dependency_spy 0.3.0 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.circleci/config.yml +6 -7
- data/.github/ISSUE_TEMPLATE/bug_report.md +32 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +20 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +70 -64
- data/.rubocop_todo.yml +34 -0
- data/.ruby-version +1 -1
- data/CONTRIBUTING.md +60 -0
- data/Gemfile.lock +68 -49
- data/README.md +1 -1
- data/dependency_spy.gemspec +7 -7
- data/example.depspy.yml +12 -0
- data/lib/dependency_spy.rb +16 -5
- data/lib/dependency_spy/cli.rb +49 -16
- data/lib/dependency_spy/formatters/json.rb +1 -1
- data/lib/dependency_spy/formatters/text.rb +7 -5
- data/lib/dependency_spy/formatters/yaml.rb +1 -1
- data/lib/dependency_spy/helper/config_file.rb +41 -0
- data/lib/dependency_spy/semver.rb +1 -0
- data/lib/dependency_spy/version.rb +1 -1
- metadata +34 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: bb58e1e3a80a6baba1c4c5386805977e22efba6b5a3e2631f732d08846034a2e
|
4
|
+
data.tar.gz: 989f3375b5eed793e0711592b17aafa2444de743cdf5a234fb9888fe309a26bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5d1be8417cab3fb934aab4d31a531f6a3da7587e09565080afbf0ef91d76e70bb48c054b8d470e8d80dcd6e5e80292ffd73e31372f08df00a3dc1b9b1e0dda19
|
7
|
+
data.tar.gz: 467f4211c000f6439701f3ec494f09928daa4f858300f837d5366b77b2dbd306586cb3636bbaca4e095a307a606836359c6645a1e9b7311e6a3036a2045b7eb8
|
data/.circleci/config.yml
CHANGED
@@ -4,21 +4,20 @@ jobs:
|
|
4
4
|
build-lint-test:
|
5
5
|
working_directory: ~/dependency_spy
|
6
6
|
docker:
|
7
|
-
- image: circleci/ruby:2.
|
7
|
+
- image: circleci/ruby:2.5.5
|
8
8
|
steps:
|
9
9
|
- checkout
|
10
10
|
|
11
|
-
- name: Install Bundler Version
|
12
|
-
type: shell
|
13
|
-
command: gem install bundler -v 1.16
|
14
|
-
|
15
11
|
- name: Restore cache
|
16
12
|
type: cache-restore
|
17
13
|
key: yavdb-{{ checksum "Gemfile.lock" }}
|
18
14
|
|
19
15
|
- name: Bundle Install
|
20
16
|
type: shell
|
21
|
-
command:
|
17
|
+
command: |
|
18
|
+
sudo gem update --system
|
19
|
+
gem install bundler
|
20
|
+
bundle install --path /tmp/vendor/bundle
|
22
21
|
|
23
22
|
- name: Save cache
|
24
23
|
type: cache-save
|
@@ -28,7 +27,7 @@ jobs:
|
|
28
27
|
|
29
28
|
- name: Vulnerable dependencies
|
30
29
|
type: shell
|
31
|
-
command: bundle exec depspy check --files Gemfile,Gemfile.lock
|
30
|
+
command: bundle exec bin/depspy check --files Gemfile,Gemfile.lock
|
32
31
|
|
33
32
|
- name: Rubocop
|
34
33
|
type: shell
|
@@ -0,0 +1,32 @@
|
|
1
|
+
---
|
2
|
+
name: Bug report
|
3
|
+
about: Create a report to help us improve
|
4
|
+
title: ''
|
5
|
+
labels: ''
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
|
10
|
+
**Describe the bug**
|
11
|
+
A clear and concise description of what the bug is.
|
12
|
+
|
13
|
+
**To Reproduce**
|
14
|
+
Steps to reproduce the behavior:
|
15
|
+
1. Go to '...'
|
16
|
+
2. Click on '....'
|
17
|
+
3. Scroll down to '....'
|
18
|
+
4. See error
|
19
|
+
|
20
|
+
**Expected behavior**
|
21
|
+
A clear and concise description of what you expected to happen.
|
22
|
+
|
23
|
+
**Screenshots**
|
24
|
+
If applicable, add screenshots to help explain your problem.
|
25
|
+
|
26
|
+
**Desktop (please complete the following information):**
|
27
|
+
- OS: [e.g. Windows, Linux, Mac]
|
28
|
+
- Ruby Version [e.g. 2.5.5]
|
29
|
+
- Version [e.g. 22]
|
30
|
+
|
31
|
+
**Additional context**
|
32
|
+
Add any other context about the problem here.
|
@@ -0,0 +1,20 @@
|
|
1
|
+
---
|
2
|
+
name: Feature request
|
3
|
+
about: Suggest an idea for this project
|
4
|
+
title: ''
|
5
|
+
labels: ''
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
|
10
|
+
**Is your feature request related to a problem? Please describe.**
|
11
|
+
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
|
12
|
+
|
13
|
+
**Describe the solution you'd like**
|
14
|
+
A clear and concise description of what you want to happen.
|
15
|
+
|
16
|
+
**Describe alternatives you've considered**
|
17
|
+
A clear and concise description of any alternative solutions or features you've considered.
|
18
|
+
|
19
|
+
**Additional context**
|
20
|
+
Add any other context or screenshots about the feature request here.
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,63 +1,69 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
3
|
+
require:
|
4
|
+
- rubocop-performance
|
5
|
+
- rubocop-rspec
|
6
|
+
|
1
7
|
AllCops:
|
2
8
|
# Include common Ruby source files.
|
3
9
|
Include:
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
10
|
+
- "**/*.builder"
|
11
|
+
- "**/*.fcgi"
|
12
|
+
- "**/*.gemspec"
|
13
|
+
- "**/*.god"
|
14
|
+
- "**/*.jb"
|
15
|
+
- "**/*.jbuilder"
|
16
|
+
- "**/*.mspec"
|
17
|
+
- "**/*.opal"
|
18
|
+
- "**/*.pluginspec"
|
19
|
+
- "**/*.podspec"
|
20
|
+
- "**/*.rabl"
|
21
|
+
- "**/*.rake"
|
22
|
+
- "**/*.rb"
|
23
|
+
- "**/*.rbuild"
|
24
|
+
- "**/*.rbw"
|
25
|
+
- "**/*.rbx"
|
26
|
+
- "**/*.ru"
|
27
|
+
- "**/*.ruby"
|
28
|
+
- "**/*.spec"
|
29
|
+
- "**/*.thor"
|
30
|
+
- "**/*.watchr"
|
31
|
+
- "**/.irbrc"
|
32
|
+
- "**/.pryrc"
|
33
|
+
- "**/buildfile"
|
34
|
+
- "**/config.ru"
|
35
|
+
- "**/Appraisals"
|
36
|
+
- "**/Berksfile"
|
37
|
+
- "**/Brewfile"
|
38
|
+
- "**/Buildfile"
|
39
|
+
- "**/Capfile"
|
40
|
+
- "**/Cheffile"
|
41
|
+
- "**/Dangerfile"
|
42
|
+
- "**/Deliverfile"
|
43
|
+
- "**/Fastfile"
|
44
|
+
- "**/*Fastfile"
|
45
|
+
- "**/Gemfile"
|
46
|
+
- "**/Guardfile"
|
47
|
+
- "**/Jarfile"
|
48
|
+
- "**/Mavenfile"
|
49
|
+
- "**/Podfile"
|
50
|
+
- "**/Puppetfile"
|
51
|
+
- "**/Rakefile"
|
52
|
+
- "**/Snapfile"
|
53
|
+
- "**/Thorfile"
|
54
|
+
- "**/Vagabondfile"
|
55
|
+
- "**/Vagrantfile"
|
50
56
|
Exclude:
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
+
- "database/**/*"
|
58
|
+
- "db/**/*"
|
59
|
+
- "tmp/**/*"
|
60
|
+
- "vendor/**/*"
|
61
|
+
- "bin/**/*"
|
62
|
+
- "log/**/*"
|
57
63
|
DefaultFormatter: progress
|
58
64
|
UseCache: false
|
59
65
|
DisplayCopNames: false
|
60
|
-
TargetRubyVersion: 2.
|
66
|
+
TargetRubyVersion: 2.5.5
|
61
67
|
|
62
68
|
Gemspec/OrderedDependencies:
|
63
69
|
Enabled: true
|
@@ -82,7 +88,7 @@ Layout/EmptyLinesAroundClassBody:
|
|
82
88
|
Enabled: true
|
83
89
|
EnforcedStyle: empty_lines_except_namespace
|
84
90
|
Exclude:
|
85
|
-
|
91
|
+
- "lib/dependency_spy/dtos/dependency.rb"
|
86
92
|
|
87
93
|
Layout/EmptyLinesAroundMethodBody:
|
88
94
|
Enabled: true
|
@@ -94,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
|
|
94
100
|
Layout/ExtraSpacing:
|
95
101
|
Enabled: true
|
96
102
|
|
97
|
-
Layout/
|
103
|
+
Layout/FirstArgumentIndentation:
|
98
104
|
Enabled: true
|
99
105
|
EnforcedStyle: consistent
|
100
106
|
IndentationWidth: 2
|
101
107
|
|
102
|
-
Layout/
|
108
|
+
Layout/FirstArrayElementIndentation:
|
103
109
|
Enabled: true
|
104
110
|
|
105
|
-
Layout/
|
111
|
+
Layout/AssignmentIndentation:
|
106
112
|
Enabled: true
|
107
113
|
|
108
|
-
Layout/
|
114
|
+
Layout/FirstHashElementIndentation:
|
109
115
|
Enabled: true
|
110
116
|
|
111
117
|
Layout/MultilineHashBraceLayout:
|
@@ -122,7 +128,7 @@ Layout/MultilineOperationIndentation:
|
|
122
128
|
Layout/SpaceAfterComma:
|
123
129
|
Enabled: true
|
124
130
|
|
125
|
-
Layout/
|
131
|
+
Layout/ParameterAlignment:
|
126
132
|
Enabled: true
|
127
133
|
EnforcedStyle: with_fixed_indentation
|
128
134
|
|
@@ -153,7 +159,7 @@ Lint/UselessAccessModifier:
|
|
153
159
|
Lint/UselessAssignment:
|
154
160
|
Enabled: true
|
155
161
|
|
156
|
-
Lint/
|
162
|
+
Lint/SuppressedException:
|
157
163
|
Enabled: true
|
158
164
|
|
159
165
|
Metrics/AbcSize:
|
@@ -164,7 +170,7 @@ Metrics/BlockLength:
|
|
164
170
|
Enabled: true
|
165
171
|
Max: 51
|
166
172
|
Exclude:
|
167
|
-
|
173
|
+
- "spec/snyk_io_spec.rb"
|
168
174
|
|
169
175
|
Metrics/ClassLength:
|
170
176
|
Enabled: false
|
@@ -174,7 +180,7 @@ Metrics/CyclomaticComplexity:
|
|
174
180
|
Enabled: false
|
175
181
|
Max: 15
|
176
182
|
|
177
|
-
|
183
|
+
Layout/LineLength:
|
178
184
|
Enabled: false
|
179
185
|
Max: 147
|
180
186
|
|
@@ -316,10 +322,10 @@ Style/TrailingCommaInHashLiteral:
|
|
316
322
|
Enabled: true
|
317
323
|
EnforcedStyleForMultiline: no_comma
|
318
324
|
|
319
|
-
Style/
|
325
|
+
Style/RedundantInterpolation:
|
320
326
|
Enabled: true
|
321
327
|
|
322
|
-
Style/
|
328
|
+
Style/RedundantPercentQ:
|
323
329
|
Enabled: true
|
324
330
|
|
325
331
|
Style/WhileUntilDo:
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config --auto-gen-only-exclude`
|
3
|
+
# on 2020-01-01 22:58:30 +0000 using RuboCop version 0.78.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 4
|
10
|
+
# Configuration parameters: Max.
|
11
|
+
RSpec/ExampleLength:
|
12
|
+
Exclude:
|
13
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
14
|
+
- 'spec/dependency_spy_spec.rb'
|
15
|
+
|
16
|
+
# Offense count: 2
|
17
|
+
# Configuration parameters: CustomTransform, IgnoreMethods.
|
18
|
+
RSpec/FilePath:
|
19
|
+
Exclude:
|
20
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
21
|
+
- 'spec/dependency_spy_spec.rb'
|
22
|
+
|
23
|
+
# Offense count: 5
|
24
|
+
# Configuration parameters: .
|
25
|
+
# SupportedStyles: have_received, receive
|
26
|
+
RSpec/MessageSpies:
|
27
|
+
EnforcedStyle: receive
|
28
|
+
|
29
|
+
# Offense count: 3
|
30
|
+
# Configuration parameters: Max, AggregateFailuresByDefault.
|
31
|
+
RSpec/MultipleExpectations:
|
32
|
+
Exclude:
|
33
|
+
- 'spec/dependency_spy_cli_spec.rb'
|
34
|
+
- 'spec/dependency_spy_spec.rb'
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.5.5
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
## How to contribute to dependency_spy
|
2
|
+
|
3
|
+
### Main rules
|
4
|
+
|
5
|
+
* Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/dependency_spy/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
|
6
|
+
|
7
|
+
* If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
|
8
|
+
|
9
|
+
* Before sending a pull request make sure your code is tested.
|
10
|
+
|
11
|
+
* Before sending a pull request for a feature, be sure to run tests.
|
12
|
+
|
13
|
+
* Use the same coding style as the rest of the codebase.
|
14
|
+
|
15
|
+
* Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
|
16
|
+
|
17
|
+
* After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/dependency_spy)
|
18
|
+
and that [Codacy](https://www.codacy.com/app/rtfpessoa/dependency_spy) is also confident in the code quality.
|
19
|
+
|
20
|
+
### Commit Style
|
21
|
+
|
22
|
+
Writing good commit logs is important. A commit log should describe what changed and why.
|
23
|
+
Follow these guidelines when writing one:
|
24
|
+
|
25
|
+
1. The first line should be 50 characters or less and contain a short
|
26
|
+
description of the change prefixed with the name of the changed
|
27
|
+
subsystem (e.g. "net: add localAddress and localPort to Socket").
|
28
|
+
2. Keep the second line blank.
|
29
|
+
3. Wrap all other lines at 72 columns.
|
30
|
+
|
31
|
+
A good commit log can look something like this:
|
32
|
+
|
33
|
+
```
|
34
|
+
subsystem: explaining the commit in one line
|
35
|
+
|
36
|
+
Body of commit message is a few lines of text, explaining things
|
37
|
+
in more detail, possibly giving some background about the issue
|
38
|
+
being fixed, etc. etc.
|
39
|
+
|
40
|
+
The body of the commit message can be several paragraphs, and
|
41
|
+
please do proper word-wrap and keep columns shorter than about
|
42
|
+
72 characters or so. That way `git log` will show things
|
43
|
+
nicely even when it is indented.
|
44
|
+
```
|
45
|
+
|
46
|
+
### Developer's Certificate of Origin 1.0
|
47
|
+
|
48
|
+
By making a contribution to this project, I certify that:
|
49
|
+
|
50
|
+
* (a) The contribution was created in whole or in part by me and I
|
51
|
+
have the right to submit it under the open source license indicated
|
52
|
+
in the file; or
|
53
|
+
* (b) The contribution is based upon previous work that, to the best
|
54
|
+
of my knowledge, is covered under an appropriate open source license
|
55
|
+
and I have the right under that license to submit that work with
|
56
|
+
modifications, whether created in whole or in part by me, under the
|
57
|
+
same open source license (unless I am permitted to submit under a
|
58
|
+
different license), as indicated in the file; or
|
59
|
+
* (c) The contribution was provided directly to me by some other
|
60
|
+
person who certified (a), (b) or (c) and I have not modified it.
|
data/Gemfile.lock
CHANGED
@@ -1,116 +1,135 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
dependency_spy (0.
|
5
|
-
bibliothecary (~> 6.
|
6
|
-
colorize (
|
7
|
-
semantic_range (~> 2.
|
4
|
+
dependency_spy (0.6.1)
|
5
|
+
bibliothecary (~> 6.6)
|
6
|
+
colorize (= 0.8.1)
|
7
|
+
semantic_range (~> 2.2)
|
8
8
|
thor (~> 0.20)
|
9
|
-
yavdb (~> 0.
|
9
|
+
yavdb (~> 0.5)
|
10
10
|
|
11
11
|
GEM
|
12
12
|
remote: https://rubygems.org/
|
13
13
|
specs:
|
14
14
|
ansi (1.5.0)
|
15
15
|
ast (2.4.0)
|
16
|
-
bibliothecary (6.
|
16
|
+
bibliothecary (6.8.5)
|
17
17
|
commander
|
18
18
|
deb_control
|
19
19
|
librariesio-gem-parser
|
20
20
|
ox (>= 2.8.1)
|
21
21
|
sdl4r
|
22
|
+
strings
|
23
|
+
strings-ansi
|
22
24
|
toml-rb (~> 1.0)
|
23
25
|
typhoeus
|
24
26
|
citrus (3.0.2)
|
25
|
-
codacy-coverage (2.
|
27
|
+
codacy-coverage (2.2.0)
|
26
28
|
simplecov
|
27
29
|
colorize (0.8.1)
|
28
30
|
commander (4.4.7)
|
29
31
|
highline (~> 2.0.0)
|
30
32
|
deb_control (0.0.1)
|
31
33
|
diff-lcs (1.3)
|
32
|
-
docile (1.3.
|
33
|
-
ethon (0.
|
34
|
+
docile (1.3.2)
|
35
|
+
ethon (0.12.0)
|
34
36
|
ffi (>= 1.3.0)
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
37
|
+
execjs (2.7.0)
|
38
|
+
ffi (1.11.3)
|
39
|
+
highline (2.0.3)
|
40
|
+
jaro_winkler (1.5.4)
|
41
|
+
json (2.3.0)
|
42
|
+
kramdown (2.3.0)
|
43
|
+
rexml
|
40
44
|
librariesio-gem-parser (1.0.0)
|
45
|
+
libv8 (3.16.14.19-x86_64-linux)
|
41
46
|
oga (2.15)
|
42
47
|
ast
|
43
48
|
ruby-ll (~> 2.1)
|
44
|
-
ox (2.
|
45
|
-
parallel (1.
|
46
|
-
parser (2.
|
49
|
+
ox (2.12.0)
|
50
|
+
parallel (1.19.1)
|
51
|
+
parser (2.7.0.2)
|
47
52
|
ast (~> 2.4.0)
|
48
|
-
powerpack (0.1.2)
|
49
53
|
rainbow (3.0.0)
|
50
|
-
rake (
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
rspec-
|
55
|
-
|
54
|
+
rake (13.0.1)
|
55
|
+
ref (2.0.0)
|
56
|
+
rexml (3.2.4)
|
57
|
+
rspec (3.9.0)
|
58
|
+
rspec-core (~> 3.9.0)
|
59
|
+
rspec-expectations (~> 3.9.0)
|
60
|
+
rspec-mocks (~> 3.9.0)
|
61
|
+
rspec-collection_matchers (1.2.0)
|
56
62
|
rspec-expectations (>= 2.99.0.beta1)
|
57
|
-
rspec-core (3.
|
58
|
-
rspec-support (~> 3.
|
59
|
-
rspec-expectations (3.
|
63
|
+
rspec-core (3.9.1)
|
64
|
+
rspec-support (~> 3.9.1)
|
65
|
+
rspec-expectations (3.9.0)
|
60
66
|
diff-lcs (>= 1.2.0, < 2.0)
|
61
|
-
rspec-support (~> 3.
|
62
|
-
rspec-mocks (3.
|
67
|
+
rspec-support (~> 3.9.0)
|
68
|
+
rspec-mocks (3.9.1)
|
63
69
|
diff-lcs (>= 1.2.0, < 2.0)
|
64
|
-
rspec-support (~> 3.
|
65
|
-
rspec-support (3.
|
66
|
-
rubocop (0.
|
70
|
+
rspec-support (~> 3.9.0)
|
71
|
+
rspec-support (3.9.2)
|
72
|
+
rubocop (0.79.0)
|
67
73
|
jaro_winkler (~> 1.5.1)
|
68
74
|
parallel (~> 1.10)
|
69
|
-
parser (>= 2.
|
70
|
-
powerpack (~> 0.1)
|
75
|
+
parser (>= 2.7.0.1)
|
71
76
|
rainbow (>= 2.2.2, < 4.0)
|
72
77
|
ruby-progressbar (~> 1.7)
|
73
|
-
unicode-display_width (
|
74
|
-
rubocop-
|
75
|
-
rubocop (>= 0.
|
78
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
79
|
+
rubocop-performance (1.5.2)
|
80
|
+
rubocop (>= 0.71.0)
|
81
|
+
rubocop-rspec (1.37.1)
|
82
|
+
rubocop (>= 0.68.1)
|
76
83
|
ruby-ll (2.1.2)
|
77
84
|
ansi
|
78
85
|
ast
|
79
|
-
ruby-progressbar (1.10.
|
86
|
+
ruby-progressbar (1.10.1)
|
80
87
|
sdl4r (0.9.11)
|
81
88
|
semantic_interval (0.1.0)
|
82
|
-
semantic_range (2.1
|
83
|
-
simplecov (0.
|
89
|
+
semantic_range (2.2.1)
|
90
|
+
simplecov (0.17.1)
|
84
91
|
docile (~> 1.1)
|
85
92
|
json (>= 1.8, < 3)
|
86
93
|
simplecov-html (~> 0.10.0)
|
87
94
|
simplecov-html (0.10.2)
|
88
|
-
|
95
|
+
strings (0.1.8)
|
96
|
+
strings-ansi (~> 0.1)
|
97
|
+
unicode-display_width (~> 1.5)
|
98
|
+
unicode_utils (~> 1.4)
|
99
|
+
strings-ansi (0.2.0)
|
100
|
+
therubyracer (0.12.3)
|
101
|
+
libv8 (~> 3.16.14.15)
|
102
|
+
ref
|
103
|
+
thor (0.20.3)
|
89
104
|
toml-rb (1.1.2)
|
90
105
|
citrus (~> 3.0, > 3.0)
|
91
|
-
typhoeus (1.3.
|
106
|
+
typhoeus (1.3.1)
|
92
107
|
ethon (>= 0.9.0)
|
93
|
-
unicode-display_width (1.
|
94
|
-
|
95
|
-
|
96
|
-
|
108
|
+
unicode-display_width (1.6.0)
|
109
|
+
unicode_utils (1.4.0)
|
110
|
+
yavdb (0.5.5)
|
111
|
+
execjs (~> 2.7)
|
112
|
+
json (~> 2.2)
|
113
|
+
kramdown (~> 2.1)
|
97
114
|
oga (~> 2.15)
|
98
115
|
semantic_interval (~> 0.1)
|
116
|
+
therubyracer (~> 0.12)
|
99
117
|
thor (~> 0.20)
|
118
|
+
toml-rb (~> 1.1)
|
100
119
|
|
101
120
|
PLATFORMS
|
102
121
|
ruby
|
103
122
|
|
104
123
|
DEPENDENCIES
|
105
|
-
bundler (~> 1.16)
|
106
124
|
codacy-coverage
|
107
125
|
dependency_spy!
|
108
|
-
rake (~>
|
126
|
+
rake (~> 13.0)
|
109
127
|
rspec (~> 3.8)
|
110
128
|
rspec-collection_matchers (~> 1.1)
|
111
129
|
rubocop (~> 0.59)
|
130
|
+
rubocop-performance (~> 1.5)
|
112
131
|
rubocop-rspec (~> 1.29)
|
113
132
|
simplecov
|
114
133
|
|
115
134
|
BUNDLED WITH
|
116
|
-
1.
|
135
|
+
2.1.4
|
data/README.md
CHANGED
data/dependency_spy.gemspec
CHANGED
@@ -20,24 +20,24 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.executables = ['dependency_spy', 'depspy']
|
21
21
|
spec.require_paths = ['lib']
|
22
22
|
|
23
|
-
spec.required_ruby_version = '>= 2.
|
23
|
+
spec.required_ruby_version = '>= 2.5.5'
|
24
24
|
|
25
25
|
# Development
|
26
|
-
spec.add_development_dependency 'bundler', ['~> 1.16']
|
27
26
|
spec.add_development_dependency 'codacy-coverage'
|
28
|
-
spec.add_development_dependency 'rake',
|
27
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
29
28
|
spec.add_development_dependency 'rspec', ['~> 3.8']
|
30
29
|
spec.add_development_dependency 'rspec-collection_matchers', ['~> 1.1']
|
31
30
|
spec.add_development_dependency 'simplecov'
|
32
31
|
|
33
32
|
# Linters
|
34
33
|
spec.add_development_dependency 'rubocop', ['~> 0.59']
|
34
|
+
spec.add_development_dependency 'rubocop-performance', ['~> 1.5']
|
35
35
|
spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
|
36
36
|
|
37
37
|
# Runtime
|
38
|
-
spec.add_runtime_dependency 'bibliothecary', ['~> 6.
|
39
|
-
spec.add_runtime_dependency 'colorize', ['
|
40
|
-
spec.add_runtime_dependency 'semantic_range', ['~> 2.
|
38
|
+
spec.add_runtime_dependency 'bibliothecary', ['~> 6.6']
|
39
|
+
spec.add_runtime_dependency 'colorize', ['0.8.1']
|
40
|
+
spec.add_runtime_dependency 'semantic_range', ['~> 2.2']
|
41
41
|
spec.add_runtime_dependency 'thor', ['~> 0.20']
|
42
|
-
spec.add_runtime_dependency 'yavdb', ['~> 0.
|
42
|
+
spec.add_runtime_dependency 'yavdb', ['~> 0.5']
|
43
43
|
end
|
data/example.depspy.yml
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
path: '/path/to/files' # Path to find files. DEFAULT: Dir.pwd
|
2
|
+
files: 'comma.sep,file.list' # Specific file list relative to `path`. DEFAULT: All files
|
3
|
+
formatter: 'text' # Output format. DEFAULT: text; AVAILABLE: text,json,yaml
|
4
|
+
platform: 'rubygems' # Supported YAVDB package manager lookup. DEFAULT: not specified (ALL); AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L31)
|
5
|
+
output-path: '/path/to/output' # Path to generate report to. DEFAULT: not specified (console output)
|
6
|
+
database-path: '/path/to/yavdb/database' # Path to find/store local YAVDB DB. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L28)
|
7
|
+
offline: false # Operate in offline mode (don't try to get YAVDB). Must have local YAVDB available. DEFAULT: false; AVAILABLE: true,false
|
8
|
+
severity-threshold: 'low' # Threshold for non-zero exit status. Doesn't change output. DEFAULT: 'low'; AVAILABLE: (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L33)
|
9
|
+
with-color: true # Generate colored console output. DEFAULT: true; AVAILABLE: true,false
|
10
|
+
ignore: # A list of all YAVDB vulnerability identifiers to ignore. Removes from output.
|
11
|
+
- "identifier:to:ignore:19551105"
|
12
|
+
vuln-db-path: '/path/to/yavdb' # Path to local YAVDB for updating. DEFAULT: YAVDB::Constants::DEFAULT_YAVDB_PATH (See: https://github.com/rtfpessoa/yavdb/blob/master/lib/yavdb/constants.rb#L27)
|
data/lib/dependency_spy.rb
CHANGED
@@ -28,25 +28,32 @@ require_relative 'dependency_spy/semver'
|
|
28
28
|
module DependencySpy
|
29
29
|
class API
|
30
30
|
|
31
|
-
def self.check(
|
31
|
+
def self.check(options)
|
32
|
+
verbose = options[:verbose]
|
33
|
+
path = options[:path] || Dir.pwd
|
34
|
+
files = options[:files]
|
35
|
+
platform = options[:platform]
|
36
|
+
database_path = options[:database_path] || YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH
|
37
|
+
offline = options[:offline] || false
|
38
|
+
ignore = options[:ignore] || []
|
39
|
+
|
32
40
|
if !File.exist?(database_path) && offline
|
33
41
|
puts 'No local database found. Cannot obtain database since offline mode is enabled.'
|
34
42
|
exit(10)
|
35
43
|
elsif !offline
|
36
|
-
puts 'Going to update the local vulnerability database.'
|
44
|
+
puts 'Going to update the local vulnerability database.' if verbose
|
37
45
|
YAVDB::API.download_database(false, YAVDB::Constants::DEFAULT_YAVDB_PATH)
|
38
46
|
end
|
39
47
|
|
40
48
|
path = File.expand_path(path)
|
41
49
|
package_managers = find_platform(platform)
|
42
50
|
file_list = if !files.nil?
|
43
|
-
files.split(',')
|
51
|
+
files.split(',').map { |f| "#{path}/#{f}" }
|
44
52
|
elsif File.file?(path)
|
45
53
|
path = File.dirname(path)
|
46
54
|
[File.basename(path)]
|
47
55
|
else
|
48
|
-
|
49
|
-
cmd.split("\n").sort
|
56
|
+
Bibliothecary.load_file_info_list(path).map(&:full_path)
|
50
57
|
end
|
51
58
|
manifests = package_managers.map { |pm| pm.analyse(path, file_list) }.flatten.compact
|
52
59
|
manifests.map do |manifest|
|
@@ -65,9 +72,13 @@ module DependencySpy
|
|
65
72
|
vulnerable = vuln.vulnerable_versions ? vuln.vulnerable_versions.any? { |vv| DependencySpy::SemVer.intersects(vv, version) } : false
|
66
73
|
unaffected = vuln.unaffected_versions ? vuln.unaffected_versions.any? { |vu| DependencySpy::SemVer.intersects(vu, version) } : false
|
67
74
|
patched = vuln.patched_versions ? vuln.patched_versions.any? { |vp| DependencySpy::SemVer.intersects(vp, version) } : false
|
75
|
+
ignored = ignore.include?(vuln.id)
|
68
76
|
|
69
77
|
if unaffected || patched
|
70
78
|
false
|
79
|
+
elsif ignored
|
80
|
+
puts "Skipping ignored vulnerability with #{vuln.id}." if verbose
|
81
|
+
false
|
71
82
|
else
|
72
83
|
vulnerable
|
73
84
|
end
|
data/lib/dependency_spy/cli.rb
CHANGED
@@ -24,6 +24,7 @@ require_relative 'formatters/yaml'
|
|
24
24
|
require_relative 'outputs/stdout'
|
25
25
|
require_relative 'outputs/file'
|
26
26
|
require_relative 'helper/helper'
|
27
|
+
require_relative 'helper/config_file'
|
27
28
|
|
28
29
|
module DependencySpy
|
29
30
|
class CLI < Thor
|
@@ -37,31 +38,49 @@ module DependencySpy
|
|
37
38
|
DependencySpy::Formatters::Yaml
|
38
39
|
]
|
39
40
|
|
40
|
-
class_option('verbose', :type => :boolean
|
41
|
+
class_option('verbose', :type => :boolean)
|
41
42
|
|
42
43
|
desc('check', 'Check dependencies for known vulnerabilities')
|
43
|
-
method_option('path', :aliases => :
|
44
|
+
method_option('config-file-path', :aliases => :c, :type => :string)
|
45
|
+
method_option('path', :aliases => :p, :type => :string)
|
44
46
|
method_option('files', :type => :string)
|
45
|
-
method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase }
|
47
|
+
method_option('formatter', :aliases => :f, :type => :string, :enum => FORMATTERS.map { |f| f.name.split('::').last.downcase })
|
46
48
|
method_option('platform', :aliases => :m, :type => :string, :enum => YAVDB::Constants::POSSIBLE_PACKAGE_MANAGERS.map(&:downcase))
|
47
49
|
method_option('output-path', :aliases => :o, :type => :string)
|
48
|
-
method_option('database-path', :type => :string, :aliases => :p
|
49
|
-
method_option('offline', :type => :boolean
|
50
|
-
method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES
|
51
|
-
method_option('with-color', :type => :boolean
|
50
|
+
method_option('database-path', :type => :string, :aliases => :p)
|
51
|
+
method_option('offline', :type => :boolean)
|
52
|
+
method_option('severity-threshold', :aliases => :s, :type => :string, :enum => YAVDB::Constants::SEVERITIES)
|
53
|
+
method_option('with-color', :type => :boolean)
|
54
|
+
method_option('ignore', :aliases => :i, :type => :array)
|
52
55
|
def check
|
53
|
-
|
56
|
+
defaults = {
|
57
|
+
'verbose' => false,
|
58
|
+
'path' => Dir.pwd,
|
59
|
+
'formatter' => FORMATTERS.first.name.split('::').last.downcase,
|
60
|
+
'database-path' => YAVDB::Constants::DEFAULT_YAVDB_DATABASE_PATH,
|
61
|
+
'offline' => false,
|
62
|
+
'severity-threshold' => 'low',
|
63
|
+
'with-color' => true,
|
64
|
+
'ignore' => []
|
65
|
+
}
|
66
|
+
the_options = defaults.merge(options)
|
54
67
|
|
55
|
-
|
56
|
-
|
68
|
+
api_options = the_options.transform_keys(&:to_sym)
|
69
|
+
api_options[:database_path] = api_options[:'database-path']
|
70
|
+
the_options.freeze
|
71
|
+
api_options.freeze
|
72
|
+
manifests = API.check(api_options)
|
73
|
+
|
74
|
+
formatted_output = if (the_options['formatter'] == 'text') && !the_options['output-path'] && the_options['with-color']
|
75
|
+
DependencySpy::Formatters::Text.format(manifests, the_options['severity-threshold'])
|
57
76
|
else
|
58
77
|
FORMATTERS
|
59
|
-
.find { |f| f.name.split('::').last.downcase ==
|
78
|
+
.find { |f| f.name.split('::').last.downcase == the_options['formatter'] }
|
60
79
|
.format(manifests)
|
61
80
|
end
|
62
81
|
|
63
|
-
if
|
64
|
-
DependencySpy::Outputs::FileSystem.write(
|
82
|
+
if the_options['output-path']
|
83
|
+
DependencySpy::Outputs::FileSystem.write(the_options['output-path'], formatted_output)
|
65
84
|
else
|
66
85
|
DependencySpy::Outputs::StdOut.write(formatted_output)
|
67
86
|
end
|
@@ -70,7 +89,7 @@ module DependencySpy
|
|
70
89
|
manifests.any? do |manifest|
|
71
90
|
manifest[:dependencies]&.any? do |dependency|
|
72
91
|
dependency[:vulnerabilities]&.any? do |vuln|
|
73
|
-
DependencySpy::Helper.severity_above_threshold?(vuln.severity,
|
92
|
+
DependencySpy::Helper.severity_above_threshold?(vuln.severity, the_options['severity-threshold'])
|
74
93
|
end
|
75
94
|
end
|
76
95
|
end
|
@@ -78,11 +97,25 @@ module DependencySpy
|
|
78
97
|
exit(1) if has_vulnerabilities
|
79
98
|
end
|
80
99
|
|
81
|
-
method_option('vuln-db-path', :aliases => :d, :type => :string
|
100
|
+
method_option('vuln-db-path', :aliases => :d, :type => :string)
|
82
101
|
desc('update', 'Download or update database from the official yavdb repository.')
|
83
102
|
|
84
103
|
def update
|
85
|
-
|
104
|
+
defaults = {
|
105
|
+
'verbose' => false,
|
106
|
+
'vuln-db-path' => YAVDB::Constants::DEFAULT_YAVDB_PATH
|
107
|
+
}
|
108
|
+
the_options = defaults.merge(options)
|
109
|
+
the_options.freeze
|
110
|
+
API.update(the_options['vuln-db-path'])
|
111
|
+
end
|
112
|
+
|
113
|
+
private
|
114
|
+
|
115
|
+
def options
|
116
|
+
cli_options = super
|
117
|
+
config_file_options = DependencySpy::ConfigFile.get_config(cli_options[:'config-file-path'])
|
118
|
+
config_file_options.merge(cli_options)
|
86
119
|
end
|
87
120
|
|
88
121
|
end
|
@@ -28,13 +28,15 @@ module DependencySpy
|
|
28
28
|
|
29
29
|
package_header = " Vulnerable: #{package.name}/#{package.type}:#{package.version}"
|
30
30
|
package_body = package.vulnerabilities.map do |vuln|
|
31
|
-
|
32
|
-
|
33
|
-
|
31
|
+
body = ''
|
32
|
+
body += " Title: #{vuln.title}\n"
|
33
|
+
body += " Severity: #{(vuln.severity || 'unknown').capitalize}\n"
|
34
|
+
body += " Source: #{vuln.source_url}\n"
|
35
|
+
body += " Identifier: #{vuln.id}\n\n"
|
34
36
|
if severity_threshold && DependencySpy::Helper.severity_above_threshold?(vuln.severity, severity_threshold)
|
35
|
-
|
37
|
+
body.red
|
36
38
|
else
|
37
|
-
|
39
|
+
body
|
38
40
|
end
|
39
41
|
end
|
40
42
|
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module DependencySpy
|
4
|
+
class ConfigFile
|
5
|
+
|
6
|
+
SAFE_CONFIG_PARAMS = [
|
7
|
+
'path',
|
8
|
+
'files',
|
9
|
+
'formatter',
|
10
|
+
'platform',
|
11
|
+
'output-path',
|
12
|
+
'database-path',
|
13
|
+
'offline',
|
14
|
+
'severity-threshold',
|
15
|
+
'with-color',
|
16
|
+
'ignore',
|
17
|
+
'vuln-db-path'
|
18
|
+
].freeze
|
19
|
+
|
20
|
+
def self.get_config(config_file_path = nil)
|
21
|
+
if !config_file_path.nil? && !File.file?(config_file_path)
|
22
|
+
puts 'Config file specified but not found.'
|
23
|
+
exit(10)
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
begin
|
28
|
+
file_path = config_file_path || '.depspy.yml'
|
29
|
+
config = YAML.load_file(file_path) || {}
|
30
|
+
config.slice(*SAFE_CONFIG_PARAMS)
|
31
|
+
rescue Errno::ENOENT
|
32
|
+
{}
|
33
|
+
rescue Psych::SyntaxError => e
|
34
|
+
puts 'Config File Parsing Error:'
|
35
|
+
puts e.message
|
36
|
+
exit(10)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
end
|
@@ -42,6 +42,7 @@ module DependencySpy
|
|
42
42
|
private
|
43
43
|
|
44
44
|
def parse(version_or_range, loose = false)
|
45
|
+
version_or_range = '>= 0.0.0' if version_or_range == '*'
|
45
46
|
return version_or_range if version_or_range.is_a?(SemanticRange::Range) ||
|
46
47
|
version_or_range.is_a?(SemanticRange::Version)
|
47
48
|
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependency_spy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rodrigo Fernandes
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-09-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: bundler
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '1.16'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '1.16'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: codacy-coverage
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,14 +30,14 @@ dependencies:
|
|
44
30
|
requirements:
|
45
31
|
- - "~>"
|
46
32
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
33
|
+
version: '13.0'
|
48
34
|
type: :development
|
49
35
|
prerelease: false
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
38
|
- - "~>"
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
40
|
+
version: '13.0'
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: rspec
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,6 +94,20 @@ dependencies:
|
|
108
94
|
- - "~>"
|
109
95
|
- !ruby/object:Gem::Version
|
110
96
|
version: '0.59'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rubocop-performance
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.5'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.5'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop-rspec
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,26 +128,26 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: '6.
|
131
|
+
version: '6.6'
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: '6.
|
138
|
+
version: '6.6'
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: colorize
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
|
-
- -
|
143
|
+
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
145
|
version: 0.8.1
|
146
146
|
type: :runtime
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
|
-
- -
|
150
|
+
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: 0.8.1
|
153
153
|
- !ruby/object:Gem::Dependency
|
@@ -156,14 +156,14 @@ dependencies:
|
|
156
156
|
requirements:
|
157
157
|
- - "~>"
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: '2.
|
159
|
+
version: '2.2'
|
160
160
|
type: :runtime
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: '2.
|
166
|
+
version: '2.2'
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: thor
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -184,14 +184,14 @@ dependencies:
|
|
184
184
|
requirements:
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: '0.
|
187
|
+
version: '0.5'
|
188
188
|
type: :runtime
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
192
|
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: '0.
|
194
|
+
version: '0.5'
|
195
195
|
description: "\n Finds known vulnerabilities in your dependencies\n Using rubysec/ruby-advisory-db,
|
196
196
|
snyk.io, ossindex.net, nodesecurity.io\n "
|
197
197
|
email:
|
@@ -203,11 +203,15 @@ extensions: []
|
|
203
203
|
extra_rdoc_files: []
|
204
204
|
files:
|
205
205
|
- ".circleci/config.yml"
|
206
|
+
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
207
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
206
208
|
- ".gitignore"
|
207
209
|
- ".rspec"
|
208
210
|
- ".rubocop.yml"
|
211
|
+
- ".rubocop_todo.yml"
|
209
212
|
- ".ruby-version"
|
210
213
|
- CODE_OF_CONDUCT.md
|
214
|
+
- CONTRIBUTING.md
|
211
215
|
- Gemfile
|
212
216
|
- Gemfile.lock
|
213
217
|
- LICENSE
|
@@ -218,6 +222,7 @@ files:
|
|
218
222
|
- bin/depspy
|
219
223
|
- bin/setup
|
220
224
|
- dependency_spy.gemspec
|
225
|
+
- example.depspy.yml
|
221
226
|
- examples/Gemfile
|
222
227
|
- examples/Gemfile.lock
|
223
228
|
- examples/npm-shrinkwrap.json
|
@@ -229,6 +234,7 @@ files:
|
|
229
234
|
- lib/dependency_spy/formatters/json.rb
|
230
235
|
- lib/dependency_spy/formatters/text.rb
|
231
236
|
- lib/dependency_spy/formatters/yaml.rb
|
237
|
+
- lib/dependency_spy/helper/config_file.rb
|
232
238
|
- lib/dependency_spy/helper/helper.rb
|
233
239
|
- lib/dependency_spy/outputs/file.rb
|
234
240
|
- lib/dependency_spy/outputs/stdout.rb
|
@@ -246,7 +252,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
246
252
|
requirements:
|
247
253
|
- - ">="
|
248
254
|
- !ruby/object:Gem::Version
|
249
|
-
version: 2.
|
255
|
+
version: 2.5.5
|
250
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
251
257
|
requirements:
|
252
258
|
- - ">="
|
@@ -254,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
254
260
|
version: '0'
|
255
261
|
requirements: []
|
256
262
|
rubyforge_project:
|
257
|
-
rubygems_version: 2.
|
263
|
+
rubygems_version: 2.7.6.2
|
258
264
|
signing_key:
|
259
265
|
specification_version: 4
|
260
266
|
summary: Finds known vulnerabilities in your dependencies
|