::Dependency
28
14
  name: codacy-coverage
29
15
  requirement: !ruby/object:Gem::Requirement
@@ -44,14 +30,14 @@ dependencies:
44
30
  requirements:
45
31
  - - "~>"
46
32
  - !ruby/object:Gem::Version
47
- version: '12.3'
33
+ version: '13.0'
48
34
  type: :development
49
35
  prerelease: false
50
36
  version_requirements: !ruby/object:Gem::Requirement
51
37
  requirements:
52
38
  - - "~>"
53
39
  - !ruby/object:Gem::Version
54
- version: '12.3'
40
+ version: '13.0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rspec
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -108,6 +94,20 @@ dependencies:
108
94
  - - "~>"
109
95
  - !ruby/object:Gem::Version
110
96
  version: '0.59'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop-performance
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1.5'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.5'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-rspec
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,26 +128,26 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: '6.3'
131
+ version: '6.6'
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: '6.3'
138
+ version: '6.6'
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: colorize
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
- - - "~>"
143
+ - - '='
144
144
  - !ruby/object:Gem::Version
145
145
  version: 0.8.1
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
- - - "~>"
150
+ - - '='
151
151
  - !ruby/object:Gem::Version
152
152
  version: 0.8.1
153
153
  - !ruby/object:Gem::Dependency
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: '2.1'
159
+ version: '2.2'
160
160
  type: :runtime
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: '2.1'
166
+ version: '2.2'
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: thor
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: '0.4'
187
+ version: '0.5'
188
188
  type: :runtime
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: '0.4'
194
+ version: '0.5'
195
195
  description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
196
196
  snyk.io, ossindex.net, nodesecurity.io\n "
197
197
  email:
@@ -203,11 +203,15 @@ extensions: []
203
203
  extra_rdoc_files: []
204
204
  files:
205
205
  - ".circleci/config.yml"
206
+ - ".github/ISSUE_TEMPLATE/bug_report.md"
207
+ - ".github/ISSUE_TEMPLATE/feature_request.md"
206
208
  - ".gitignore"
207
209
  - ".rspec"
208
210
  - ".rubocop.yml"
211
+ - ".rubocop_todo.yml"
209
212
  - ".ruby-version"
210
213
  - CODE_OF_CONDUCT.md
214
+ - CONTRIBUTING.md
211
215
  - Gemfile
212
216
  - Gemfile.lock
213
217
  - LICENSE
@@ -218,6 +222,7 @@ files:
218
222
  - bin/depspy
219
223
  - bin/setup
220
224
  - dependency_spy.gemspec
225
+ - example.depspy.yml
221
226
  - examples/Gemfile
222
227
  - examples/Gemfile.lock
223
228
  - examples/npm-shrinkwrap.json
@@ -229,6 +234,7 @@ files:
229
234
  - lib/dependency_spy/formatters/json.rb
230
235
  - lib/dependency_spy/formatters/text.rb
231
236
  - lib/dependency_spy/formatters/yaml.rb
237
+ - lib/dependency_spy/helper/config_file.rb
232
238
  - lib/dependency_spy/helper/helper.rb
233
239
  - lib/dependency_spy/outputs/file.rb
234
240
  - lib/dependency_spy/outputs/stdout.rb
@@ -246,7 +252,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
246
252
  requirements:
247
253
  - - ">="
248
254
  - !ruby/object:Gem::Version
249
- version: 2.3.7
255
+ version: 2.5.5
250
256
  required_rubygems_version: !ruby/object:Gem::Requirement
251
257
  requirements:
252
258
  - - ">="
@@ -254,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
254
260
  version: '0'
255
261
  requirements: []
256
262
  rubyforge_project:
257
- rubygems_version: 2.5.2.3
263
+ rubygems_version: 2.7.6.2
258
264
  signing_key:
259
265
  specification_version: 4
260
266
  summary: Finds known vulnerabilities in your dependencies