jefferies_tube 1.6.7 → 1.6.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +6 -3
- data/lib/jefferies_tube/capistrano/deploy.rb +3 -3
- data/lib/jefferies_tube/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b9466c608ebb3036068f91caaacc927e157b03e45dfa83b201f2822683d7d60
|
|
4
|
+
data.tar.gz: cfef6348b6e2e237312dc8cc3328750832dd57f0cd640dbdb8863ef58a70da32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4cbe0c0a98edf3a57ddd60e74425415fad6f1d59e5cbead19fc5306f5bbb7668bd40cc47f9099a499b3ea28fe1a2eba5172a8acb335ba518621ac051f0e17702
|
|
7
|
+
data.tar.gz: 6bea0c1b6494d95568c9188dfc00cabd40afc4b2e2d876df545240333c825d55b0ea75a1c6a299ba67be97abffcaf521ebdc01c55e755a43c01c4d1a8d5d46c1
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,9 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
|
6
6
|
|
|
7
7
|
## Unreleased
|
|
8
8
|
|
|
9
|
+
## 1.6.8
|
|
10
|
+
* Add support for ignoring CVEs in .bundler-audit.yml, remove support for setting ignored CVEs in deploy.rb via `:bundler_audit_ignore`
|
|
11
|
+
|
|
9
12
|
## 1.6.7
|
|
10
13
|
* Add Lint/Syntax to rubocop rules
|
|
11
14
|
|
data/README.md
CHANGED
|
@@ -111,9 +111,12 @@ before 'deploy', 'deploy:create_tag'
|
|
|
111
111
|
|
|
112
112
|
By default jefferies_tube will raise an error and stop if it detects any vulnerabilities is your installed gems. If you need to deploy anyway even with vulnerabilities you can do `I_KNOW_GEMS_ARE_INSECURE=true cap <environment> deploy`.
|
|
113
113
|
|
|
114
|
-
To ignore specific CVE's when running bundler-audit,
|
|
115
|
-
|
|
116
|
-
|
|
114
|
+
To ignore specific CVE's when running bundler-audit, add a .bundler-audit.yml file to your projets root directory, and ignore vulnerabilities like so:
|
|
115
|
+
|
|
116
|
+
```yml
|
|
117
|
+
---
|
|
118
|
+
ignore:
|
|
119
|
+
- CVE-2024-6484
|
|
117
120
|
```
|
|
118
121
|
|
|
119
122
|
### Enable/Disable Maintence Mode
|
|
@@ -30,8 +30,8 @@ namespace :deploy do
|
|
|
30
30
|
Bundler::Audit::Database.update!
|
|
31
31
|
scanner = Bundler::Audit::Scanner.new
|
|
32
32
|
vulnerable = false
|
|
33
|
-
|
|
34
|
-
scanner.scan
|
|
33
|
+
|
|
34
|
+
scanner.scan do |result|
|
|
35
35
|
vulnerable = true
|
|
36
36
|
case result
|
|
37
37
|
when Bundler::Audit::Results::InsecureSource
|
|
@@ -51,4 +51,4 @@ namespace :deploy do
|
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
before 'deploy:migrate', 'deploy:backup_database'
|
|
54
|
-
before 'deploy', 'deploy:scan_gems'
|
|
54
|
+
before 'deploy', 'deploy:scan_gems'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jefferies_tube
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: awesome_print
|
|
@@ -225,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
225
225
|
- !ruby/object:Gem::Version
|
|
226
226
|
version: '0'
|
|
227
227
|
requirements: []
|
|
228
|
-
rubygems_version: 3.
|
|
228
|
+
rubygems_version: 3.5.18
|
|
229
229
|
signing_key:
|
|
230
230
|
specification_version: 4
|
|
231
231
|
summary: Ten Forward Consulting useful tools.
|