mrjoy-bundler-audit 0.3.6 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +0 -1
- data/ChangeLog.md +16 -8
- data/Gemfile +5 -5
- data/README.md +13 -11
- data/Rakefile +1 -15
- data/gemspec.yml +1 -0
- data/lib/bundler/audit.rb +2 -2
- data/lib/bundler/audit/advisory.rb +2 -2
- data/lib/bundler/audit/cli.rb +2 -2
- data/lib/bundler/audit/database.rb +2 -2
- data/lib/bundler/audit/version.rb +3 -3
- data/spec/bundle/insecure_sources/Gemfile.lock +3 -3
- data/spec/bundle/secure/Gemfile +1 -1
- data/spec/bundle/secure/Gemfile.lock +56 -55
- data/spec/bundle/unpatched_gems/Gemfile.lock +4 -4
- data/spec/bundle/wrapper.rb +17 -19
- data/spec/database_spec.rb +0 -1
- data/spec/integration_spec.rb +0 -8
- data/spec/spec_helper.rb +2 -6
- metadata +3 -5
- data/lib/bundler/audit/task.rb +0 -45
- data/spec/rake_task_spec.rb +0 -35
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2ccfade1c520393ef09254417edf8b08e9fd7beb
|
|
4
|
+
data.tar.gz: 34fede136ed517d9f0153aad6732904f80e0b0f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dc69f1e0f613e28e89985af733bec457574b1ba90d057792585387104efb7ac9601404cb8146bb9476a7064fdb2df108747648e3be697f2946f1ea4f6b7bde7f
|
|
7
|
+
data.tar.gz: 0ed4f4a2c116a02f311399dbd8250b3226ce2a0ab0573c86f7f9e7cb8783f7317d7c6a9401e567931d6f1931908fb530cbc2febf1b969d00fefb89d97612895a
|
data/.gitignore
CHANGED
data/ChangeLog.md
CHANGED
|
@@ -1,3 +1,19 @@
|
|
|
1
|
+
### mrjoy-0.3.7 / 2014-06-26
|
|
2
|
+
|
|
3
|
+
* Integrated upstream 0.3.1 changes, excluding changes related to the vendored
|
|
4
|
+
DB, as this fork doesn't use a vendored DB.
|
|
5
|
+
* Slightly more thorough purge of Ruby 1.8 support.
|
|
6
|
+
|
|
7
|
+
### 0.3.1 / 2014-04-20
|
|
8
|
+
|
|
9
|
+
* Added thor ~> 0.18 as a dependency.
|
|
10
|
+
* No longer rely on the vendored version of thor within bundler.
|
|
11
|
+
* Store the timestamp of when `data/ruby-advisory-db` was last updated in
|
|
12
|
+
`data/ruby-advisory-db.ts`.
|
|
13
|
+
* Use `data/ruby-advisory-db.ts` instead of the creation time of the
|
|
14
|
+
`dataruby-advisory-db` directory, which is always the install time
|
|
15
|
+
of the rubygem.
|
|
16
|
+
|
|
1
17
|
### mrjoy-0.3.6 / 2014-04-16
|
|
2
18
|
|
|
3
19
|
* Improve user experience when insecure sources -- but no insecure gem
|
|
@@ -44,14 +60,6 @@
|
|
|
44
60
|
* Make regression test more resilient and more bulletproof.
|
|
45
61
|
* Integrate grosser's mechanism for [DRYing up tests a bit](https://github.com/grosser/bundler-audit/commit/8568f936fe86eb92c95d63ef3c0a33bffd3aeee9).
|
|
46
62
|
|
|
47
|
-
### 0.3.1 / 2013-12-03
|
|
48
|
-
|
|
49
|
-
* Store the timestamp of when `data/ruby-advisory-db` was last updated in
|
|
50
|
-
`data/ruby-advisory-db.ts`.
|
|
51
|
-
* Use `data/ruby-advisory-db.ts` instead of the creation time of the
|
|
52
|
-
`dataruby-advisory-db` directory, which is always the install time
|
|
53
|
-
of the rubygem.
|
|
54
|
-
|
|
55
63
|
### 0.3.0 / 2013-10-31
|
|
56
64
|
|
|
57
65
|
* Added {Bundler::Audit::Database.update!} which uses `git` to download
|
data/Gemfile
CHANGED
|
@@ -5,11 +5,11 @@ source 'https://rubygems.org/'
|
|
|
5
5
|
gemspec
|
|
6
6
|
|
|
7
7
|
group :development do
|
|
8
|
-
gem 'rake', '~> 10.0'
|
|
8
|
+
gem 'rake', '~> 10.0'
|
|
9
9
|
gem 'kramdown', '~> 0.14'
|
|
10
10
|
|
|
11
|
-
gem 'rubygems-tasks', '~> 0.2'
|
|
12
|
-
gem 'rspec', '~> 2.4'
|
|
13
|
-
gem 'yard', '~> 0.8'
|
|
14
|
-
gem 'simplecov', '~> 0.7', :require => false
|
|
11
|
+
gem 'rubygems-tasks', '~> 0.2'
|
|
12
|
+
gem 'rspec', '~> 2.4'
|
|
13
|
+
gem 'yard', '~> 0.8'
|
|
14
|
+
gem 'simplecov', '~> 0.7', :require => false
|
|
15
15
|
end
|
data/README.md
CHANGED
|
@@ -24,17 +24,17 @@ Patch-level verification for [Bundler][bundler].
|
|
|
24
24
|
This fork is kept up to date with both `master` and relevant branches from
|
|
25
25
|
upstream frequently. In addition:
|
|
26
26
|
|
|
27
|
-
* **IMPORTANT**:
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
[Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
|
|
27
|
+
* **IMPORTANT**: The upstream repository's master branch and current gem
|
|
28
|
+
release (v0.3.1) use a vendored copy of the vulnerability database by
|
|
29
|
+
default. As of v0.3.2, this branch incorporate's the upstream
|
|
30
|
+
`gut_vendored_db` branch, which fixes the problems caused by using a vendored
|
|
31
|
+
DB. [Read here for more info.](https://github.com/rubysec/bundler-audit/issues/48)
|
|
32
32
|
* Simpler, more robust testing infrastructure for greater assurance of code
|
|
33
33
|
quality, and easier contribution.
|
|
34
|
-
*
|
|
35
|
-
|
|
36
|
-
* Emphasis on improving the upstream version's excellent
|
|
37
|
-
|
|
34
|
+
* Emphasis on simplifying code based on CodeClimate results, to ensure code
|
|
35
|
+
is as easy as possible to reason about.
|
|
36
|
+
* Emphasis on improving the upstream version's excellent C0 code coverage to as
|
|
37
|
+
close to 100% as possible.
|
|
38
38
|
|
|
39
39
|
## Synopsis
|
|
40
40
|
|
|
@@ -127,6 +127,7 @@ Update the [ruby-advisory-db] that `bundle-audit` uses:
|
|
|
127
127
|
|
|
128
128
|
## Requirements
|
|
129
129
|
|
|
130
|
+
* [Ruby] >= 1.9
|
|
130
131
|
* [RubyGems] >= 1.8
|
|
131
132
|
* [thor] ~> 0.18
|
|
132
133
|
* [bundler] ~> 1.2
|
|
@@ -150,8 +151,8 @@ gem 'bundler-audit', :require => nil
|
|
|
150
151
|
|
|
151
152
|
## License
|
|
152
153
|
|
|
153
|
-
Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
154
|
-
Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
154
|
+
Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
155
|
+
Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
155
156
|
respective authors.
|
|
156
157
|
|
|
157
158
|
mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
|
@@ -167,6 +168,7 @@ GNU General Public License for more details.
|
|
|
167
168
|
You should have received a copy of the GNU General Public License
|
|
168
169
|
along with mrjoy-bundler-audit. If not, see <http://www.gnu.org/licenses/>.
|
|
169
170
|
|
|
171
|
+
[Ruby]: https://ruby-lang.org
|
|
170
172
|
[RubyGems]: https://rubygems.org
|
|
171
173
|
[thor]: http://whatisthor.com/
|
|
172
174
|
[bundler]: https://github.com/carlhuda/bundler#readme
|
data/Rakefile
CHANGED
|
@@ -42,16 +42,7 @@ namespace :spec do
|
|
|
42
42
|
task :bundle do
|
|
43
43
|
root = 'spec/bundle'
|
|
44
44
|
|
|
45
|
-
|
|
46
|
-
version = RUBY_VERSION.split(/\./).map(&:to_i)
|
|
47
|
-
if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
|
|
48
|
-
chdir(File.join(root,"secure")) do
|
|
49
|
-
FileUtils.rm("Gemfile.lock") if(File.exist?("Gemfile.lock"))
|
|
50
|
-
sh 'BUNDLE_BIN_PATH="" BUNDLE_GEMFILE="" RUBYOPT="" bundle install --path ../../../vendor/bundle'
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
%w[unpatched_gems insecure_sources].each do |bundle|
|
|
45
|
+
%w[secure unpatched_gems insecure_sources].each do |bundle|
|
|
55
46
|
chdir(File.join(root,bundle)) do
|
|
56
47
|
FileUtils.rm("Gemfile.lock") if(File.exist?("Gemfile.lock"))
|
|
57
48
|
sh 'BUNDLE_BIN_PATH="" BUNDLE_GEMFILE="" RUBYOPT="" bundle install --path ../../../vendor/bundle'
|
|
@@ -67,8 +58,3 @@ task :default => :spec
|
|
|
67
58
|
require 'yard'
|
|
68
59
|
YARD::Rake::YardocTask.new
|
|
69
60
|
task :doc => :yard
|
|
70
|
-
|
|
71
|
-
require './lib/bundler/audit/task'
|
|
72
|
-
Bundler::Audit::Task.new do |r|
|
|
73
|
-
r.verbose = true
|
|
74
|
-
end
|
data/gemspec.yml
CHANGED
data/lib/bundler/audit.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
-
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
2
|
+
# Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
+
# Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
4
4
|
# respective authors.
|
|
5
5
|
#
|
|
6
6
|
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
-
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
2
|
+
# Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
+
# Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
4
4
|
# respective authors.
|
|
5
5
|
#
|
|
6
6
|
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
data/lib/bundler/audit/cli.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
-
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
2
|
+
# Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
+
# Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
4
4
|
# respective authors.
|
|
5
5
|
#
|
|
6
6
|
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
-
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
2
|
+
# Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
+
# Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
4
4
|
# respective authors.
|
|
5
5
|
#
|
|
6
6
|
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
-
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
2
|
+
# Copyright (c) 2013-2014 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
3
|
+
# Modifications Copyright (c) 2013-2014 Jon Frisby (jfrisby@mrjoy.com), or their
|
|
4
4
|
# respective authors.
|
|
5
5
|
#
|
|
6
6
|
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
|
|
@@ -20,6 +20,6 @@
|
|
|
20
20
|
module Bundler
|
|
21
21
|
module Audit
|
|
22
22
|
# bundler-audit version
|
|
23
|
-
VERSION = '0.3.
|
|
23
|
+
VERSION = '0.3.7'
|
|
24
24
|
end
|
|
25
25
|
end
|
|
@@ -49,8 +49,8 @@ GEM
|
|
|
49
49
|
mime-types (~> 1.16)
|
|
50
50
|
treetop (~> 1.4.8)
|
|
51
51
|
mime-types (1.25.1)
|
|
52
|
-
multi_json (1.
|
|
53
|
-
polyglot (0.3.
|
|
52
|
+
multi_json (1.10.1)
|
|
53
|
+
polyglot (0.3.5)
|
|
54
54
|
rack (1.4.5)
|
|
55
55
|
rack-cache (1.2)
|
|
56
56
|
rack (>= 0.4)
|
|
@@ -73,7 +73,7 @@ GEM
|
|
|
73
73
|
rake (>= 0.8.7)
|
|
74
74
|
rdoc (~> 3.4)
|
|
75
75
|
thor (>= 0.14.6, < 2.0)
|
|
76
|
-
rake (10.3.
|
|
76
|
+
rake (10.3.2)
|
|
77
77
|
rdoc (3.12.2)
|
|
78
78
|
json (~> 1.4)
|
|
79
79
|
sprockets (2.2.2)
|
data/spec/bundle/secure/Gemfile
CHANGED
|
@@ -1,38 +1,40 @@
|
|
|
1
1
|
GEM
|
|
2
2
|
remote: https://rubygems.org/
|
|
3
3
|
specs:
|
|
4
|
-
actionmailer (
|
|
5
|
-
actionpack (=
|
|
6
|
-
actionview (= 4.1.0)
|
|
4
|
+
actionmailer (3.2.18)
|
|
5
|
+
actionpack (= 3.2.18)
|
|
7
6
|
mail (~> 2.5.4)
|
|
8
|
-
actionpack (
|
|
9
|
-
|
|
10
|
-
activesupport (=
|
|
11
|
-
|
|
12
|
-
rack-test (~> 0.6.2)
|
|
13
|
-
actionview (4.1.0)
|
|
14
|
-
activesupport (= 4.1.0)
|
|
15
|
-
builder (~> 3.1)
|
|
7
|
+
actionpack (3.2.18)
|
|
8
|
+
activemodel (= 3.2.18)
|
|
9
|
+
activesupport (= 3.2.18)
|
|
10
|
+
builder (~> 3.0.0)
|
|
16
11
|
erubis (~> 2.7.0)
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
tzinfo (~>
|
|
30
|
-
|
|
31
|
-
|
|
12
|
+
journey (~> 1.0.4)
|
|
13
|
+
rack (~> 1.4.5)
|
|
14
|
+
rack-cache (~> 1.2)
|
|
15
|
+
rack-test (~> 0.6.1)
|
|
16
|
+
sprockets (~> 2.2.1)
|
|
17
|
+
activemodel (3.2.18)
|
|
18
|
+
activesupport (= 3.2.18)
|
|
19
|
+
builder (~> 3.0.0)
|
|
20
|
+
activerecord (3.2.18)
|
|
21
|
+
activemodel (= 3.2.18)
|
|
22
|
+
activesupport (= 3.2.18)
|
|
23
|
+
arel (~> 3.0.2)
|
|
24
|
+
tzinfo (~> 0.3.29)
|
|
25
|
+
activeresource (3.2.18)
|
|
26
|
+
activemodel (= 3.2.18)
|
|
27
|
+
activesupport (= 3.2.18)
|
|
28
|
+
activesupport (3.2.18)
|
|
29
|
+
i18n (~> 0.6, >= 0.6.4)
|
|
30
|
+
multi_json (~> 1.0)
|
|
31
|
+
arel (3.0.3)
|
|
32
|
+
builder (3.0.4)
|
|
32
33
|
erubis (2.7.0)
|
|
33
34
|
hike (1.2.3)
|
|
34
35
|
i18n (0.6.9)
|
|
35
|
-
|
|
36
|
+
journey (1.0.4)
|
|
37
|
+
jquery-rails (3.1.1)
|
|
36
38
|
railties (>= 3.0, < 5.0)
|
|
37
39
|
thor (>= 0.14, < 2.0)
|
|
38
40
|
json (1.8.1)
|
|
@@ -40,51 +42,50 @@ GEM
|
|
|
40
42
|
mime-types (~> 1.16)
|
|
41
43
|
treetop (~> 1.4.8)
|
|
42
44
|
mime-types (1.25.1)
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
rack (1.
|
|
45
|
+
multi_json (1.10.1)
|
|
46
|
+
polyglot (0.3.5)
|
|
47
|
+
rack (1.4.5)
|
|
48
|
+
rack-cache (1.2)
|
|
49
|
+
rack (>= 0.4)
|
|
50
|
+
rack-ssl (1.3.4)
|
|
51
|
+
rack
|
|
47
52
|
rack-test (0.6.2)
|
|
48
53
|
rack (>= 1.0)
|
|
49
|
-
rails (
|
|
50
|
-
actionmailer (=
|
|
51
|
-
actionpack (=
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
activesupport (= 4.1.0)
|
|
54
|
+
rails (3.2.18)
|
|
55
|
+
actionmailer (= 3.2.18)
|
|
56
|
+
actionpack (= 3.2.18)
|
|
57
|
+
activerecord (= 3.2.18)
|
|
58
|
+
activeresource (= 3.2.18)
|
|
59
|
+
activesupport (= 3.2.18)
|
|
60
|
+
bundler (~> 1.0)
|
|
61
|
+
railties (= 3.2.18)
|
|
62
|
+
railties (3.2.18)
|
|
63
|
+
actionpack (= 3.2.18)
|
|
64
|
+
activesupport (= 3.2.18)
|
|
65
|
+
rack-ssl (~> 1.3.2)
|
|
62
66
|
rake (>= 0.8.7)
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
67
|
+
rdoc (~> 3.4)
|
|
68
|
+
thor (>= 0.14.6, < 2.0)
|
|
69
|
+
rake (10.3.2)
|
|
70
|
+
rdoc (3.12.2)
|
|
71
|
+
json (~> 1.4)
|
|
72
|
+
sprockets (2.2.2)
|
|
66
73
|
hike (~> 1.2)
|
|
67
74
|
multi_json (~> 1.0)
|
|
68
75
|
rack (~> 1.0)
|
|
69
76
|
tilt (~> 1.1, != 1.3.0)
|
|
70
|
-
sprockets-rails (2.1.3)
|
|
71
|
-
actionpack (>= 3.0)
|
|
72
|
-
activesupport (>= 3.0)
|
|
73
|
-
sprockets (~> 2.8)
|
|
74
77
|
sqlite3 (1.3.9)
|
|
75
78
|
thor (0.19.1)
|
|
76
|
-
thread_safe (0.3.3)
|
|
77
79
|
tilt (1.4.1)
|
|
78
80
|
treetop (1.4.15)
|
|
79
81
|
polyglot
|
|
80
82
|
polyglot (>= 0.3.1)
|
|
81
|
-
tzinfo (
|
|
82
|
-
thread_safe (~> 0.1)
|
|
83
|
+
tzinfo (0.3.39)
|
|
83
84
|
|
|
84
85
|
PLATFORMS
|
|
85
86
|
ruby
|
|
86
87
|
|
|
87
88
|
DEPENDENCIES
|
|
88
89
|
jquery-rails
|
|
89
|
-
rails (~>
|
|
90
|
+
rails (~> 3.2.17)
|
|
90
91
|
sqlite3
|
|
@@ -34,7 +34,7 @@ GEM
|
|
|
34
34
|
hike (1.2.3)
|
|
35
35
|
i18n (0.6.9)
|
|
36
36
|
journey (1.0.4)
|
|
37
|
-
jquery-rails (3.1.
|
|
37
|
+
jquery-rails (3.1.1)
|
|
38
38
|
railties (>= 3.0, < 5.0)
|
|
39
39
|
thor (>= 0.14, < 2.0)
|
|
40
40
|
json (1.8.1)
|
|
@@ -43,8 +43,8 @@ GEM
|
|
|
43
43
|
mime-types (~> 1.16)
|
|
44
44
|
treetop (~> 1.4.8)
|
|
45
45
|
mime-types (1.25.1)
|
|
46
|
-
multi_json (1.
|
|
47
|
-
polyglot (0.3.
|
|
46
|
+
multi_json (1.10.1)
|
|
47
|
+
polyglot (0.3.5)
|
|
48
48
|
rack (1.4.5)
|
|
49
49
|
rack-cache (1.2)
|
|
50
50
|
rack (>= 0.4)
|
|
@@ -67,7 +67,7 @@ GEM
|
|
|
67
67
|
rake (>= 0.8.7)
|
|
68
68
|
rdoc (~> 3.4)
|
|
69
69
|
thor (>= 0.14.6, < 2.0)
|
|
70
|
-
rake (10.3.
|
|
70
|
+
rake (10.3.2)
|
|
71
71
|
rdoc (3.12.2)
|
|
72
72
|
json (~> 1.4)
|
|
73
73
|
sprockets (2.2.2)
|
data/spec/bundle/wrapper.rb
CHANGED
|
@@ -2,27 +2,25 @@
|
|
|
2
2
|
|
|
3
3
|
require 'rubygems'
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
add_filter do |src|
|
|
21
|
-
!(src.filename =~ /^#{SimpleCov.root}/)
|
|
22
|
-
end
|
|
23
|
-
command_name "RSpec/#{ENV["SIMPLECOV_COMMAND_NAME"]}"
|
|
5
|
+
require 'simplecov'
|
|
6
|
+
# require 'json'
|
|
7
|
+
|
|
8
|
+
# Be silent so we don't muck up test runs that look at output.
|
|
9
|
+
class NullFormatter; def format(result); ""; end; end
|
|
10
|
+
SimpleCov.formatter = NullFormatter
|
|
11
|
+
|
|
12
|
+
# Use the project-level root despite executing in a sub-dir of it.
|
|
13
|
+
SimpleCov.root(File.expand_path('../../..', __FILE__))
|
|
14
|
+
|
|
15
|
+
SimpleCov.start do
|
|
16
|
+
# Being in a sub-dir may cause us some filtering issues...
|
|
17
|
+
filters.clear
|
|
18
|
+
add_filter do |src|
|
|
19
|
+
!(src.filename =~ /^#{SimpleCov.root}/)
|
|
24
20
|
end
|
|
21
|
+
command_name "RSpec/#{ENV["SIMPLECOV_COMMAND_NAME"]}"
|
|
25
22
|
end
|
|
23
|
+
|
|
26
24
|
root_dir = File.expand_path('../../..', __FILE__)
|
|
27
25
|
$LOAD_PATH << root_dir unless $LOAD_PATH.include?(root_dir)
|
|
28
26
|
lib_dir = File.join(root_dir, 'lib')
|
data/spec/database_spec.rb
CHANGED
data/spec/integration_spec.rb
CHANGED
|
@@ -120,9 +120,6 @@ Insecure Source URI found: http://rubygems.org/
|
|
|
120
120
|
let(:bundle) { 'secure' }
|
|
121
121
|
let(:directory) { File.join('spec','bundle',bundle) }
|
|
122
122
|
|
|
123
|
-
# Skip this test on any Ruby below 1.9.3.
|
|
124
|
-
version = RUBY_VERSION.split(/\./).map(&:to_i)
|
|
125
|
-
if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
|
|
126
123
|
subject do
|
|
127
124
|
Dir.chdir(directory) { sh(command) }
|
|
128
125
|
end
|
|
@@ -134,10 +131,5 @@ if((version[0] == 1 && version[1] >= 9 && version[2] >= 3) || (version[0] >= 2))
|
|
|
134
131
|
subject.should =~ /^No unpatched versions found$/
|
|
135
132
|
subject.should =~ /^No insecure sources found$/
|
|
136
133
|
end
|
|
137
|
-
else
|
|
138
|
-
it "should notify us properly when everything is fine" do
|
|
139
|
-
pending "Requires ActiveSupport 4.x, which requires Ruby >= 1.9.3."
|
|
140
|
-
end
|
|
141
|
-
end
|
|
142
134
|
end
|
|
143
135
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -2,12 +2,8 @@ require 'rubygems'
|
|
|
2
2
|
require 'bundler'
|
|
3
3
|
Bundler.require(:default, :development, :test)
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
require 'simplecov'
|
|
8
|
-
require 'json'
|
|
9
|
-
SimpleCov.start
|
|
10
|
-
end
|
|
5
|
+
require 'simplecov'
|
|
6
|
+
SimpleCov.start
|
|
11
7
|
|
|
12
8
|
require 'rspec'
|
|
13
9
|
require 'tmpdir'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mrjoy-bundler-audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Postmodern
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2014-
|
|
12
|
+
date: 2014-06-26 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: thor
|
|
@@ -71,7 +71,6 @@ files:
|
|
|
71
71
|
- lib/bundler/audit/cli.rb
|
|
72
72
|
- lib/bundler/audit/database.rb
|
|
73
73
|
- lib/bundler/audit/scanner.rb
|
|
74
|
-
- lib/bundler/audit/task.rb
|
|
75
74
|
- lib/bundler/audit/version.rb
|
|
76
75
|
- mrjoy-bundler-audit.gemspec
|
|
77
76
|
- spec/advisory_spec.rb
|
|
@@ -87,7 +86,6 @@ files:
|
|
|
87
86
|
- spec/fixtures/OSVDB-84243.yml
|
|
88
87
|
- spec/fixtures/not_a_hash.yml
|
|
89
88
|
- spec/integration_spec.rb
|
|
90
|
-
- spec/rake_task_spec.rb
|
|
91
89
|
- spec/scanner_spec.rb
|
|
92
90
|
- spec/spec_helper.rb
|
|
93
91
|
homepage: https://github.com/MrJoy/mrjoy-bundler-audit#readme
|
|
@@ -102,7 +100,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
102
100
|
requirements:
|
|
103
101
|
- - ">="
|
|
104
102
|
- !ruby/object:Gem::Version
|
|
105
|
-
version:
|
|
103
|
+
version: 1.9.0
|
|
106
104
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
107
105
|
requirements:
|
|
108
106
|
- - ">="
|
data/lib/bundler/audit/task.rb
DELETED
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
require 'rake'
|
|
2
|
-
require 'rake/tasklib'
|
|
3
|
-
require 'bundler/audit/scanner'
|
|
4
|
-
require 'bundler/audit/cli'
|
|
5
|
-
|
|
6
|
-
module Bundler
|
|
7
|
-
module Audit
|
|
8
|
-
class Task < ::Rake::TaskLib
|
|
9
|
-
attr_accessor :name
|
|
10
|
-
attr_accessor :options
|
|
11
|
-
attr_accessor :block
|
|
12
|
-
attr_accessor :verbose
|
|
13
|
-
attr_accessor :ignore
|
|
14
|
-
|
|
15
|
-
def initialize(*args, &block)
|
|
16
|
-
@options = args || []
|
|
17
|
-
@block = block if block
|
|
18
|
-
@verbose = false
|
|
19
|
-
|
|
20
|
-
define
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
protected
|
|
24
|
-
def define
|
|
25
|
-
desc "Run Bundler-audit" unless ::Rake.application.last_comment
|
|
26
|
-
@name = options.shift || :audit
|
|
27
|
-
|
|
28
|
-
task @name, *options do |_, task_args|
|
|
29
|
-
RakeFileUtils.send(:verbose, @verbose) do
|
|
30
|
-
block.call(self) if block
|
|
31
|
-
run
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def run
|
|
37
|
-
t = ['check']
|
|
38
|
-
t << '-v' if verbose
|
|
39
|
-
t << '-i' << ignore if ignore
|
|
40
|
-
Bundler::Audit::CLI.start t
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
data/spec/rake_task_spec.rb
DELETED
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'bundler/audit/task'
|
|
2
|
-
|
|
3
|
-
describe Bundler::Audit::Task do
|
|
4
|
-
let(:task) { Bundler::Audit::Task.new }
|
|
5
|
-
|
|
6
|
-
context "default options" do
|
|
7
|
-
it "runs bundle-audit check" do
|
|
8
|
-
task = Bundler::Audit::Task.new(:audit_task)
|
|
9
|
-
expect(Bundler::Audit::CLI).to receive(:start)
|
|
10
|
-
task.send(:run)
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it "creates task name" do
|
|
14
|
-
task = Bundler::Audit::Task.new(:audit_task)
|
|
15
|
-
expect(task.name).to eq(:audit_task)
|
|
16
|
-
expect(task).to receive(:run) { true }
|
|
17
|
-
Rake.application.invoke_task("audit_task")
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "can fail" do
|
|
21
|
-
task = Bundler::Audit::Task.new(:failed_audit)
|
|
22
|
-
Rake.application.invoke_task("failed_audit")
|
|
23
|
-
end
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
context "verbose" do
|
|
27
|
-
it "correctly adds verbose to the command" do
|
|
28
|
-
task = Bundler::Audit::Task.new(:audit_test_1) do |r|
|
|
29
|
-
r.verbose = true
|
|
30
|
-
end
|
|
31
|
-
expect(Bundler::Audit::CLI).to receive(:start).with ['check', '-v']
|
|
32
|
-
Rake.application.invoke_task("audit_test_1")
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
end
|