jefferies_tube 1.1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -1
  3. data/README.md +9 -0
  4. data/lib/jefferies_tube/capistrano/deploy.rb +2 -1
  5. data/lib/jefferies_tube/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 06d45e26cc3c3f6db3337acf9d656e02dd4afdad972aea8f1e298482805a1520
4
- data.tar.gz: e8e8a23b284b5a03e65bc9c3a3d7df73fdee46573972353c1c34616b7d56dbd6
3
+ metadata.gz: fda803efe78403794dec76b4f9dfce17a1a5ba31f0241b74e953f816429e6882
4
+ data.tar.gz: f7a9867ac76ba5b12d4f8eeaa94e99eec2ea8394b8df6ef02620213923d178b6
5
5
  SHA512:
6
- metadata.gz: b485c95ad3b92bf78a32c54e1b70b3a38b09dec3d4314ba5e6b3f45e2f691dbad4df4e864ba4a880fefbe0d4229c70a5480f13fbd39727e4544353d340802932
7
- data.tar.gz: b1e7081ebbf93d900d471e9ffdc2bce83f91eb8a941430e0939586dded1095a0e128149231d51da169fa2157e9522d6fea7ce0b5d4bec0d5f14ad8f86ef093bc
6
+ metadata.gz: 9efcf56c25bfd2cd54e81dc149e1099ca040d5187baefe79f4ca76df7ad8481b48f590ae8117adbcaaca9a00ab4a5985a405255573ca65aceb654c0567907de1
7
+ data.tar.gz: 9bd77d4484ccfe9686af94dbe3338b17f4996df3016c5c1c6cc1bc901fbf6f255e4346cd943a9a4b71630c18ccaf569bd95f748e49bf5ef8b1b25372a4bd5506
data/CHANGELOG.md CHANGED
@@ -4,7 +4,12 @@ This is a [changelog](https://keepachangelog.com/en/0.3.0/).
4
4
 
5
5
  This project attempts to follow [semantic versioning](https://semver.org/)
6
6
 
7
- ## Unreleased
7
+ ## 1.2
8
+
9
+ * enhancements
10
+ * Allow passing through bundler-audit ignore with `set :bundler_audit_ignore, ["CVE-1234-5678"]`
11
+
12
+ ## 1.1.1
8
13
 
9
14
  * enhancements
10
15
  * Add colorful IRB prompts based on Rails environment
data/README.md CHANGED
@@ -99,6 +99,15 @@ To automatically tag the code that is about to be released (lazy programmer solu
99
99
  before 'deploy', 'deploy:create_tag'
100
100
  ```
101
101
 
102
+ #### Bundler Audit
103
+
104
+ By default jefferies_tube will raise an error and stop if it detects any vulnerabilities is your installed gems. If you need to deploy anyway even with vulnerabilities you can do `I_KNOW_GEMS_ARE_INSECURE=true cap <environment> deploy`.
105
+
106
+ To ignore specific CVE's when running bundler-audit, inside `config/deploy.rb`:
107
+ ```ruby
108
+ set :bundler_audit_ignore, ["CVE-1234-5678"]
109
+ ```
110
+
102
111
  ### Enable/Disable Maintence Mode
103
112
 
104
113
  ```
data/lib/jefferies_tube/capistrano/deploy.rb CHANGED
@@ -30,7 +30,8 @@ namespace :deploy do
30
30
  Bundler::Audit::Database.update!
31
31
  scanner = Bundler::Audit::Scanner.new
32
32
  vulnerable = false
33
- scanner.scan do |result|
33
+ ignore = fetch(:bundler_audit_ignore, [])
34
+ scanner.scan(ignore: ignore) do |result|
34
35
  vulnerable = true
35
36
  case result
36
37
  when Bundler::Audit::Scanner::InsecureSource
data/lib/jefferies_tube/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  require 'open-uri'
2
2
 
3
3
  module JefferiesTube
4
- VERSION = "1.1.1"
4
+ VERSION = "1.2"
5
5
 
6
6
  def self.latest_rubygems_version
7
7
  JSON.parse(URI.parse("https://rubygems.org/api/v1/versions/jefferies_tube/latest.json").read)["version"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jefferies_tube
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: '1.2'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-28 00:00:00.000000000 Z
11
+ date: 2019-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: awesome_print