nvd_feed_api 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d03fa81fd296a62aba7a9356b3c41135851febb254af4db13758c5b76475739f
-  data.tar.gz: c0d716121dccaeaee6944ccd3e0d85cf59854084ae68d0f7347fb678dc4760bf
+  metadata.gz: 77fb8e2cb880ccd6376de4a63dc9ca016a3553cb8b52ad28463a6db7c8f28203
+  data.tar.gz: a6efdc897b58302b4fc8bf3f49a1cb31f3e00dcaa7deafcac9c1dc5e0642dfd9
 SHA512:
-  metadata.gz: b5bef50a5709e8bd53a138110e80f6a5ee34d02f5849e1a3d9add0c9573e963926adbdf6eeb610b75d04d25d285b4450b8e99aa724582d382ed072ef46c89a8a
-  data.tar.gz: 7be0a9191d6efb0e7a80e7a868d8d019186268008473e3e731fe9e4e3e1d21b85b7cc6189c912d5315495dbb12dbaaa688ca077823ba844a01d91b11696ae954
+  metadata.gz: 8d2795f2b8b16563df4b8af0980fecdf167de7c875b4bc1c944931a65cebf02ee0ff689b299307bb3ec51c985c29cc2e830e5e01286095ccbb11167662f978ce
+  data.tar.gz: 3c9d6acb0c8a2736fd416dc4b6b6431f90a7f7ce30d1c748e85892f2c27e6c88e85082cbf2e0f6be39c90bab81d7179bd3010ff9930dbff8341edac3952b07e3

data/.gitlab-ci.yml

@@ -15,7 +15,8 @@ before_script:
   # install make, gcc for building gem native extension (commonmarker)
   # libc-dev for musl-dev dependency (stdlib.h) needed by gcc
   - apk --no-cache add coreutils git make gcc libc-dev
-  - bundle install -j $(nproc) --path vendor # Install dependencies into ./vendor/ruby
+  - bundle config set path 'vendor' # Set dependencies install dir to ./vendor/ruby
+  - bundle install -j $(nproc) # Install dependencies into ./vendor/ruby
   - bundle exec rake install # install the gem
 
 # Anchors: https://docs.gitlab.com/ee/ci/yaml/README.html#anchors
@@ -25,17 +26,13 @@ before_script:
   - bundle exec rubocop
   - bundle exec rake test
 
-#test:2.4:
-#  <<: *job_definition
-#  image: ruby:2.4-alpine
-
-test:3.1:
+test:3.4:
   <<: *job_definition
-  image: ruby:3.1-alpine
+  image: ruby:3.4-alpine
 
 pages:
   stage: deploy
-  image: ruby:3.1-alpine
+  image: ruby:3.4-alpine
   script:
     - bundle exec yard doc
     - mkdir public

data/.rubocop.yml

@@ -1,6 +1,10 @@
 AllCops:
-  TargetRubyVersion: 2.7
+  TargetRubyVersion: 3.1
   NewCops: enable
+  SuggestExtensions: false
+
+plugins:
+  - rubocop-minitest
 
 Layout/HashAlignment:
   EnforcedHashRocketStyle: table
@@ -33,6 +37,9 @@ Metrics/MethodLength:
 Metrics/PerceivedComplexity:
   Enabled: false
 
+Minitest/MultipleAssertions:
+  Enabled: false
+
 Naming/VariableName:
   EnforcedStyle: snake_case
 
@@ -42,9 +49,6 @@ Security/JSONLoad:
 Style/CaseLikeIf:
   Enabled: true
 
-Style/FrozenStringLiteralComment:
-  EnforcedStyle: never
-
 Style/PerlBackrefs:
   AutoCorrect: false
 

data/.tool-versions

@@ -1 +1 @@
-ruby 3.1.0
+ruby 3.4.1

data/Gemfile

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
 
 group :runtime, :cli do
-  gem 'archive-zip', '~> 0.11'
+  gem 'archive-zip', '0.13.0.pre1'
   gem 'nokogiri', '~> 1.11'
   gem 'oj', '>= 3.7.8', '<4'
 end
@@ -13,15 +15,19 @@ group :development, :install do
 end
 
 group :development, :test do
-  gem 'minitest', '~> 5.12'
-  gem 'rake', '~> 13.0'
+  gem 'minitest', '~> 5.25'
+  gem 'rake', '~> 13.2'
 end
 
 group :development, :lint do
-  gem 'rubocop', '~> 1.23'
+  gem 'rubocop', '~> 1.71'
+  gem 'rubocop-minitest', '~> 0.36'
 end
 
 group :development, :docs do
-  gem 'commonmarker', '~> 0.21' # for markdown support in YARD
-  gem 'yard', ['>= 0.9.27', '< 0.10']
+  gem 'commonmarker', '~> 2.0' # for markdown support in YARD
+  gem 'logger', '< 2.0'
+  # gem 'yard', ['>= 0.9.27', '< 0.10']
+  # https://github.com/lsegal/yard/issues/1528
+  gem 'yard', github: 'ParadoxV5/yard', ref: '9e869c940859570b07b81c5eadd6070e76f6291e', branch: 'commonmarker-1.0'
 end

data/Gemfile.lock

@@ -1,7 +1,15 @@
+GIT
+  remote: https://github.com/ParadoxV5/yard.git
+  revision: 9e869c940859570b07b81c5eadd6070e76f6291e
+  ref: 9e869c940859570b07b81c5eadd6070e76f6291e
+  branch: commonmarker-1.0
+  specs:
+    yard (0.9.36)
+
 PATH
   remote: .
   specs:
-    nvd_feed_api (0.4.0)
+    nvd_feed_api (0.6.0)
       archive-zip (~> 0.11)
       nokogiri (~> 1.11)
       oj (>= 3.7.8, < 4)
@@ -9,56 +17,102 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    archive-zip (0.12.0)
-      io-like (~> 0.3.0)
-    ast (2.4.2)
-    commonmarker (0.23.2)
-    io-like (0.3.1)
-    mini_portile2 (2.7.1)
-    minitest (5.15.0)
-    nokogiri (1.13.1)
-      mini_portile2 (~> 2.7.0)
+    archive-zip (0.13.0.pre1)
+      io-like (~> 0.4.0.pre1)
+    ast (2.4.3)
+    bigdecimal (3.1.9)
+    commonmarker (2.3.0)
+      rb_sys (~> 0.9)
+    commonmarker (2.3.0-aarch64-linux)
+    commonmarker (2.3.0-aarch64-linux-musl)
+    commonmarker (2.3.0-arm64-darwin)
+    commonmarker (2.3.0-x86_64-darwin)
+    commonmarker (2.3.0-x86_64-linux)
+    commonmarker (2.3.0-x86_64-linux-musl)
+    io-like (0.4.0.pre1)
+    json (2.12.0)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    logger (1.7.0)
+    minitest (5.25.5)
+    nokogiri (1.18.8-aarch64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-aarch64-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-linux-musl)
       racc (~> 1.4)
-    oj (3.13.10)
-    parallel (1.21.0)
-    parser (3.0.3.2)
+    oj (3.16.10)
+      bigdecimal (>= 3.0)
+      ostruct (>= 0.2)
+    ostruct (0.6.1)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
-    racc (1.6.0)
-    rainbow (3.0.0)
-    rake (13.0.6)
-    regexp_parser (2.2.0)
-    rexml (3.2.5)
-    rubocop (1.24.1)
+      racc
+    prism (1.4.0)
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    rake-compiler-dock (1.9.1)
+    rb_sys (0.9.111)
+      rake-compiler-dock (= 1.9.1)
+    regexp_parser (2.10.0)
+    rubocop (1.75.7)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    ruby-progressbar (1.11.0)
-    unicode-display_width (2.1.0)
-    webrick (1.7.0)
-    yard (0.9.27)
-      webrick (~> 1.7.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.44.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-minitest (0.38.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
+    ruby-progressbar (1.13.0)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
 
 PLATFORMS
-  ruby
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl
 
 DEPENDENCIES
-  archive-zip (~> 0.11)
+  archive-zip (= 0.13.0.pre1)
   bundler (~> 2.1)
-  commonmarker (~> 0.21)
-  minitest (~> 5.12)
+  commonmarker (~> 2.0)
+  logger (< 2.0)
+  minitest (~> 5.25)
   nokogiri (~> 1.11)
   nvd_feed_api!
   oj (>= 3.7.8, < 4)
-  rake (~> 13.0)
-  rubocop (~> 1.23)
-  yard (>= 0.9.27, < 0.10)
+  rake (~> 13.2)
+  rubocop (~> 1.71)
+  rubocop-minitest (~> 0.36)
+  yard!
 
 BUNDLED WITH
-   2.3.6
+   2.6.2

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rake/testtask'
 require 'bundler/gem_tasks'
 

data/bin/nvd_feed_api

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'nvd_feed_api'
 

data/bin/nvd_feed_api_console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'bundler/setup'
 require 'nvd_feed_api'

data/lib/nvd_feed_api/feed.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Ruby internal
 require 'digest'
 require 'net/https'
@@ -32,17 +34,17 @@ class NVDFeedScraper
 
     # @return [String] the URL of the metadata file of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.meta'
     attr_reader :meta_url
 
     # @return [String] the URL of the gz archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.gz'
     attr_reader :gz_url
 
     # @return [String] the URL of the zip archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.zip'
     attr_reader :zip_url
 
     # @return [Meta] the {Meta} object of the feed.
@@ -168,11 +170,11 @@ class NVDFeedScraper
         # Set data
         if @data_type.nil?
           doc = Oj::Doc.open(File.read(@json_file))
-          @data_type = doc.fetch('/CVE_data_type')
-          @data_format = doc.fetch('/CVE_data_format')
-          @data_version = doc.fetch('/CVE_data_version').to_f
-          @data_number_of_cves = doc.fetch('/CVE_data_numberOfCVEs').to_i
-          @data_timestamp = Date.strptime(doc.fetch('/CVE_data_timestamp'), '%FT%RZ')
+          @data_type = 'CVE' # @data_type was doc.fetch('/CVE_data_type') in 1.1 schema but was removed in 2.0 so keep this string for retrocompatibility
+          @data_format = doc.fetch('/format')
+          @data_version = doc.fetch('/version').to_f
+          @data_number_of_cves = doc.fetch('/totalResults').to_i
+          @data_timestamp = Date.strptime(doc.fetch('/timestamp'), '%FT%T.%N')
           doc.close
         end
       else
@@ -187,11 +189,11 @@ class NVDFeedScraper
 
         # update data
         doc = Oj::Doc.open(File.read(@json_file))
-        @data_type = doc.fetch('/CVE_data_type')
-        @data_format = doc.fetch('/CVE_data_format')
-        @data_version = doc.fetch('/CVE_data_version').to_f
-        @data_number_of_cves = doc.fetch('/CVE_data_numberOfCVEs').to_i
-        @data_timestamp = Date.strptime(doc.fetch('/CVE_data_timestamp'), '%FT%RZ')
+        @data_type = 'CVE' # @data_type was doc.fetch('/CVE_data_type') in 1.1 schema but was removed in 2.0 so keep this string for retrocompatibility
+        @data_format = doc.fetch('/format')
+        @data_version = doc.fetch('/version').to_f
+        @data_number_of_cves = doc.fetch('/totalResults').to_i
+        @data_timestamp = Date.strptime(doc.fetch('/timestamp'), '%FT%T.%N')
         doc.close
       end
       return @json_file
@@ -213,8 +215,7 @@ class NVDFeedScraper
     #   @return [Array] an Array of CVE, each CVE is a Ruby Hash. May not be in the same order as provided.
     # @note {#json_pull} is needed before using this method. Remember you're searching only in the current feed.
     # @todo implement a CVE Class instead of returning a Hash.
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
-    # @see https://scap.nist.gov/schema/nvd/feed/0.1/CVE_JSON_4.0_min.schema
+    # @see https://csrc.nist.gov/schema/nvd/api/2.0/cve_api_json_2.0.schema
     # @example
     #   s = NVDFeedScraper.new
     #   s.scrap
@@ -234,10 +235,10 @@ class NVDFeedScraper
           raise "bad CVE name (#{arg_cve[0]})" unless /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(arg_cve[0])
 
           doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
+          # Quicker than doc.fetch('/vulnerabilities').size
           (1..@data_number_of_cves).each do |i|
-            if arg_cve[0].upcase == doc.fetch("/CVE_Items/#{i}/cve/CVE_data_meta/ID")
-              return_value = doc.fetch("/CVE_Items/#{i}")
+            if arg_cve[0].upcase == doc.fetch("/vulnerabilities/#{i}/cve/id")
+              return_value = doc.fetch("/vulnerabilities/#{i}")
               break
             end
           end
@@ -251,10 +252,10 @@ class NVDFeedScraper
           raise 'bad CVE name' unless cves_to_find.all? { |x| /^CVE-[0-9]{4}-[0-9]{4,}$/i.match?(x) }
 
           doc = Oj::Doc.open(File.read(@json_file))
-          # Quicker than doc.fetch('/CVE_Items').size
+          # Quicker than doc.fetch('/vulnerabilities').size
           (1..@data_number_of_cves).each do |i|
-            doc.move("/CVE_Items/#{i}")
-            cve_id = doc.fetch('cve/CVE_data_meta/ID')
+            doc.move("/vulnerabilities/#{i}")
+            cve_id = doc.fetch('cve/id')
             if cves_to_find.include?(cve_id)
               return_value.push(doc.fetch)
               cves_to_find.delete(cve_id)
@@ -281,11 +282,11 @@ class NVDFeedScraper
       raise "json_file (#{@json_file}) doesn't exist" unless File.file?(@json_file)
 
       doc = Oj::Doc.open(File.read(@json_file))
-      # Quicker than doc.fetch('/CVE_Items').size
+      # Quicker than doc.fetch('/vulnerabilities').size
       cve_names = []
       (1..@data_number_of_cves).each do |i|
-        doc.move("/CVE_Items/#{i}")
-        cve_names.push(doc.fetch('cve/CVE_data_meta/ID'))
+        doc.move("/vulnerabilities/#{i}")
+        cve_names.push(doc.fetch('cve/id'))
       end
       doc.close
       return cve_names
@@ -314,7 +315,7 @@ class NVDFeedScraper
     # @param arg_meta_url [String] the new URL of the metadata file of the feed.
     # @return [String] the new URL of the metadata file of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.meta'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.meta'
     def meta_url=(arg_meta_url)
       raise "meta_url (#{arg_meta_url}) is not a string" unless arg_meta_url.is_a?(String)
 
@@ -324,7 +325,7 @@ class NVDFeedScraper
     # @param arg_gz_url [String] the new URL of the gz archive of the feed.
     # @return [String] the new URL of the gz archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.gz'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.gz'
     def gz_url=(arg_gz_url)
       raise "gz_url (#{arg_gz_url}) is not a string" unless arg_gz_url.is_a?(String)
 
@@ -334,7 +335,7 @@ class NVDFeedScraper
     # @param arg_zip_url [String] the new URL of the zip archive of the feed.
     # @return [String] the new URL of the zip archive of the feed.
     # @example
-    #   'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip'
+    #   'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2007.json.zip'
     def zip_url=(arg_zip_url)
       raise "zip_url (#{arg_zip_url}) is not a string" unless arg_zip_url.is_a?(String)
 

data/lib/nvd_feed_api/meta.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Ruby internal
 require 'net/https'
 

data/lib/nvd_feed_api/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module NvdFeedApi
-  VERSION = '0.4.0'.freeze
+  VERSION = '0.6.0'
 end

data/lib/nvd_feed_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # @author Alexandre ZANNI <alexandre.zanni@engineer.com>
 
 # Ruby internal
@@ -18,7 +20,7 @@ require 'nvd_feed_api/feed'
 #   scraper.feeds("CVE-2007")
 #   cve2007, cve2015 = scraper.feeds("CVE-2007", "CVE-2015")
 class NVDFeedScraper
-  BASE = 'https://nvd.nist.gov'.freeze
+  BASE = 'https://nvd.nist.gov'
   # The NVD url where is located the data feeds.
   URL = "#{BASE}/vuln/data-feeds".freeze
   # Load constants
@@ -40,7 +42,7 @@ class NVDFeedScraper
     doc = Nokogiri::HTML(html)
     @feeds = []
     tmp_feeds = {}
-    doc.css('#vuln-feed-table table.xml-feed-table tr[data-testid]').each do |tr|
+    doc.css('div[data-testid=nvd-json-2-feed-table] table.xml-feed-table tr[data-testid]').each do |tr|
       num, type = tr.attr('data-testid')[13..].split('-')
       case type
       when 'meta'
@@ -128,15 +130,11 @@ class NVDFeedScraper
   # Return a list with the name of all available feeds. Returned feed names can be use as argument for {#feeds} method. Can only be called after {#scrap}.
   # @return [Array<String>] List with the name of all available feeds.
   # @example
-  #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2017", "CVE-2016", "CVE-2015", "CVE-2014", "CVE-2013", "CVE-2012", "CVE-2011", "CVE-2010", "CVE-2009", "CVE-2008", "CVE-2007", "CVE-2006", "CVE-2005", "CVE-2004", "CVE-2003", "CVE-2002"]
+  #   scraper.available_feeds => ["CVE-Modified", "CVE-Recent", "CVE-2025", "[…]", "CVE-2002"]
   def available_feeds
     raise 'call scrap method before using available_feeds method' if @feeds.nil?
 
-    feed_names = []
-    @feeds.each do |feed| # feed is an objet
-      feed_names.push(feed.name)
-    end
-    feed_names
+    @feeds.map(&:name)
   end
 
   # Search for CVE in all year feeds.
@@ -155,8 +153,7 @@ class NVDFeedScraper
   #   @return [Array] an Array of CVE, each CVE is a Ruby Hash.
   # @todo implement a CVE Class instead of returning a Hash. May not be in the same order as provided.
   # @note {#scrap} is needed before using this method.
-  # @see https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
-  # @see https://scap.nist.gov/schema/nvd/feed/0.1/CVE_JSON_4.0_min.schema
+  # @see https://csrc.nist.gov/schema/nvd/api/2.0/cve_api_json_2.0.schema
   # @example
   #   s = NVDFeedScraper.new
   #   s.scrap
@@ -211,7 +208,7 @@ class NVDFeedScraper
 
         matched_feeds = feeds_to_match.intersection(feed_names)
         # and now that the intersection is done remove those virtual feeds and add CVE-2002 instead if needed
-        unless matched_feeds.intersection(virtual_feeds.to_set).empty?
+        if matched_feeds.intersect?(virtual_feeds.to_set)
           matched_feeds.subtract(virtual_feeds)
           matched_feeds.add('CVE-2002')
         end

data/nvd_feed_api.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'lib/nvd_feed_api/version'
 
 Gem::Specification.new do |s|
@@ -13,7 +15,6 @@ Gem::Specification.new do |s|
 
   s.files         = `git ls-files`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
-  s.test_files    = s.files.grep(%r{^(test)/})
   s.require_paths = ['lib']
 
   s.metadata = {
@@ -24,10 +25,11 @@ Gem::Specification.new do |s|
     'homepage_uri'          => 'https://noraj.gitlab.io/nvd_api/',
     'source_code_uri'       => 'https://gitlab.com/noraj/nvd_api/tree/master',
     'wiki_uri'              => 'https://gitlab.com/noraj/nvd_api/wikis/home',
+    'funding_uri'           => 'https://github.com/sponsors/noraj',
     'rubygems_mfa_required' => 'true'
   }
 
-  s.required_ruby_version = ['>= 2.7.0', '< 3.2']
+  s.required_ruby_version = ['>= 3.1.0', '< 4.0']
 
   s.add_dependency('archive-zip', '~> 0.11')
   s.add_dependency('nokogiri', '~> 1.11')

data/pages/CHANGELOG.md

@@ -1,4 +1,20 @@
-# [unreleased]
+# [0.6.0] - 29 May 2025
+
+- Enhancements and fixes:
+  - migrating from CVE JSON 1.1 to 2.0 spec
+    - 1.1 feeds will be removed in the future
+    - 1.1 feeds do not contain Deferred status CVEs
+- Chore:
+  - Update dependencies
+
+# [0.5.0] - 30 March 2025
+
+- Breaking changes:
+  - Drop support for Ruby 2.7 and 3.0
+- Chore:
+  - Add support for Ruby 3.2 & 3.3 & 3.4
+  - Update dependencies
+  - Add freeze literal string comment
 
 # [0.4.0] - 31 January 2021
 
@@ -78,7 +94,7 @@
 
 [0.0.1.rc2]: https://gitlab.com/noraj/nvd_api/tags/v0.0.1.rc2
 
-- Add some contribution guidelines, issue and MR templates.
+- Add some contribution guidelines, issues and MR templates.
 - Improve the README to be a good entrypoint.
 - Improve the FEATURES.
 

data/pages/INSTALL.md

@@ -4,42 +4,42 @@
 
 ### Install from rubygems.org
 
-```
-$ gem install nvd_feed_api
+```bash
+gem install nvd_feed_api
 ```
 
 ## Development
 
-It's better to use [rbenv](https://github.com/rbenv/rbenv) to have latests version of ruby and to avoid trashing your system ruby.
+It's better to use [rbenv](https://github.com/rbenv/rbenv) or [asdf-vm](https://asdf-vm.com/) to have latests version of ruby and to avoid trashing your system ruby.
 
 ### Install from rubygems.org
 
-```
-$ gem install --development nvd_feed_api
+```bash
+gem install --development nvd_feed_api
 ```
 
 ### Build from git
 
 Just replace `x.x.x` with the gem version you see after `gem build`.
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ ./bin/nvd_feed_api_setup
-$ rake install
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+./bin/nvd_feed_api_setup
+rake install
 ```
 
 You can use `nvd_feed_api_console` to launch `irb` with the API required.
 
 Alternatively to build you can use:
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ gem build nvd_feed_api.gemspec
-$ gem install --development nvd_feed_api-x.x.x.gem
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+gem build nvd_feed_api.gemspec
+gem install --development nvd_feed_api-x.x.x.gem
 ```
 
 Note: if an automatic install is needed you can get the version with `$ gem build nvd_feed_api.gemspec | grep Version | cut -d' ' -f4`.
@@ -48,10 +48,10 @@ Note: if an automatic install is needed you can get the version with `$ gem buil
 
 Useful when you want to try your changes without building the gem and re-installing it each time.
 
-```
-$ git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
-$ cd nvd_feed_api
-$ gem install bundle
-$ ./bin/nvd_feed_api_setup
-$ irb -Ilib -rnvd_feed_api
+```bash
+git clone https://gitlab.com/noraj/nvd_api.git nvd_feed_api
+cd nvd_feed_api
+gem install bundle
+./bin/nvd_feed_api_setup
+irb -Ilib -rnvd_feed_api
 ```

data/test/test_nvd_feed_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'minitest/autorun'
 require 'nvd_feed_api'
 require 'date'
@@ -78,7 +80,7 @@ class NVDAPITest < Minitest::Test
     f2017, f2016, f_modified = @s.feeds('CVE-2017', 'CVE-2016', 'CVE-Modified')
     # one arg
     # can't use assert_instance_of because there is no boolean class
-    assert(['TrueClass', 'FalseClass'].include?(@s.update_feeds(f2017).class.to_s), "update_feeds doesn't return a boolean")
+    assert_includes(['TrueClass', 'FalseClass'], @s.update_feeds(f2017).class.to_s, "update_feeds doesn't return a boolean")
     # two args
     assert_instance_of(Array, @s.update_feeds(f2017, f2016), "update_feeds doesn't return an array")
     refute_empty(@s.update_feeds(f2017, f2016), 'update_feeds returns an empty array')
@@ -90,7 +92,7 @@ class NVDAPITest < Minitest::Test
     err = assert_raises(RuntimeError) do
       @s.update_feeds(1)
     end
-    assert_equal(err.message, 'the provided argument 1 is not a Feed or an Array')
+    assert_equal('the provided argument 1 is not a Feed or an Array', err.message)
     ## empty array
     assert_empty(@s.update_feeds([]))
   end
@@ -102,6 +104,7 @@ class NVDAPITest < Minitest::Test
     assert_instance_of(String, default_val, "default_storage_location doesn't return a string")
     # check new value
     new_val = '/srv/downloads/'
+
     assert_equal(new_val, NVDFeedScraper::Feed.default_storage_location = new_val, 'the new value was not set properly')
     # put the default value back / restore context
     NVDFeedScraper::Feed.default_storage_location = default_val
@@ -109,9 +112,9 @@ class NVDAPITest < Minitest::Test
 
   def test_feed_attributes
     name = 'CVE-2010'
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.meta'
-    gz_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.gz'
-    zip_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.json.zip'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.meta'
+    gz_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.json.gz'
+    zip_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2010.json.zip'
     f = @s.feeds('CVE-2010')
     # Test name
     assert_instance_of(String, f.name, "name doesn't return a string")
@@ -137,10 +140,12 @@ class NVDAPITest < Minitest::Test
     # Test json_file
     assert_nil(f.json_file)
     f.json_pull
+
     assert_instance_of(String, f.json_file, "json_file doesn't return a string")
     refute_empty(f.json_file, 'json_file is empty')
     # Test meta (after json_pull)
     f.meta_pull
+
     assert_instance_of(NVDFeedScraper::Meta, f.meta, "meta doesn't return a Meta object")
 
     # Test data (require json_pull)
@@ -161,6 +166,7 @@ class NVDAPITest < Minitest::Test
   def test_feed_available_cves
     f = @s.feeds('CVE-2011')
     f.json_pull
+
     assert_instance_of(Array, f.available_cves, "available_cves doesn't return an array")
     refute_empty(f.available_cves, 'available_cves returns an empty array')
   end
@@ -199,6 +205,7 @@ class NVDAPITest < Minitest::Test
   def test_feed_download_gz
     f = @s.feeds('CVE-2013')
     return_value = f.download_gz
+
     assert_instance_of(String, return_value, "download_gz doesn't return a string")
     refute_empty(return_value, 'download_gz returns an empty string')
     assert(File.file?(return_value), 'download_gz returns an unexisting file')
@@ -207,6 +214,7 @@ class NVDAPITest < Minitest::Test
   def test_feed_download_zip
     f = @s.feeds('CVE-2003')
     return_value = f.download_zip
+
     assert_instance_of(String, return_value, "download_zip doesn't return a string")
     refute_empty(return_value, 'download_zip returns an empty string')
     assert(File.file?(return_value), 'download_zip returns an unexisting file')
@@ -215,6 +223,7 @@ class NVDAPITest < Minitest::Test
   def test_feed_json_pull
     f = @s.feeds('CVE-2004')
     return_value = f.json_pull
+
     assert_instance_of(String, return_value, "json_pull doesn't return a string")
     refute_empty(return_value, 'json_pull returns an empty string')
     assert(File.file?(return_value), 'json_pull returns an unexisting file')
@@ -222,6 +231,7 @@ class NVDAPITest < Minitest::Test
 
   def test_feed_meta_pull
     f = @s.feeds('CVE-2005')
+
     assert_instance_of(NVDFeedScraper::Meta, f.meta_pull, "meta_pull doesn't return a Meta object")
   end
 
@@ -231,7 +241,7 @@ class NVDAPITest < Minitest::Test
     f_new = @s.feeds('CVE-2006')
     # Right arg
     # can't use assert_instance_of because there is no boolean class
-    assert(['TrueClass', 'FalseClass'].include?(f.update!(f_new).class.to_s), "update! doesn't return a boolean")
+    assert_includes(['TrueClass', 'FalseClass'], f.update!(f_new).class.to_s, "update! doesn't return a boolean")
     # Bad arg
     err = assert_raises(RuntimeError) do
       f.update!('bad_arg')
@@ -240,45 +250,48 @@ class NVDAPITest < Minitest::Test
   end
 
   def test_meta_parse_noarg
-    m = NVDFeedScraper::Meta.new('https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta')
+    m = NVDFeedScraper::Meta.new('https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta')
+
     assert_equal(0, m.parse, 'parse method return nothing')
   end
 
   def test_meta_parse_witharg
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
+
     assert_equal(0, m.parse(meta_url), 'parse method return nothing')
   end
 
   def test_meta_url_setter
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
+
     assert_equal(meta_url, m.url = meta_url, 'the meta URL is not set correctly')
   end
 
   def test_meta_attributes
     m = NVDFeedScraper::Meta.new
-    meta_url = 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta'
+    meta_url = 'https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2015.meta'
     m.url = meta_url
     m.parse
     # Test gz_size
     assert_instance_of(String, m.gz_size, "Meta gz_size method doesn't return a string")
-    assert(m.gz_size.match?(/[0-9]+/), 'Meta gz_size is not an integer')
+    assert_match(/[0-9]+/, m.gz_size, 'Meta gz_size is not an integer')
     # Test last_modified_date
     assert_instance_of(String, m.last_modified_date, "Meta last_modified_date method doesn't return a string")
     ## Date and time of day for calendar date (extended) '%FT%T%:z'
     assert(Date.rfc3339(m.last_modified_date), 'Meta last_modified_date is not a rfc3339 date')
     # Test sha256
     assert_instance_of(String, m.sha256, "Meta sha256 method doesn't return a string")
-    assert(m.sha256.match?(/[0-9A-F]{64}/), 'Meta sha256 is not a sha256 string matching /[0-9A-F]{64}/')
+    assert_match(/[0-9A-F]{64}/, m.sha256, 'Meta sha256 is not a sha256 string matching /[0-9A-F]{64}/')
     # Test size
     assert_instance_of(String, m.size, "Meta size method doesn't return a string")
-    assert(m.size.match?(/[0-9]+/), 'Meta size is not an integer')
+    assert_match(/[0-9]+/, m.size, 'Meta size is not an integer')
     # Test url
     assert_instance_of(String, m.url, "Meta url method doesn't return a string")
     assert_equal(meta_url, m.url, 'The Meta url was modified')
     # Test zip_size
     assert_instance_of(String, m.zip_size, "Meta zip_size method doesn't return a string")
-    assert(m.zip_size.match?(/[0-9]+/), 'Meta zip_size is not an integer')
+    assert_match(/[0-9]+/, m.zip_size, 'Meta zip_size is not an integer')
   end
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: nvd_feed_api
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Alexandre ZANNI
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2025-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: archive-zip
@@ -107,8 +106,8 @@ metadata:
   homepage_uri: https://noraj.gitlab.io/nvd_api/
   source_code_uri: https://gitlab.com/noraj/nvd_api/tree/master
   wiki_uri: https://gitlab.com/noraj/nvd_api/wikis/home
+  funding_uri: https://github.com/sponsors/noraj
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -116,19 +115,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.2'
+      version: '4.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: API for NVD CVE feeds
-test_files:
-- test/test_nvd_feed_api.rb
+test_files: []