dependency_spy 0.3.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.circleci/config.yml +6 -7
- data/.github/ISSUE_TEMPLATE/bug_report.md +32 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +20 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +70 -64
- data/.rubocop_todo.yml +34 -0
- data/.ruby-version +1 -1
- data/CONTRIBUTING.md +60 -0
- data/Gemfile.lock +68 -49
- data/README.md +1 -1
- data/dependency_spy.gemspec +7 -7
- data/example.depspy.yml +12 -0
- data/lib/dependency_spy.rb +16 -5
- data/lib/dependency_spy/cli.rb +49 -16
- data/lib/dependency_spy/formatters/json.rb +1 -1
- data/lib/dependency_spy/formatters/text.rb +7 -5
- data/lib/dependency_spy/formatters/yaml.rb +1 -1
- data/lib/dependency_spy/helper/config_file.rb +41 -0
- data/lib/dependency_spy/semver.rb +1 -0
- data/lib/dependency_spy/version.rb +1 -1
- metadata +34 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: bb58e1e3a80a6baba1c4c5386805977e22efba6b5a3e2631f732d08846034a2e
|
4
|
+
data.tar.gz: 989f3375b5eed793e0711592b17aafa2444de743cdf5a234fb9888fe309a26bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5d1be8417cab3fb934aab4d31a531f6a3da7587e09565080afbf0ef91d76e70bb48c054b8d470e8d80dcd6e5e80292ffd73e31372f08df00a3dc1b9b1e0dda19
|
7
|
+
data.tar.gz: 467f4211c000f6439701f3ec494f09928daa4f858300f837d5366b77b2dbd306586cb3636bbaca4e095a307a606836359c6645a1e9b7311e6a3036a2045b7eb8
|
data/.circleci/config.yml
CHANGED
@@ -4,21 +4,20 @@ jobs:
|
|
4
4
|
build-lint-test:
|
5
5
|
working_directory: ~/dependency_spy
|
6
6
|
docker:
|
7
|
-
- image: circleci/ruby:2.
|
7
|
+
- image: circleci/ruby:2.5.5
|
8
8
|
steps:
|
9
9
|
- checkout
|
10
10
|
|
11
|
-
- name: Install Bundler Version
|
12
|
-
type: shell
|
13
|
-
command: gem install bundler -v 1.16
|
14
|
-
|
15
11
|
- name: Restore cache
|
16
12
|
type: cache-restore
|
17
13
|
key: yavdb-{{ checksum "Gemfile.lock" }}
|
18
14
|
|
19
15
|
- name: Bundle Install
|
20
16
|
type: shell
|
21
|
-
command:
|
17
|
+
command: |
|
18
|
+
sudo gem update --system
|
19
|
+
gem install bundler
|
20
|
+
bundle install --path /tmp/vendor/bundle
|
22
21
|
|
23
22
|
- name: Save cache
|
24
23
|
type: cache-save
|
@@ -28,7 +27,7 @@ jobs:
|
|
28
27
|
|
29
28
|
- name: Vulnerable dependencies
|
30
29
|
type: shell
|
31
|
-
command: bundle exec depspy check --files Gemfile,Gemfile.lock
|
30
|
+
command: bundle exec bin/depspy check --files Gemfile,Gemfile.lock
|
32
31
|
|
33
32
|
- name: Rubocop
|
34
33
|
type: shell
|
@@ -0,0 +1,32 @@
|
|
1
|
+
---
|
2
|
+
name: Bug report
|
3
|
+
about: Create a report to help us improve
|
4
|
+
title: ''
|
5
|
+
labels: ''
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
|
10
|
+
**Describe the bug**
|
11
|
+
A clear and concise description of what the bug is.
|
12
|
+
|
13
|
+
**To Reproduce**
|
14
|
+
Steps to reproduce the behavior:
|
15
|
+
1. Go to '...'
|
16
|
+
2. Click on '....'
|
17
|
+
3. Scroll down to '....'
|
18
|
+
4. See error
|
19
|
+
|
20
|
+
**Expected behavior**
|
21
|
+
A clear and concise description of what you expected to happen.
|
22
|
+
|
23
|
+
**Screenshots**
|
24
|
+
If applicable, add screenshots to help explain your problem.
|
25
|
+
|
26
|
+
**Desktop (please complete the following information):**
|
27
|
+
- OS: [e.g. Windows, Linux, Mac]
|
28
|
+
- Ruby Version [e.g. 2.5.5]
|
29
|
+
- Version [e.g. 22]
|
30
|
+
|
31
|
+
**Additional context**
|
32
|
+
Add any other context about the problem here.
|
@@ -0,0 +1,20 @@
|
|
1
|
+
---
|
2
|
+
name: Feature request
|
3
|
+
about: Suggest an idea for this project
|
4
|
+
title: ''
|
5
|
+
labels: ''
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
|
10
|
+
**Is your feature request related to a problem? Please describe.**
|
11
|
+
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
|
12
|
+
|
13
|
+
**Describe the solution you'd like**
|
14
|
+
A clear and concise description of what you want to happen.
|
15
|
+
|
16
|
+
**Describe alternatives you've considered**
|
17
|
+
A clear and concise description of any alternative solutions or features you've considered.
|
18
|
+
|
19
|
+
**Additional context**
|
20
|
+
Add any other context or screenshots about the feature request here.
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,63 +1,69 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
3
|
+
require:
|
4
|
+
- rubocop-performance
|
5
|
+
- rubocop-rspec
|
6
|
+
|
1
7
|
AllCops:
|
2
8
|
# Include common Ruby source files.
|
3
9
|
Include:
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
10
|
+
- "**/*.builder"
|
11
|
+
- "**/*.fcgi"
|
12
|
+
- "**/*.gemspec"
|
13
|
+
- "**/*.god"
|
14
|
+
- "**/*.jb"
|
15
|
+
- "**/*.jbuilder"
|
16
|
+
- "**/*.mspec"
|
17
|
+
- "**/*.opal"
|
18
|
+
- "**/*.pluginspec"
|
19
|
+
- "**/*.podspec"
|
20
|
+
- "**/*.rabl"
|
21
|
+
- "**/*.rake"
|
22
|
+
- "**/*.rb"
|
23
|
+
- "**/*.rbuild"
|
24
|
+
- "**/*.rbw"
|
25
|
+
- "**/*.rbx"
|
26
|
+
- "**/*.ru"
|
27
|
+
- "**/*.ruby"
|
28
|
+
- "**/*.spec"
|
29
|
+
- "**/*.thor"
|
30
|
+
- "**/*.watchr"
|
31
|
+
- "**/.irbrc"
|
32
|
+
- "**/.pryrc"
|
33
|
+
- "**/buildfile"
|
34
|
+
- "**/config.ru"
|
35
|
+
- "**/Appraisals"
|
36
|
+
- "**/Berksfile"
|
37
|
+
- "**/Brewfile"
|
38
|
+
- "**/Buildfile"
|
39
|
+
- "**/Capfile"
|
40
|
+
- "**/Cheffile"
|
41
|
+
- "**/Dangerfile"
|
42
|
+
- "**/Deliverfile"
|
43
|
+
- "**/Fastfile"
|
44
|
+
- "**/*Fastfile"
|
45
|
+
- "**/Gemfile"
|
46
|
+
- "**/Guardfile"
|
47
|
+
- "**/Jarfile"
|
48
|
+
- "**/Mavenfile"
|
49
|
+
- "**/Podfile"
|
50
|
+
- "**/Puppetfile"
|
51
|
+
- "**/Rakefile"
|
52
|
+
- "**/Snapfile"
|
53
|
+
- "**/Thorfile"
|
54
|
+
- "**/Vagabondfile"
|
55
|
+
- "**/Vagrantfile"
|
50
56
|
Exclude:
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
+
- "database/**/*"
|
58
|
+
- "db/**/*"
|
59
|
+
- "tmp/**/*"
|
60
|
+
- "vendor/**/*"
|
61
|
+
- "bin/**/*"
|
62
|
+
- "log/**/*"
|
57
63
|
DefaultFormatter: progress
|
58
64
|
UseCache: false
|
59
65
|
DisplayCopNames: false
|
60
|
-
TargetRubyVersion: 2.
|
66
|
+
TargetRubyVersion: 2.5.5
|
61
67
|
|
62
68
|
Gemspec/OrderedDependencies:
|
63
69
|
Enabled: true
|
@@ -82,7 +88,7 @@ Layout/EmptyLinesAroundClassBody:
|
|
82
88
|
Enabled: true
|
83
89
|
EnforcedStyle: empty_lines_except_namespace
|
84
90
|
Exclude:
|
85
|
-
|
91
|
+
- "lib/dependency_spy/dtos/dependency.rb"
|
86
92
|
|
87
93
|
Layout/EmptyLinesAroundMethodBody:
|
88
94
|
Enabled: true
|
@@ -94,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
|
|
94
100
|
Layout/ExtraSpacing:
|
95
101
|
Enabled: true
|
96
102
|
|
97
|
-
Layout/
|
103
|
+
Layout/FirstArgumentIndentation:
|
98
104
|
Enabled: true
|
99
105
|
EnforcedStyle: consistent
|
100
106
|
IndentationWidth: 2
|
101
107
|
|
102
|
-
Layout/
|
108
|
+
Layout/FirstArrayElementIndentation:
|
103
109
|
Enabled: true
|
104
110
|
|
105
|
-
Layout/
|
111
|
+
Layout/AssignmentIndentation:
|
106
112
|
Enabled: true
|
107
113
|
|
108
|
-
Layout/
|
114
|
+
Layout/FirstHashElementIndentation:
|
109
115
|
Enabled: true
|
110
116
|
|
111
117
|
Layout/MultilineHashBraceLayout:
|
@@ -122,7 +128,7 @@ Layout/MultilineOperationIndentation:
|
|
122
128
|
Layout/SpaceAfterComma:
|
123
129
|
Enabled: true
|
124
130
|
|
125
|
-
Layout/
|
131
|
+
Layout/ParameterAlignment:
|
126
132
|
Enabled: true
|
127
133
|
EnforcedStyle: with_fixed_indentation
|
128
134
|
|
@@ -153,7 +159,7 @@ Lint/UselessAccessModifier:
|
|
153
159
|
Lint/UselessAssignment:
|
154
160
|
Enabled: true
|
155
161
|
|
156
|
-
Lint/
|
162
|
+
Lint/SuppressedException:
|
157
163
|
Enabled: true
|
158
164
|
|
159
165
|
Metrics/AbcSize:
|
@@ -164,7 +170,7 @@ Metrics/BlockLength:
|
|
164
170
|
Enabled: true
|
165
171
|
Max: 51
|
166
172
|
Exclude:
|
167
|
-
|
173
|
+
- "spec/snyk_io_spec.rb"
|
168
174
|
|
169
175
|
Metrics/ClassLength:
|
170
176
|
Enabled: false
|
@@ -174,7 +180,7 @@ Metrics/CyclomaticComplexity:
|
|
174
180
|
Enabled: false
|
175
181
|
Max: 15
|
176
182
|
|
177
|
-
|
183
|
+
Layout/LineLength:
|
178
184
|
Enabled: false
|
179
185
|
Max: 147
|
180
186
|
|
@@ -316,10 +322,10 @@ Style/TrailingCommaInHashLiteral:
|
|
316
322
|
Enabled: true
|
317
323
|
EnforcedStyleForMultiline: no_comma
|
318
324
|
|
319
|
-
Style/
|
325
|
+
Style/RedundantInterpolation:
|
320
326
|
Enabled: true
|
321
327
|
|
322
|
-
Style/
|
328
|
+
Style/RedundantPercentQ:
|
323
329
|
Enabled: true
|
324
330
|
|
325
331
|
Style/WhileUntilDo:
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config --auto-gen-only-exclude`
|
3
|
+
# on 2020-01-01 22:58:30 +0000 using RuboCop version 0.78.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 4
|
10
|
+
# Configuration parameters: Max.
|
11
|
+
RSpec/ExampleLength:
|
12
|
+
Exclude:
|
13
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
14
|
+
- 'spec/dependency_spy_spec.rb'
|
15
|
+
|
16
|
+
# Offense count: 2
|
17
|
+
# Configuration parameters: CustomTransform, IgnoreMethods.
|
18
|
+
RSpec/FilePath:
|
19
|
+
Exclude:
|
20
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
21
|
+
- 'spec/dependency_spy_spec.rb'
|
22
|
+
|
23
|
+
# Offense count: 5
|
24
|
+
# Configuration parameters: .
|
25
|
+
# SupportedStyles: have_received, receive
|
26
|
+
RSpec/MessageSpies:
|
27
|
+
EnforcedStyle: receive
|
28
|
+
|
29
|
+
# Offense count: 3
|
30
|
+
# Configuration parameters: Max, AggregateFailuresByDefault.
|
31
|
+
RSpec/MultipleExpectations:
|
32
|
+
Exclude:
|
33
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
34
|
+
- 'spec/dependency_spy_spec.rb'
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.5.5
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
## How to contribute to dependency_spy
|
2
|
+
|
3
|
+
### Main rules
|
4
|
+
|
5
|
+
* Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/dependency_spy/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
|
6
|
+
|
7
|
+
* If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
|
8
|
+
|
9
|
+
* Before sending a pull request make sure your code is tested.
|
10
|
+
|
11
|
+
* Before sending a pull request for a feature, be sure to run tests.
|
12
|
+
|
13
|
+
* Use the same coding style as the rest of the codebase.
|
14
|
+
|
15
|
+
* Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
|
16
|
+
|
17
|
+
* After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/dependency_spy)
|
18
|
+
and that [Codacy](https://www.codacy.com/app/rtfpessoa/dependency_spy) is also confident in the code quality.
|
19
|
+
|
20
|
+
### Commit Style
|
21
|
+
|
22
|
+
Writing good commit logs is important. A commit log should describe what changed and why.
|
23
|
+
Follow these guidelines when writing one:
|
24
|
+
|
25
|
+
1. The first line should be 50 characters or less and contain a short
|
26
|
+
description of the change prefixed with the name of the changed
|
27
|
+
subsystem (e.g. "net: add localAddress and localPort to Socket").
|
28
|
+
2. Keep the second line blank.
|
29
|
+
3. Wrap all other lines at 72 columns.
|
30
|
+
|
31
|
+
A good commit log can look something like this:
|
32
|
+
|
33
|
+
```
|
34
|
+
subsystem: explaining the commit in one line
|
35
|
+
|
36
|
+
Body of commit message is a few lines of text, explaining things
|
37
|
+
in more detail, possibly giving some background about the issue
|
38
|
+
being fixed, etc. etc.
|
39
|
+
|
40
|
+
The body of the commit message can be several paragraphs, and
|
41
|
+
please do proper word-wrap and keep columns shorter than about
|
42
|
+
72 characters or so. That way `git log` will show things
|
43
|
+
nicely even when it is indented.
|
44
|
+
```
|
45
|
+
|
46
|
+
### Developer's Certificate of Origin 1.0
|
47
|
+
|
48
|
+
By making a contribution to this project, I certify that:
|
49
|
+
|
50
|
+
* (a) The contribution was created in whole or in part by me and I
|
51
|
+
have the right to submit it under the open source license indicated
|
52
|
+
in the file; or
|
53
|
+
* (b) The contribution is based upon previous work that, to the best
|
54
|
+
of my knowledge, is covered under an appropriate open source license
|
55
|
+
and I have the right under that license to submit that work with
|
56
|
+
modifications, whether created in whole or in part by me, under the
|
57
|
+
same open source license (unless I am permitted to submit under a
|
58
|
+
different license), as indicated in the file; or
|
59
|
+
* (c) The contribution was provided directly to me by some other
|
60
|
+
person who certified (a), (b) or (c) and I have not modified it.
|
data/Gemfile.lock
CHANGED
@@ -1,116 +1,135 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
dependency_spy (0.
|
5
|
-
bibliothecary (~> 6.
|
6
|
-
colorize (
|
7
|
-
semantic_range (~> 2.
|
4
|
+
dependency_spy (0.6.1)
|
5
|
+
bibliothecary (~> 6.6)
|
6
|
+
colorize (= 0.8.1)
|
7
|
+
semantic_range (~> 2.2)
|
8
8
|
thor (~> 0.20)
|
9
|
-
yavdb (~> 0.
|
9
|
+
yavdb (~> 0.5)
|
10
10
|
|
11
11
|
GEM
|
12
12
|
remote: https://rubygems.org/
|
13
13
|
specs:
|
14
14
|
ansi (1.5.0)
|
15
15
|
ast (2.4.0)
|
16
|
-
bibliothecary (6.
|
16
|
+
bibliothecary (6.8.5)
|
17
17
|
commander
|
18
18
|
deb_control
|
19
19
|
librariesio-gem-parser
|
20
20
|
ox (>= 2.8.1)
|
21
21
|
sdl4r
|
22
|
+
strings
|
23
|
+
strings-ansi
|
22
24
|
toml-rb (~> 1.0)
|
23
25
|
typhoeus
|
24
26
|
citrus (3.0.2)
|
25
|
-
codacy-coverage (2.
|
27
|
+
codacy-coverage (2.2.0)
|
26
28
|
simplecov
|
27
29
|
colorize (0.8.1)
|
28
30
|
commander (4.4.7)
|
29
31
|
highline (~> 2.0.0)
|
30
32
|
deb_control (0.0.1)
|
31
33
|
diff-lcs (1.3)
|
32
|
-
docile (1.3.
|
33
|
-
ethon (0.
|
34
|
+
docile (1.3.2)
|
35
|
+
ethon (0.12.0)
|
34
36
|
ffi (>= 1.3.0)
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
37
|
+
execjs (2.7.0)
|
38
|
+
ffi (1.11.3)
|
39
|
+
highline (2.0.3)
|
40
|
+
jaro_winkler (1.5.4)
|
41
|
+
json (2.3.0)
|
42
|
+
kramdown (2.3.0)
|
43
|
+
rexml
|
40
44
|
librariesio-gem-parser (1.0.0)
|
45
|
+
libv8 (3.16.14.19-x86_64-linux)
|
41
46
|
oga (2.15)
|
42
47
|
ast
|
43
48
|
ruby-ll (~> 2.1)
|
44
|
-
ox (2.
|
45
|
-
parallel (1.
|
46
|
-
parser (2.
|
49
|
+
ox (2.12.0)
|
50
|
+
parallel (1.19.1)
|
51
|
+
parser (2.7.0.2)
|
47
52
|
ast (~> 2.4.0)
|
48
|
-
powerpack (0.1.2)
|
49
53
|
rainbow (3.0.0)
|
50
|
-
rake (
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
rspec-
|
55
|
-
|
54
|
+
rake (13.0.1)
|
55
|
+
ref (2.0.0)
|
56
|
+
rexml (3.2.4)
|
57
|
+
rspec (3.9.0)
|
58
|
+
rspec-core (~> 3.9.0)
|
59
|
+
rspec-expectations (~> 3.9.0)
|
60
|
+
rspec-mocks (~> 3.9.0)
|
61
|
+
rspec-collection_matchers (1.2.0)
|
56
62
|
rspec-expectations (>= 2.99.0.beta1)
|
57
|
-
rspec-core (3.
|
58
|
-
rspec-support (~> 3.
|
59
|
-
rspec-expectations (3.
|
63
|
+
rspec-core (3.9.1)
|
64
|
+
rspec-support (~> 3.9.1)
|
65
|
+
rspec-expectations (3.9.0)
|
60
66
|
diff-lcs (>= 1.2.0, < 2.0)
|
61
|
-
rspec-support (~> 3.
|
62
|
-
rspec-mocks (3.
|
67
|
+
rspec-support (~> 3.9.0)
|
68
|
+
rspec-mocks (3.9.1)
|
63
69
|
diff-lcs (>= 1.2.0, < 2.0)
|
64
|
-
rspec-support (~> 3.
|
65
|
-
rspec-support (3.
|
66
|
-
rubocop (0.
|
70
|
+
rspec-support (~> 3.9.0)
|
71
|
+
rspec-support (3.9.2)
|
72
|
+
rubocop (0.79.0)
|
67
73
|
jaro_winkler (~> 1.5.1)
|
68
74
|
parallel (~> 1.10)
|
69
|
-
parser (>= 2.
|
70
|
-
powerpack (~> 0.1)
|
75
|
+
parser (>= 2.7.0.1)
|
71
76
|
rainbow (>= 2.2.2, < 4.0)
|
72
77
|
ruby-progressbar (~> 1.7)
|
73
|
-
unicode-display_width (
|
74
|
-
rubocop-
|
75
|
-
rubocop (>= 0.
|
78
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
79
|
+
rubocop-performance (1.5.2)
|
80
|
+
rubocop (>= 0.71.0)
|
81
|
+
rubocop-rspec (1.37.1)
|
82
|
+
rubocop (>= 0.68.1)
|
76
83
|
ruby-ll (2.1.2)
|
77
84
|
ansi
|
78
85
|
ast
|
79
|
-
ruby-progressbar (1.10.
|
86
|
+
ruby-progressbar (1.10.1)
|
80
87
|
sdl4r (0.9.11)
|
81
88
|
semantic_interval (0.1.0)
|
82
|
-
semantic_range (2.1
|
83
|
-
simplecov (0.
|
89
|
+
semantic_range (2.2.1)
|
90
|
+
simplecov (0.17.1)
|
84
91
|
docile (~> 1.1)
|
85
92
|
json (>= 1.8, < 3)
|
86
93
|
simplecov-html (~> 0.10.0)
|
87
94
|
simplecov-html (0.10.2)
|
88
|
-
|
95
|
+
strings (0.1.8)
|
96
|
+
strings-ansi (~> 0.1)
|
97
|
+
unicode-display_width (~> 1.5)
|
98
|
+
unicode_utils (~> 1.4)
|
99
|
+
strings-ansi (0.2.0)
|
100
|
+
therubyracer (0.12.3)
|
101
|
+
libv8 (~> 3.16.14.15)
|
102
|
+
ref
|
103
|
+
thor (0.20.3)
|
89
104
|
toml-rb (1.1.2)
|
90
105
|
citrus (~> 3.0, > 3.0)
|
91
|
-
typhoeus (1.3.
|
106
|
+
typhoeus (1.3.1)
|
92
107
|
ethon (>= 0.9.0)
|
93
|
-
unicode-display_width (1.
|
94
|
-
|
95
|
-
|
96
|
-
|
108
|
+
unicode-display_width (1.6.0)
|
109
|
+
unicode_utils (1.4.0)
|
110
|
+
yavdb (0.5.5)
|
111
|
+
execjs (~> 2.7)
|
112
|
+
json (~> 2.2)
|
113
|
+
kramdown (~> 2.1)
|
97
114
|
oga (~> 2.15)
|
98
115
|
semantic_interval (~> 0.1)
|
116
|
+
therubyracer (~> 0.12)
|
99
117
|
thor (~> 0.20)
|
118
|
+
toml-rb (~> 1.1)
|
100
119
|
|
101
120
|
PLATFORMS
|
102
121
|
ruby
|
103
122
|
|
104
123
|
DEPENDENCIES
|
105
|
-
bundler (~> 1.16)
|
106
124
|
codacy-coverage
|
107
125
|
dependency_spy!
|
108
|
-
rake (~>
|
126
|
+
rake (~> 13.0)
|
109
127
|
rspec (~> 3.8)
|
110
128
|
rspec-collection_matchers (~> 1.1)
|
111
129
|
rubocop (~> 0.59)
|
130
|
+
rubocop-performance (~> 1.5)
|
112
131
|
rubocop-rspec (~> 1.29)
|
113
132
|
simplecov
|
114
133
|
|
115
134
|
BUNDLED WITH
|
116
|
-
1.
|
135
|
+
2.1.4
|
data/README.md
CHANGED
data/dependency_spy.gemspec
CHANGED
@@ -20,24 +20,24 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.executables = ['dependency_spy', 'depspy']
|
21
21
|
spec.require_paths = ['lib']
|
22
22
|
|
23
|
-
spec.required_ruby_version = '>= 2.
|
23
|
+
spec.required_ruby_version = '>= 2.5.5'
|
24
24
|
|
25
25
|
# Development
|
26
|
-
spec.add_development_dependency 'bundler', ['~> 1.16']
|
27
26
|
spec.add_development_dependency 'codacy-coverage'
|
28
|
-
spec.add_development_dependency 'rake',
|
27
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
29
28
|
spec.add_development_dependency 'rspec', ['~> 3.8']
|
30
29
|
spec.add_development_dependency 'rspec-collection_matchers', ['~> 1.1']
|
31
30
|
spec.add_development_dependency 'simplecov'
|
32
31
|
|
33
32
|
# Linters
|
34
33
|
spec.add_development_dependency 'rubocop', ['~> 0.59']
|
34
|
+
spec.add_development_dependency 'rubocop-performance', ['~> 1.5']
|
35
35
|
spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
|
36
36
|
|
37
37
|
# Runtime
|
38
|
-
spec.add_runtime_dependency 'bibliothecary', ['~> 6.
|
39
|
-
spec.add_runtime_dependency 'colorize', ['
|
40
|
-
spec.add_runtime_dependency 'semantic_range', ['~> 2.
|
38
|
+
spec.add_runtime_dependency 'bibliothecary', ['~> 6.6']
|
39
|
+
spec.add_runtime_dependency 'colorize', ['0.8.1']
|
40
|
+
spec.add_runtime_dependency 'semantic_range', ['~> 2.2']
|
41
41
|
spec.add_runtime_dependency 'thor', ['~> 0.20']
|
42
|
-
spec.add_runtime_dependency 'yavdb', ['~> 0.
|
42
|
+
spec.add_runtime_dependency 'yavdb', ['~> 0.5']
|
43
43
|
end
|
data/example.depspy.yml
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
path: '/path/to/files' # Path to find files. DEFAULT: Dir.pwd
|
2
|
+
files: 'comma.sep,file.list' # Specific file list relative to `path`. DEFAULT: All files
|
3
|
+
formatter: 'text' # Output format. DEFAULT: text; AVAILABLE: text,json,yaml
|
4
|
+
platform: 'rubygems' # Supported YAVDB package manager lookup. DEFAULT: not specified (ALL); AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L31)
|
5
|
+
output-path: '/path/to/output' # Path to generate report to. DEFAULT: not specified (console output)
|
6
|
+
database-path: '/path/to/yavdb/database' # Path to find/store local YAVDB DB. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L28)
|
7
|
+
offline: false # Operate in offline mode (don't try to get YAVDB). Must have local YAVDB available. DEFAULT: false; AVAILABLE: true,false
|
8
|
+
severity-threshold: 'low' # Threshold for non-zero exit status. Doesn't change output. DEFAULT: 'low'; AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L33)
|
9
|
+
with-color: true # Generate colored console output. DEFAULT: true; AVAILABLE: true,false
|
10
|
+
ignore: # A list of all YAVDB vulnerability identifiers to ignore. Removes from output.
|
11
|
+
- "identifier:to:ignore:19551105"
|
12
|
+
vuln-db-path: '/path/to/yavdb' # Path to local YAVDB for updating. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L27)
|
data/lib/dependency_spy.rb
CHANGED
@@ -28,25 +28,32 @@ require_relative 'dependency_spy/semver'
|
|
28
28
|
module DependencySpy
|
29
29
|
class API
|
30
30
|
|
31
|
-
def self.check(
|
31
|
+
def self.check(options)
|
32
|
+
verbose = options[:verbose]
|
33
|
+
path = options[:path] || Dir.pwd
|
34
|
+
files = options[:files]
|
35
|
+
platform = options[:platform]
|
36
|
+
database_path = options[:database_path] || YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH
|
37
|
+
offline = options[:offline] || false
|
38
|
+
ignore = options[:ignore] || []
|
39
|
+
|
32
40
|
if !File.exist?(database_path) && offline
|
33
41
|
puts 'No local database found. Cannot obtain database since offline mode is enabled.'
|
34
42
|
exit(10)
|
35
43
|
elsif !offline
|
36
|
-
puts 'Going to update the local vulnerability database.'
|
44
|
+
puts 'Going to update the local vulnerability database.' if verbose
|
37
45
|
YAVDB::API.download_database(false, YAVDB::Constants::DEFAULT_YAVDB_PATH)
|
38
46
|
end
|
39
47
|
|
40
48
|
path = File.expand_path(path)
|
41
49
|
package_managers = find_platform(platform)
|
42
50
|
file_list = if !files.nil?
|
43
|
-
files.split(',')
|
51
|
+
files.split(',').map { |f| "#{path}/#{f}" }
|
44
52
|
elsif File.file?(path)
|
45
53
|
path = File.dirname(path)
|
46
54
|
[File.basename(path)]
|
47
55
|
else
|
48
|
-
|
49
|
-
cmd.split("\n").sort
|
56
|
+
Bibliothecary.load_file_info_list(path).map(&:full_path)
|
50
57
|
end
|
51
58
|
manifests = package_managers.map { |pm| pm.analyse(path, file_list) }.flatten.compact
|
52
59
|
manifests.map do |manifest|
|
@@ -65,9 +72,13 @@ module DependencySpy
|
|
65
72
|
vulnerable = vuln.vulnerable_versions ? vuln.vulnerable_versions.any? { |vv| DependencySpy::SemVer.intersects(vv, version) } : false
|
66
73
|
unaffected = vuln.unaffected_versions ? vuln.unaffected_versions.any? { |vu| DependencySpy::SemVer.intersects(vu, version) } : false
|
67
74
|
patched = vuln.patched_versions ? vuln.patched_versions.any? { |vp| DependencySpy::SemVer.intersects(vp, version) } : false
|
75
|
+
ignored = ignore.include?(vuln.id)
|
68
76
|
|
69
77
|
if unaffected || patched
|
70
78
|
false
|
79
|
+
elsif ignored
|
80
|
+
puts "Skipping ignored vulnerability with #{vuln.id}." if verbose
|
81
|
+
false
|
71
82
|
else
|
72
83
|
vulnerable
|
73
84
|
end
|
data/lib/dependency_spy/cli.rb
CHANGED
@@ -24,6 +24,7 @@ require_relative 'formatters/yaml'
|
|
24
24
|
require_relative 'outputs/stdout'
|
25
25
|
require_relative 'outputs/file'
|
26
26
|
require_relative 'helper/helper'
|
27
|
+
require_relative 'helper/config_file'
|
27
28
|
|
28
29
|
module DependencySpy
|
29
30
|
class CLI < Thor
|
@@ -37,31 +38,49 @@ module DependencySpy
|
|
37
38
|
DependencySpy::Formatters::Yaml
|
38
39
|
]
|
39
40
|
|
40
|
-
class_option('verbose', :type => :boolean
|
41
|
+
class_option('verbose', :type => :boolean)
|
41
42
|
|
42
43
|
desc('check', 'Check dependencies for known vulnerabilities')
|
43
|
-
method_option('path', :aliases => :
|
44
|
+
method_option('config-file-path', :aliases => :c, :type => :string)
|
45
|
+
method_option('path', :aliases => :p, :type => :string)
|
44
46
|
method_option('files', :type => :string)
|
45
|
-
method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase }
|
47
|
+
method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase })
|
46
48
|
method_option('platform', :aliases => :m, :type => :string, :enum => YAVDB::Constants::POSSIBLE_PACKAGE_MANAGERS.map(&:downcase))
|
47
49
|
method_option('output-path', :aliases => :o, :type => :string)
|
48
|
-
method_option('database-path', :type => :string, :aliases => :p
|
49
|
-
method_option('offline', :type => :boolean
|
50
|
-
method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES
|
51
|
-
method_option('with-color', :type => :boolean
|
50
|
+
method_option('database-path', :type => :string, :aliases => :p)
|
51
|
+
method_option('offline', :type => :boolean)
|
52
|
+
method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES)
|
53
|
+
method_option('with-color', :type => :boolean)
|
54
|
+
method_option('ignore', :aliases => :i, :type => :array)
|
52
55
|
def check
|
53
|
-
|
56
|
+
defaults = {
|
57
|
+
'verbose' => false,
|
58
|
+
'path' => Dir.pwd,
|
59
|
+
'formatter' => FORMATTERS.first.name.split('::').last.downcase,
|
60
|
+
'database-path' => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH,
|
61
|
+
'offline' => false,
|
62
|
+
'severity-threshold' => 'low',
|
63
|
+
'with-color' => true,
|
64
|
+
'ignore' => []
|
65
|
+
}
|
66
|
+
the_options = defaults.merge(options)
|
54
67
|
|
55
|
-
|
56
|
-
|
68
|
+
api_options = the_options.transform_keys(&:to_sym)
|
69
|
+
api_options[:database_path] = api_options[:'database-path']
|
70
|
+
the_options.freeze
|
71
|
+
api_options.freeze
|
72
|
+
manifests = API.check(api_options)
|
73
|
+
|
74
|
+
formatted_output = if (the_options['formatter'] == 'text') && !the_options['output-path'] && the_options['with-color']
|
75
|
+
DependencySpy::Formatters::Text.format(manifests, the_options['severity-threshold'])
|
57
76
|
else
|
58
77
|
FORMATTERS
|
59
|
-
.find { |f| f.name.split('::').last.downcase ==
|
78
|
+
.find { |f| f.name.split('::').last.downcase == the_options['formatter'] }
|
60
79
|
.format(manifests)
|
61
80
|
end
|
62
81
|
|
63
|
-
if
|
64
|
-
DependencySpy::Outputs::FileSystem.write(
|
82
|
+
if the_options['output-path']
|
83
|
+
DependencySpy::Outputs::FileSystem.write(the_options['output-path'], formatted_output)
|
65
84
|
else
|
66
85
|
DependencySpy::Outputs::StdOut.write(formatted_output)
|
67
86
|
end
|
@@ -70,7 +89,7 @@ module DependencySpy
|
|
70
89
|
manifests.any? do |manifest|
|
71
90
|
manifest[:dependencies]&.any? do |dependency|
|
72
91
|
dependency[:vulnerabilities]&.any? do |vuln|
|
73
|
-
DependencySpy::Helper.severity_above_threshold?(vuln.severity,
|
92
|
+
DependencySpy::Helper.severity_above_threshold?(vuln.severity, the_options['severity-threshold'])
|
74
93
|
end
|
75
94
|
end
|
76
95
|
end
|
@@ -78,11 +97,25 @@ module DependencySpy
|
|
78
97
|
exit(1) if has_vulnerabilities
|
79
98
|
end
|
80
99
|
|
81
|
-
method_option('vuln-db-path', :aliases => :d, :type => :string
|
100
|
+
method_option('vuln-db-path', :aliases => :d, :type => :string)
|
82
101
|
desc('update', 'Download or update database from the official yavdb repository.')
|
83
102
|
|
84
103
|
def update
|
85
|
-
|
104
|
+
defaults = {
|
105
|
+
'verbose' => false,
|
106
|
+
'vuln-db-path' => YAVDB::Constants::DEFAULT_YAVDB_PATH
|
107
|
+
}
|
108
|
+
the_options = defaults.merge(options)
|
109
|
+
the_options.freeze
|
110
|
+
API.update(the_options['vuln-db-path'])
|
111
|
+
end
|
112
|
+
|
113
|
+
private
|
114
|
+
|
115
|
+
def options
|
116
|
+
cli_options = super
|
117
|
+
config_file_options = DependencySpy::ConfigFile.get_config(cli_options[:'config-file-path'])
|
118
|
+
config_file_options.merge(cli_options)
|
86
119
|
end
|
87
120
|
|
88
121
|
end
|
@@ -28,13 +28,15 @@ module DependencySpy
|
|
28
28
|
|
29
29
|
package_header = " Vulnerable: #{package.name}/#{package.type}:#{package.version}"
|
30
30
|
package_body = package.vulnerabilities.map do |vuln|
|
31
|
-
|
32
|
-
|
33
|
-
|
31
|
+
body = ''
|
32
|
+
body += " Title: #{vuln.title}\n"
|
33
|
+
body += " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
|
34
|
+
body += " Source: #{vuln.source_url}\n"
|
35
|
+
body += " Identifier: #{vuln.id}\n\n"
|
34
36
|
if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
|
35
|
-
|
37
|
+
body.red
|
36
38
|
else
|
37
|
-
|
39
|
+
body
|
38
40
|
end
|
39
41
|
end
|
40
42
|
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module DependencySpy
|
4
|
+
class ConfigFile
|
5
|
+
|
6
|
+
SAFE_CONFIG_PARAMS = [
|
7
|
+
'path',
|
8
|
+
'files',
|
9
|
+
'formatter',
|
10
|
+
'platform',
|
11
|
+
'output-path',
|
12
|
+
'database-path',
|
13
|
+
'offline',
|
14
|
+
'severity-threshold',
|
15
|
+
'with-color',
|
16
|
+
'ignore',
|
17
|
+
'vuln-db-path'
|
18
|
+
].freeze
|
19
|
+
|
20
|
+
def self.get_config(config_file_path = nil)
|
21
|
+
if !config_file_path.nil? && !File.file?(config_file_path)
|
22
|
+
puts 'Config file specified but not found.'
|
23
|
+
exit(10)
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
begin
|
28
|
+
file_path = config_file_path || '.depspy.yml'
|
29
|
+
config = YAML.load_file(file_path) || {}
|
30
|
+
config.slice(*SAFE_CONFIG_PARAMS)
|
31
|
+
rescue Errno::ENOENT
|
32
|
+
{}
|
33
|
+
rescue Psych::SyntaxError => e
|
34
|
+
puts 'Config File Parsing Error:'
|
35
|
+
puts e.message
|
36
|
+
exit(10)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
@@ -42,6 +42,7 @@ module DependencySpy
|
|
42
42
|
private
|
43
43
|
|
44
44
|
def parse(version_or_range, loose = false)
|
45
|
+
version_or_range = '>= 0.0.0' if version_or_range == '*'
|
45
46
|
return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
|
46
47
|
version_or_range.is_a?(SemanticRange::Version)
|
47
48
|
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependency_spy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rodrigo Fernandes
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-09-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: bundler
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '1.16'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '1.16'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: codacy-coverage
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,14 +30,14 @@ dependencies:
|
|
44
30
|
requirements:
|
45
31
|
- - "~>"
|
46
32
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
33
|
+
version: '13.0'
|
48
34
|
type: :development
|
49
35
|
prerelease: false
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
38
|
- - "~>"
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
40
|
+
version: '13.0'
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: rspec
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,6 +94,20 @@ dependencies:
|
|
108
94
|
- - "~>"
|
109
95
|
- !ruby/object:Gem::Version
|
110
96
|
version: '0.59'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rubocop-performance
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.5'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.5'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop-rspec
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,26 +128,26 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: '6.
|
131
|
+
version: '6.6'
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: '6.
|
138
|
+
version: '6.6'
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: colorize
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
|
-
- -
|
143
|
+
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
145
|
version: 0.8.1
|
146
146
|
type: :runtime
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
|
-
- -
|
150
|
+
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: 0.8.1
|
153
153
|
- !ruby/object:Gem::Dependency
|
@@ -156,14 +156,14 @@ dependencies:
|
|
156
156
|
requirements:
|
157
157
|
- - "~>"
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: '2.
|
159
|
+
version: '2.2'
|
160
160
|
type: :runtime
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: '2.
|
166
|
+
version: '2.2'
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: thor
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -184,14 +184,14 @@ dependencies:
|
|
184
184
|
requirements:
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: '0.
|
187
|
+
version: '0.5'
|
188
188
|
type: :runtime
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
192
|
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: '0.
|
194
|
+
version: '0.5'
|
195
195
|
description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
|
196
196
|
snyk.io, ossindex.net, nodesecurity.io\n "
|
197
197
|
email:
|
@@ -203,11 +203,15 @@ extensions: []
|
|
203
203
|
extra_rdoc_files: []
|
204
204
|
files:
|
205
205
|
- ".circleci/config.yml"
|
206
|
+
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
207
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
206
208
|
- ".gitignore"
|
207
209
|
- ".rspec"
|
208
210
|
- ".rubocop.yml"
|
211
|
+
- ".rubocop_todo.yml"
|
209
212
|
- ".ruby-version"
|
210
213
|
- CODE_OF_CONDUCT.md
|
214
|
+
- CONTRIBUTING.md
|
211
215
|
- Gemfile
|
212
216
|
- Gemfile.lock
|
213
217
|
- LICENSE
|
@@ -218,6 +222,7 @@ files:
|
|
218
222
|
- bin/depspy
|
219
223
|
- bin/setup
|
220
224
|
- dependency_spy.gemspec
|
225
|
+
- example.depspy.yml
|
221
226
|
- examples/Gemfile
|
222
227
|
- examples/Gemfile.lock
|
223
228
|
- examples/npm-shrinkwrap.json
|
@@ -229,6 +234,7 @@ files:
|
|
229
234
|
- lib/dependency_spy/formatters/json.rb
|
230
235
|
- lib/dependency_spy/formatters/text.rb
|
231
236
|
- lib/dependency_spy/formatters/yaml.rb
|
237
|
+
- lib/dependency_spy/helper/config_file.rb
|
232
238
|
- lib/dependency_spy/helper/helper.rb
|
233
239
|
- lib/dependency_spy/outputs/file.rb
|
234
240
|
- lib/dependency_spy/outputs/stdout.rb
|
@@ -246,7 +252,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
246
252
|
requirements:
|
247
253
|
- - ">="
|
248
254
|
- !ruby/object:Gem::Version
|
249
|
-
version: 2.
|
255
|
+
version: 2.5.5
|
250
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
251
257
|
requirements:
|
252
258
|
- - ">="
|
@@ -254,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
254
260
|
version: '0'
|
255
261
|
requirements: []
|
256
262
|
rubyforge_project:
|
257
|
-
rubygems_version: 2.
|
263
|
+
rubygems_version: 2.7.6.2
|
258
264
|
signing_key:
|
259
265
|
specification_version: 4
|
260
266
|
summary: Finds known vulnerabilities in your dependencies
|