pronto-bundler_audit 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +3 -0
- data/Gemfile.lock +14 -2
- data/README.md +42 -3
- data/images/github-check.png +0 -0
- data/images/github-comment.png +0 -0
- data/lib/pronto/bundler_audit/patch_handler.rb +165 -0
- data/lib/pronto/bundler_audit/version.rb +3 -2
- data/lib/pronto/bundler_audit.rb +9 -164
- data/pronto-bundler_audit.gemspec +4 -4
- metadata +41 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f5e3d57ee3196408dfa094d7f049418ab9cde1547b8d895b4850b89e4b3eddf
|
4
|
+
data.tar.gz: 2faf2c8e0b126fa1158ace92f13c4e5db196ebccb909b8cdececf63a7ad8f427
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 547da0556ee2b901ab926f3e886f36d0098e3f142eb570cfa2e4fb50f656f49afdecfa696158e1ec9ca4df1c3a204aee5b204c7a0f012bbcf90490ee2279983b
|
7
|
+
data.tar.gz: 1d2e0812b77939c079c5f68fbbbccdf3e45522be2971705a462bc6eabe22e11c68312ea4dda66b416eb1171147ee88edf297ad5871e730ac65b7ddea80335be1
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
### 0.2.0 - 2019-04-30
|
2
|
+
- Fix conditional for running Bundle Audit scans -- was always running even if there was nothing to run on in a given Pronto::Patches set
|
3
|
+
|
1
4
|
### 0.1.1 - 2019-04-29
|
2
5
|
- Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
|
3
6
|
- Add gem version requirements to gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pronto-bundler_audit (0.
|
4
|
+
pronto-bundler_audit (0.2.0)
|
5
5
|
bundler-audit (~> 0)
|
6
6
|
pronto (~> 0)
|
7
7
|
|
@@ -18,6 +18,7 @@ GEM
|
|
18
18
|
thor (~> 0.18)
|
19
19
|
byebug (11.0.1)
|
20
20
|
coderay (1.1.2)
|
21
|
+
docile (1.3.1)
|
21
22
|
faraday (0.15.4)
|
22
23
|
multipart-post (>= 1.2, < 3)
|
23
24
|
gitlab (4.11.0)
|
@@ -27,6 +28,8 @@ GEM
|
|
27
28
|
mime-types (~> 3.0)
|
28
29
|
multi_xml (>= 0.5.2)
|
29
30
|
jaro_winkler (1.5.2)
|
31
|
+
json (2.2.0)
|
32
|
+
metaclass (0.0.4)
|
30
33
|
method_source (0.9.2)
|
31
34
|
mime-types (3.2.2)
|
32
35
|
mime-types-data (~> 3.2015)
|
@@ -37,6 +40,8 @@ GEM
|
|
37
40
|
builder
|
38
41
|
minitest (>= 5.0)
|
39
42
|
ruby-progressbar
|
43
|
+
mocha (1.8.0)
|
44
|
+
metaclass (~> 0.0.1)
|
40
45
|
multi_xml (0.6.0)
|
41
46
|
multipart-post (2.0.0)
|
42
47
|
octokit (4.14.0)
|
@@ -72,6 +77,11 @@ GEM
|
|
72
77
|
sawyer (0.8.1)
|
73
78
|
addressable (>= 2.3.5, < 2.6)
|
74
79
|
faraday (~> 0.8, < 1.0)
|
80
|
+
simplecov (0.16.1)
|
81
|
+
docile (~> 1.1)
|
82
|
+
json (>= 1.8, < 3)
|
83
|
+
simplecov-html (~> 0.10.0)
|
84
|
+
simplecov-html (0.10.2)
|
75
85
|
terminal-table (1.8.0)
|
76
86
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
77
87
|
thor (0.20.3)
|
@@ -85,11 +95,13 @@ DEPENDENCIES
|
|
85
95
|
byebug (~> 11)
|
86
96
|
minitest (~> 5)
|
87
97
|
minitest-reporters (~> 1)
|
98
|
+
mocha (~> 1)
|
88
99
|
pronto-bundler_audit!
|
89
100
|
pry (~> 0)
|
90
101
|
pry-byebug (~> 3)
|
91
102
|
rake (~> 12)
|
92
|
-
rubocop (
|
103
|
+
rubocop (>= 0.67.2, < 1)
|
104
|
+
simplecov (~> 0.16)
|
93
105
|
|
94
106
|
BUNDLED WITH
|
95
107
|
2.0.1
|
data/README.md
CHANGED
@@ -1,13 +1,18 @@
|
|
1
|
+
[](https://badge.fury.io/rb/pronto-bundler_audit)
|
2
|
+
[](https://travis-ci.org/pdobb/pronto-bundler_audit)
|
3
|
+
[](https://codeclimate.com/github/pdobb/pronto-bundler_audit/maintainability)
|
4
|
+
[](https://codeclimate.com/github/pdobb/pronto-bundler_audit/test_coverage)
|
5
|
+
|
1
6
|
# Pronto::BundlerAudit
|
2
7
|
|
3
8
|
Pronto runner for [bundler-audit](https://github.com/rubysec/bundler-audit), patch-level verification for bundler. [What is Pronto?](https://github.com/prontolabs/pronto)
|
4
9
|
|
5
10
|
## Installation
|
6
11
|
|
7
|
-
Add this line to your application's Gemfile:
|
12
|
+
Add this line to the `development` group of your application's Gemfile:
|
8
13
|
|
9
14
|
```ruby
|
10
|
-
gem 'pronto-bundler_audit'
|
15
|
+
gem 'pronto-bundler_audit', require: false
|
11
16
|
```
|
12
17
|
|
13
18
|
And then execute:
|
@@ -18,9 +23,38 @@ Or install it yourself as:
|
|
18
23
|
|
19
24
|
$ gem install pronto-bundler_audit
|
20
25
|
|
26
|
+
## Compatibility
|
27
|
+
|
28
|
+
Tested MRI Ruby Versions:
|
29
|
+
* 2.3
|
30
|
+
* 2.4
|
31
|
+
* 2.5
|
32
|
+
* 2.6
|
33
|
+
* edge
|
34
|
+
|
21
35
|
## Usage
|
22
36
|
|
23
|
-
|
37
|
+
Once installed as a gem, this runner activate automatically when [running Pronto](https://github.com/prontolabs/pronto#usage) -- no configuration is required.
|
38
|
+
|
39
|
+
### Examples
|
40
|
+
|
41
|
+
#### Local Pronto Run
|
42
|
+
|
43
|
+
```bash
|
44
|
+
$ time pronto run -c=development --runner bundler_audit
|
45
|
+
Running Pronto::BundlerAudit
|
46
|
+
Gemfile.lock: E: Gem: bootstrap-sass v3.4.0 | Medium Advisory: XSS vulnerability in bootstrap-sass -- CVE-2019-8331 (https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/) | Solution: Upgrade to >= 3.4.1.
|
47
|
+
|
48
|
+
real 0m1.417s
|
49
|
+
user 0m0.773s
|
50
|
+
sys 0m0.252s
|
51
|
+
```
|
52
|
+
|
53
|
+
#### Github Pull Request - Checks
|
54
|
+

|
55
|
+
|
56
|
+
#### Github Pull Request - Comments
|
57
|
+

|
24
58
|
|
25
59
|
## Development
|
26
60
|
|
@@ -28,6 +62,11 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
|
28
62
|
|
29
63
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
30
64
|
|
65
|
+
## TODO
|
66
|
+
|
67
|
+
* Add more tests
|
68
|
+
* Add configuration for compact vs expanded advisories reporting
|
69
|
+
|
31
70
|
## Contributing
|
32
71
|
|
33
72
|
Bug reports and pull requests are welcome on GitHub at https://github.com/pdobb/pronto-bundler_audit.
|
Binary file
|
Binary file
|
@@ -0,0 +1,165 @@
|
|
1
|
+
module Pronto
|
2
|
+
class BundlerAudit < Runner
|
3
|
+
# Pronto::BundlerAudit::PatchHandler runs Bundle Audit on the given patch
|
4
|
+
# and returns an Array of Pronto::Message objects if any advisories are
|
5
|
+
# found.
|
6
|
+
class PatchHandler
|
7
|
+
def initialize(patch, runner:)
|
8
|
+
@patch = patch
|
9
|
+
@runner = runner
|
10
|
+
end
|
11
|
+
|
12
|
+
# @return (see: #run_scan)
|
13
|
+
def call
|
14
|
+
update_ruby_advisory_db
|
15
|
+
run_scan
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def update_ruby_advisory_db
|
21
|
+
Bundler::Audit::Database.update!(quiet: true)
|
22
|
+
end
|
23
|
+
|
24
|
+
# @return [Array>] if no advisories were found
|
25
|
+
# @return [Array<Pronto::Message>] if advisories were found
|
26
|
+
def run_scan
|
27
|
+
scanner = Bundler::Audit::Scanner.new
|
28
|
+
|
29
|
+
scanner.scan.inject([]) do |acc, scan_result|
|
30
|
+
acc << process_scan_result(scan_result)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def process_scan_result(scan_result)
|
35
|
+
case scan_result
|
36
|
+
when Bundler::Audit::Scanner::InsecureSource
|
37
|
+
report_insecure_source_scan_result
|
38
|
+
when Bundler::Audit::Scanner::UnpatchedGem
|
39
|
+
report_unpatched_gem_scan_result(scan_result)
|
40
|
+
else
|
41
|
+
raise ArgumentError, "unexpected type: #{scan_result.class}"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def report_insecure_source_scan_result(scan_result)
|
46
|
+
build_warning_message(
|
47
|
+
"Insecure Source URI found: #{scan_result.source}")
|
48
|
+
end
|
49
|
+
|
50
|
+
def report_unpatched_gem_scan_result(scan_result)
|
51
|
+
advisory =
|
52
|
+
AdvisoryFormatter.new(
|
53
|
+
gem: scan_result.gem, advisory: scan_result.advisory)
|
54
|
+
message = advisory.to_compact_s
|
55
|
+
line = find_relevant_line(advisory)
|
56
|
+
|
57
|
+
build_error_message(message, line: line)
|
58
|
+
end
|
59
|
+
|
60
|
+
# @return [Pronto::Git::Line]
|
61
|
+
def find_relevant_line(advisory)
|
62
|
+
first_added_line_for_affected_gem_name(advisory.gem_name)
|
63
|
+
end
|
64
|
+
|
65
|
+
# @return [Pronto::Git::Line]
|
66
|
+
def first_added_line_for_affected_gem_name(gem_name)
|
67
|
+
@patch.added_lines.detect { |line| line.content.include?(gem_name) }
|
68
|
+
end
|
69
|
+
|
70
|
+
def build_warning_message(message)
|
71
|
+
build_message(message, level: :warning)
|
72
|
+
end
|
73
|
+
|
74
|
+
def build_error_message(message, line:)
|
75
|
+
build_message(message, level: :error, line: line)
|
76
|
+
end
|
77
|
+
|
78
|
+
def build_message(message, level:, line:)
|
79
|
+
Message.new(
|
80
|
+
GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
|
81
|
+
end
|
82
|
+
|
83
|
+
# Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
|
84
|
+
# formatter for the given gem object and Bundler::Audit::Advisory#advisory
|
85
|
+
# object.
|
86
|
+
class AdvisoryFormatter
|
87
|
+
# param gem [Bundler::LazySpecification]
|
88
|
+
# param advisory [Bundler::Audit::Advisory]
|
89
|
+
def initialize(gem:, advisory:)
|
90
|
+
@gem = gem
|
91
|
+
@advisory = advisory
|
92
|
+
end
|
93
|
+
|
94
|
+
def to_s
|
95
|
+
[
|
96
|
+
"Name: #{gem_name}",
|
97
|
+
"Version: #{gem_version}",
|
98
|
+
"Advisory: #{advisory_description}",
|
99
|
+
"Criticality: #{advisory_criticality}",
|
100
|
+
"URL: #{advisory_url}",
|
101
|
+
"Title: #{advisory_title}",
|
102
|
+
"Solution: #{advisory_solution}"
|
103
|
+
].join("\n")
|
104
|
+
end
|
105
|
+
|
106
|
+
def to_compact_s
|
107
|
+
[
|
108
|
+
"Gem: #{gem_name} v#{gem_version}",
|
109
|
+
"#{advisory_criticality} Advisory: #{advisory_title} -- "\
|
110
|
+
"#{advisory_description} (#{advisory_url})",
|
111
|
+
"Solution: #{advisory_solution}"
|
112
|
+
].join(" | ")
|
113
|
+
end
|
114
|
+
|
115
|
+
def gem_name
|
116
|
+
@gem.name
|
117
|
+
end
|
118
|
+
|
119
|
+
private
|
120
|
+
|
121
|
+
def gem_version
|
122
|
+
@gem.version
|
123
|
+
end
|
124
|
+
|
125
|
+
def advisory_description
|
126
|
+
if @advisory.cve
|
127
|
+
"CVE-#{@advisory.cve}"
|
128
|
+
elsif @advisory.osvdb
|
129
|
+
@advisory.osvdb
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def advisory_criticality
|
134
|
+
str = @advisory.criticality.to_s.capitalize
|
135
|
+
str = "Unknown" if str.empty?
|
136
|
+
str
|
137
|
+
end
|
138
|
+
|
139
|
+
def advisory_url
|
140
|
+
@advisory.url
|
141
|
+
end
|
142
|
+
|
143
|
+
def advisory_title
|
144
|
+
@advisory.title
|
145
|
+
end
|
146
|
+
|
147
|
+
def advisory_solution
|
148
|
+
if any_patched_versions?
|
149
|
+
"Upgrade to #{patched_versions}."
|
150
|
+
else
|
151
|
+
"Remove or disable this gem until a patch is available!"
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
def patched_versions
|
156
|
+
@advisory.patched_versions.join(', ')
|
157
|
+
end
|
158
|
+
|
159
|
+
def any_patched_versions?
|
160
|
+
!@advisory.patched_versions.empty?
|
161
|
+
end
|
162
|
+
end
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
data/lib/pronto/bundler_audit.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
require "pronto"
|
2
2
|
require "bundler/audit/database"
|
3
3
|
require "bundler/audit/scanner"
|
4
|
+
require "pronto/bundler_audit/version"
|
5
|
+
require "pronto/bundler_audit/patch_handler"
|
4
6
|
|
5
7
|
module Pronto
|
6
8
|
# Pronto::BundlerAudit is a Pronto::Runner that:
|
@@ -8,22 +10,24 @@ module Pronto
|
|
8
10
|
# Gemfile.lock)
|
9
11
|
# 2. Updates the Ruby Advisory Database
|
10
12
|
# 3. Runs bundle-audit to scan the Gemfile.lock
|
11
|
-
# 4. Returns an Array of Pronto::Message objects if any
|
13
|
+
# 4. Returns an Array of Pronto::Message objects if any advisories are found
|
12
14
|
class BundlerAudit < Runner
|
13
15
|
GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
|
14
16
|
|
15
17
|
def run
|
16
18
|
patch = find_relevant_patch
|
17
19
|
|
18
|
-
|
19
|
-
|
20
|
+
if patch
|
21
|
+
patch_handler = PatchHandler.new(patch, runner: self)
|
22
|
+
patch_handler.call
|
23
|
+
end
|
20
24
|
end
|
21
25
|
|
22
26
|
private
|
23
27
|
|
24
28
|
def find_relevant_patch
|
25
|
-
@patches.
|
26
|
-
|
29
|
+
@patches.reverse.detect { |patch|
|
30
|
+
patch.additions > 0 && relevant_patch_path?(patch)
|
27
31
|
}
|
28
32
|
end
|
29
33
|
|
@@ -31,164 +35,5 @@ module Pronto
|
|
31
35
|
patch_path = patch.new_file_full_path.to_s
|
32
36
|
patch_path.end_with?(GEMFILE_LOCK_FILENAME)
|
33
37
|
end
|
34
|
-
|
35
|
-
# Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
|
36
|
-
# and returns an Array of Pronto::Message objects, if any issues are found.
|
37
|
-
class PatchHandler
|
38
|
-
def initialize(patch, runner:)
|
39
|
-
@patch = patch
|
40
|
-
@runner = runner
|
41
|
-
end
|
42
|
-
|
43
|
-
# @return (see: #run_scan)
|
44
|
-
def call
|
45
|
-
update_ruby_advisory_db
|
46
|
-
run_scan
|
47
|
-
end
|
48
|
-
|
49
|
-
private
|
50
|
-
|
51
|
-
def update_ruby_advisory_db
|
52
|
-
Bundler::Audit::Database.update!(quiet: true)
|
53
|
-
end
|
54
|
-
|
55
|
-
# @return [Array>] if no issues were found
|
56
|
-
# @return [Array<Pronto::Message>] if issues were found
|
57
|
-
def run_scan
|
58
|
-
scanner = Bundler::Audit::Scanner.new
|
59
|
-
|
60
|
-
scanner.scan.inject([]) do |acc, scan_result|
|
61
|
-
acc << process_scan_result(scan_result)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def process_scan_result(scan_result)
|
66
|
-
case scan_result
|
67
|
-
when Bundler::Audit::Scanner::InsecureSource
|
68
|
-
report_insecure_source_scan_result
|
69
|
-
when Bundler::Audit::Scanner::UnpatchedGem
|
70
|
-
report_unpatched_gem_scan_result(scan_result)
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def report_insecure_source_scan_result(scan_result)
|
75
|
-
build_warning_message(
|
76
|
-
"Insecure Source URI found: #{scan_result.source}")
|
77
|
-
end
|
78
|
-
|
79
|
-
def report_unpatched_gem_scan_result(scan_result)
|
80
|
-
advisory =
|
81
|
-
AdvisoryFormatter.new(
|
82
|
-
gem: scan_result.gem, advisory: scan_result.advisory)
|
83
|
-
message = advisory.to_compact_s
|
84
|
-
line = find_relevant_line(advisory)
|
85
|
-
|
86
|
-
build_error_message(message, line: line)
|
87
|
-
end
|
88
|
-
|
89
|
-
# @return [Pronto::Git::Line]
|
90
|
-
def find_relevant_line(advisory)
|
91
|
-
first_added_line_for_affected_gem_name(advisory.gem_name)
|
92
|
-
end
|
93
|
-
|
94
|
-
# @return [Pronto::Git::Line]
|
95
|
-
def first_added_line_for_affected_gem_name(gem_name)
|
96
|
-
@patch.added_lines.detect { |line| line.content.include?(gem_name) }
|
97
|
-
end
|
98
|
-
|
99
|
-
def build_warning_message(message)
|
100
|
-
build_message(message, level: :warning)
|
101
|
-
end
|
102
|
-
|
103
|
-
def build_error_message(message, line:)
|
104
|
-
build_message(message, level: :error, line: line)
|
105
|
-
end
|
106
|
-
|
107
|
-
def build_message(message, level:, line:)
|
108
|
-
Message.new(
|
109
|
-
GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
|
110
|
-
end
|
111
|
-
|
112
|
-
# Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
|
113
|
-
# formatter for the given gem object and Bundler::Audit::Advisory#advisory
|
114
|
-
# object.
|
115
|
-
class AdvisoryFormatter
|
116
|
-
# param gem [Bundler::LazySpecification]
|
117
|
-
# param advisory [Bundler::Audit::Advisory]
|
118
|
-
def initialize(gem:, advisory:)
|
119
|
-
@gem = gem
|
120
|
-
@advisory = advisory
|
121
|
-
end
|
122
|
-
|
123
|
-
def to_s
|
124
|
-
[
|
125
|
-
"Name: #{gem_name}",
|
126
|
-
"Version: #{gem_version}",
|
127
|
-
"Advisory: #{advisory_description}",
|
128
|
-
"Criticality: #{advisory_criticality}",
|
129
|
-
"URL: #{advisory_url}",
|
130
|
-
"Title: #{advisory_title}",
|
131
|
-
"Solution: #{advisory_solution}"
|
132
|
-
].join("\n")
|
133
|
-
end
|
134
|
-
|
135
|
-
def to_compact_s
|
136
|
-
[
|
137
|
-
"Gem: #{gem_name} v#{gem_version}",
|
138
|
-
"#{advisory_criticality} Advisory: #{advisory_title} -- "\
|
139
|
-
"#{advisory_description} (#{advisory_url})",
|
140
|
-
"Solution: #{advisory_solution}"
|
141
|
-
].join(" | ")
|
142
|
-
end
|
143
|
-
|
144
|
-
def gem_name
|
145
|
-
@gem.name
|
146
|
-
end
|
147
|
-
|
148
|
-
private
|
149
|
-
|
150
|
-
def gem_version
|
151
|
-
@gem.version
|
152
|
-
end
|
153
|
-
|
154
|
-
def advisory_description
|
155
|
-
if @advisory.cve
|
156
|
-
"CVE-#{@advisory.cve}"
|
157
|
-
elsif @advisory.osvdb
|
158
|
-
@advisory.osvdb
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
|
-
def advisory_criticality
|
163
|
-
str = @advisory.criticality.to_s.capitalize
|
164
|
-
str = "Unknown" if str.empty?
|
165
|
-
str
|
166
|
-
end
|
167
|
-
|
168
|
-
def advisory_url
|
169
|
-
@advisory.url
|
170
|
-
end
|
171
|
-
|
172
|
-
def advisory_title
|
173
|
-
@advisory.title
|
174
|
-
end
|
175
|
-
|
176
|
-
def advisory_solution
|
177
|
-
if any_patched_versions?
|
178
|
-
"Upgrade to #{patched_versions}."
|
179
|
-
else
|
180
|
-
"Remove or disable this gem until a patch is available!"
|
181
|
-
end
|
182
|
-
end
|
183
|
-
|
184
|
-
def patched_versions
|
185
|
-
@advisory.patched_versions.join(', ')
|
186
|
-
end
|
187
|
-
|
188
|
-
def any_patched_versions?
|
189
|
-
!@advisory.patched_versions.empty?
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
38
|
end
|
194
39
|
end
|
@@ -1,11 +1,10 @@
|
|
1
|
-
|
2
1
|
lib = File.expand_path("../lib", __FILE__)
|
3
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
3
|
require "pronto/bundler_audit/version"
|
5
4
|
|
6
5
|
Gem::Specification.new do |spec|
|
7
6
|
spec.name = "pronto-bundler_audit"
|
8
|
-
spec.version = Pronto::
|
7
|
+
spec.version = Pronto::BundlerAuditVersion::VERSION
|
9
8
|
spec.authors = ["Paul Dobbins"]
|
10
9
|
spec.email = ["paul.dobbins@icloud.com"]
|
11
10
|
|
@@ -42,9 +41,10 @@ Gem::Specification.new do |spec|
|
|
42
41
|
spec.add_development_dependency "byebug", "~> 11"
|
43
42
|
spec.add_development_dependency "minitest", "~> 5"
|
44
43
|
spec.add_development_dependency "minitest-reporters", "~> 1"
|
44
|
+
spec.add_development_dependency "mocha", "~> 1"
|
45
45
|
spec.add_development_dependency "pry", "~> 0"
|
46
46
|
spec.add_development_dependency "pry-byebug", "~> 3"
|
47
47
|
spec.add_development_dependency "rake", "~> 12"
|
48
|
-
spec.add_development_dependency "rubocop", "
|
49
|
-
|
48
|
+
spec.add_development_dependency "rubocop", ">= 0.67.2", "< 1"
|
49
|
+
spec.add_development_dependency "simplecov", "~> 0.16"
|
50
50
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pronto-bundler_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Dobbins
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: pronto
|
@@ -94,6 +94,20 @@ dependencies:
|
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '1'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: mocha
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1'
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
112
|
name: pry
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -138,18 +152,38 @@ dependencies:
|
|
138
152
|
version: '12'
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: rubocop
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 0.67.2
|
160
|
+
- - "<"
|
161
|
+
- !ruby/object:Gem::Version
|
162
|
+
version: '1'
|
163
|
+
type: :development
|
164
|
+
prerelease: false
|
165
|
+
version_requirements: !ruby/object:Gem::Requirement
|
166
|
+
requirements:
|
167
|
+
- - ">="
|
168
|
+
- !ruby/object:Gem::Version
|
169
|
+
version: 0.67.2
|
170
|
+
- - "<"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '1'
|
173
|
+
- !ruby/object:Gem::Dependency
|
174
|
+
name: simplecov
|
141
175
|
requirement: !ruby/object:Gem::Requirement
|
142
176
|
requirements:
|
143
177
|
- - "~>"
|
144
178
|
- !ruby/object:Gem::Version
|
145
|
-
version: '0'
|
179
|
+
version: '0.16'
|
146
180
|
type: :development
|
147
181
|
prerelease: false
|
148
182
|
version_requirements: !ruby/object:Gem::Requirement
|
149
183
|
requirements:
|
150
184
|
- - "~>"
|
151
185
|
- !ruby/object:Gem::Version
|
152
|
-
version: '0'
|
186
|
+
version: '0.16'
|
153
187
|
description:
|
154
188
|
email:
|
155
189
|
- paul.dobbins@icloud.com
|
@@ -167,7 +201,10 @@ files:
|
|
167
201
|
- Rakefile
|
168
202
|
- bin/console
|
169
203
|
- bin/setup
|
204
|
+
- images/github-check.png
|
205
|
+
- images/github-comment.png
|
170
206
|
- lib/pronto/bundler_audit.rb
|
207
|
+
- lib/pronto/bundler_audit/patch_handler.rb
|
171
208
|
- lib/pronto/bundler_audit/version.rb
|
172
209
|
- pronto-bundler_audit.gemspec
|
173
210
|
homepage: http://github.com/pdobb/pronto-bundler_audit
|