pronto-bundler_audit 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a1e6851baf36d42500cc736579e9b4dfe12d58ad4142cea5909e5e6c2b6f8cd4
+  data.tar.gz: 0d6a119979f0f6c2cbce6cb2d07fd92948085877c9edb0d5894c357197a1dfd8
+SHA512:
+  metadata.gz: f9d8b82ad4ad5367c6cd26ed21692c6cb774498071fb8288a3f3d2efbeae891eee30e41b1fe88117683c31f3f3be1c47129d9cd515793a385946dee1244dfb26
+  data.tar.gz: 468c3a01eab1325cc560cd3600b93cfde048b64657c31353f79cb1cc5b01a56755d5d8975d2ee646d6027883d4f5c8ac5dc0fb243d29a0e44acb975c9d353814

data/.gitignore

@@ -0,0 +1,9 @@
+/*.gem
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,21 @@
+env:
+  global:
+    - CC_TEST_REPORTER_ID=d474e8b46e1c2bdae364c33263aa113e922381016a151052bff1ec8cb743da22
+sudo: false
+language: ruby
+rvm:
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+  - ruby-head
+notifications:
+  email: false
+before_install: gem install bundler -v 2.0.1
+cache: bundler
+before_script:
+  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+  - chmod +x ./cc-test-reporter
+  - ./cc-test-reporter before-build
+after_script:
+  - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in pronto-bundler_audit.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,133 @@
+PATH
+  remote: .
+  specs:
+    pronto-bundler_audit (0.1.0)
+      bundler-audit
+      pronto
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    ansi (1.5.0)
+    ast (2.4.0)
+    axiom-types (0.1.1)
+      descendants_tracker (~> 0.0.4)
+      ice_nine (~> 0.11.0)
+      thread_safe (~> 0.3, >= 0.3.1)
+    builder (3.2.3)
+    bundler-audit (0.6.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 0.18)
+    byebug (11.0.1)
+    codeclimate-engine-rb (0.4.1)
+      virtus (~> 1.0)
+    coderay (1.1.2)
+    coercible (1.0.0)
+      descendants_tracker (~> 0.0.1)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    docile (1.3.1)
+    equalizer (0.0.11)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
+    gitlab (4.11.0)
+      httparty (~> 0.14, >= 0.14.0)
+      terminal-table (~> 1.5, >= 1.5.1)
+    httparty (0.17.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    ice_nine (0.11.2)
+    jaro_winkler (1.5.2)
+    json (2.2.0)
+    kwalify (0.7.2)
+    method_source (0.9.2)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.0331)
+    minitest (5.11.3)
+    minitest-reporters (1.3.6)
+      ansi
+      builder
+      minitest (>= 5.0)
+      ruby-progressbar
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
+    object_identifier (0.2.1)
+    octokit (4.14.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    parallel (1.17.0)
+    parser (2.6.2.1)
+      ast (~> 2.4.0)
+    pronto (0.10.0)
+      gitlab (~> 4.0, >= 4.0.0)
+      httparty (>= 0.13.7)
+      octokit (~> 4.7, >= 4.7.0)
+      rainbow (>= 2.2, < 4.0)
+      rugged (~> 0.24, >= 0.23.0)
+      thor (~> 0.20.0)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.7.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    psych (3.1.0)
+    public_suffix (3.0.3)
+    rainbow (3.0.0)
+    rake (12.3.2)
+    reek (5.4.0)
+      codeclimate-engine-rb (~> 0.4.0)
+      kwalify (~> 0.7.0)
+      parser (>= 2.5.0.0, < 2.7, != 2.5.1.1)
+      psych (~> 3.1.0)
+      rainbow (>= 2.0, < 4.0)
+    rubocop (0.67.2)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      psych (>= 3.1.0)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.6)
+    ruby-progressbar (1.10.0)
+    rugged (0.28.1)
+    sawyer (0.8.1)
+      addressable (>= 2.3.5, < 2.6)
+      faraday (~> 0.8, < 1.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    unicode-display_width (1.5.0)
+    virtus (1.0.5)
+      axiom-types (~> 0.1)
+      coercible (~> 1.0)
+      descendants_tracker (~> 0.0, >= 0.0.3)
+      equalizer (~> 0.0, >= 0.0.9)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  byebug
+  minitest
+  minitest-reporters
+  object_identifier
+  pronto-bundler_audit!
+  pry
+  pry-byebug
+  rake
+  reek
+  rubocop
+  simplecov
+
+BUNDLED WITH
+   2.0.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Paul Dobbins
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# Pronto::BundlerAudit
+
+Pronto runner for [bundler-audit](https://github.com/rubysec/bundler-audit), patch-level verification for bundler. [What is Pronto?](https://github.com/prontolabs/pronto)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'pronto-bundler_audit'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install pronto-bundler_audit
+
+## Usage
+
+This runner will run automatically when [running Pronto](https://github.com/prontolabs/pronto#usage).
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/pdobb/pronto-bundler_audit.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "pronto/bundler_audit"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require "pry"
+Pry.start
+
+# require "irb"
+# IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/pronto/bundler_audit/version.rb

@@ -0,0 +1,5 @@
+module Pronto
+  module BundlerAudit
+    VERSION = "0.1.0"
+  end
+end

data/lib/pronto/bundler_audit.rb

@@ -0,0 +1,172 @@
+require "pronto"
+require "bundler/audit/database"
+require "bundler/audit/scanner"
+
+module Pronto
+  # Pronto::BundlerAudit is a Pronto::Runner that:
+  # 1. Finds the most relevant patch (the last patch that contains a change to
+  #    Gemfile.lock)
+  # 2. Updates the Ruby Advisory Database
+  # 3. Runs bundle-audit to scan the Gemfile.lock
+  # 4. Returns an Array of Pronto::Message objects if any issues are found
+  class BundlerAudit < Runner
+    def run
+      patch = find_relevant_patch
+
+      patch_handler = PatchHandler.new(patch, runner: self)
+      patch_handler.call
+    end
+
+    private
+
+    def find_relevant_patch
+      @patches.reverse_each { |patch|
+        break patch if patch.additions > 0 && relevant_patch_path?(patch)
+      }
+    end
+
+    def relevant_patch_path?(patch)
+      patch_path = patch.new_file_full_path.to_s
+      patch_path.end_with?("Gemfile.lock")
+    end
+
+    # Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
+    # and returns an Array of Pronto::Message objects, if any issues are found.
+    class PatchHandler
+      def initialize(patch, runner:)
+        @patch = patch
+        @runner = runner
+      end
+
+      # @return (see: #run_scan)
+      def call
+        update_ruby_advisory_db
+        run_scan
+      end
+
+      private
+
+      def update_ruby_advisory_db
+        Bundler::Audit::Database.update!(quiet: true)
+      end
+
+      # @return [Array>] if no issues were found
+      # @return [Array<Pronto::Message>] if issues were found
+      def run_scan
+        scanner = Bundler::Audit::Scanner.new
+
+        scanner.scan.inject([]) do |acc, scan_result|
+          acc << process_scan_result(scan_result)
+        end
+      end
+
+      def process_scan_result(scan_result)
+        case scan_result
+        when Bundler::Audit::Scanner::InsecureSource
+          build_warning_message(
+            "Insecure Source URI found: #{scan_result.source}")
+        when Bundler::Audit::Scanner::UnpatchedGem
+          advisory =
+            AdvisoryFormatter.new(
+              gem: scan_result.gem, advisory: scan_result.advisory)
+          message = advisory.to_compact_s
+
+          build_error_message(message)
+        end
+      end
+
+      def build_warning_message(message)
+        build_message(message, level: :warning)
+      end
+
+      def build_error_message(message)
+        build_message(message, level: :error)
+      end
+
+      def build_message(message, level:)
+        Message.new("Gemfile.lock", nil, level, message, nil, @runner.class)
+      end
+
+      # Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
+      # formatter for the given gem object and Bundler::Audit::Advisory#advisory
+      # object.
+      class AdvisoryFormatter
+        # param gem [Bundler::LazySpecification]
+        # param advisory [Bundler::Audit::Advisory]
+        def initialize(gem:, advisory:)
+          @gem = gem
+          @advisory = advisory
+        end
+
+        def to_s
+          [
+            "Name: #{gem_name}",
+            "Version: #{gem_version}",
+            "Advisory: #{advisory_description}",
+            "Criticality: #{advisory_criticality}",
+            "URL: #{advisory_url}",
+            "Title: #{advisory_title}",
+            "Solution: #{advisory_solution}"
+          ].join("\n")
+        end
+
+        def to_compact_s
+          [
+            "Gem: #{gem_name} v#{gem_version}",
+            "#{advisory_criticality} Advisory: #{advisory_title} -- "\
+              "#{advisory_description} (#{advisory_url})",
+            "Solution: #{advisory_solution}"
+          ].join(" | ")
+        end
+
+        private
+
+        def gem_name
+          @gem.name
+        end
+
+        def gem_version
+          @gem.version
+        end
+
+        def advisory_description
+          if @advisory.cve
+            "CVE-#{@advisory.cve}"
+          elsif @advisory.osvdb
+            @advisory.osvdb
+          end
+        end
+
+        def advisory_criticality
+          str = @advisory.criticality.to_s.capitalize
+          str = "Unknown" if str.empty?
+          str
+        end
+
+        def advisory_url
+          @advisory.url
+        end
+
+        def advisory_title
+          @advisory.title
+        end
+
+        def advisory_solution
+          if any_patched_versions?
+            "Upgrade to #{patched_versions}."
+          else
+            "Remove or disable this gem until a patch is available!"
+          end
+        end
+
+        def patched_versions
+          @advisory.patched_versions.join(', ')
+        end
+
+        def any_patched_versions?
+          !@advisory.patched_versions.empty?
+        end
+      end
+    end
+  end
+end

data/pronto-bundler_audit.gemspec

@@ -0,0 +1,52 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "pronto/bundler_audit/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "pronto-bundler_audit"
+  spec.version       = Pronto::BundlerAudit::VERSION
+  spec.authors       = ["Paul Dobbins"]
+  spec.email         = ["paul.dobbins@icloud.com"]
+
+  spec.summary       = %q{Pronto runner for bundler-audit, patch-level verification for bundler.}
+  spec.homepage      = "http://github.com/pdobb/pronto-bundler_audit"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+  #   spec.metadata["homepage_uri"] = spec.homepage
+  #   spec.metadata["source_code_uri"] = "https://github.com/pdobb/pronto-bundler_audit"
+  #   spec.metadata["changelog_uri"] = "https://github.com/pdobb/pronto-bundler_audit/blob/master/CHANGELOG.md"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against " \
+  #     "public gem pushes."
+  # end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "pronto"
+  spec.add_runtime_dependency "bundler-audit"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "byebug"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "minitest-reporters"
+  spec.add_development_dependency "object_identifier"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "reek"
+  spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "simplecov"
+end

metadata

@@ -0,0 +1,237 @@
+--- !ruby/object:Gem::Specification
+name: pronto-bundler_audit
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Paul Dobbins
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: pronto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: object_identifier
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: reek
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- paul.dobbins@icloud.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/pronto/bundler_audit.rb
+- lib/pronto/bundler_audit/version.rb
+- pronto-bundler_audit.gemspec
+homepage: http://github.com/pdobb/pronto-bundler_audit
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Pronto runner for bundler-audit, patch-level verification for bundler.
+test_files: []