pronto-bundler_audit 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2873f35b21834bcf629f9dc4f6d3f03dd951d53c57f7fb243bd2a3bbf07cc86d
4
- data.tar.gz: 4fee93d0072331bae4923cef0e0ce8b25cd16eafc6c87e85bb00cfdc21f37c2d
3
+ metadata.gz: 4f5e3d57ee3196408dfa094d7f049418ab9cde1547b8d895b4850b89e4b3eddf
4
+ data.tar.gz: 2faf2c8e0b126fa1158ace92f13c4e5db196ebccb909b8cdececf63a7ad8f427
5
5
  SHA512:
6
- metadata.gz: 301d7d5be5569acf52a7111f810ad23eb1e44518be8cfd55ae6bce85145fba559afc78f3cfe59717a1f272db6abb29cb52fc862c9b9ebcc7227ac1d579efb75c
7
- data.tar.gz: e250e59a4754b6b313d32d3c9a45b98b4d825af5b50b897ef902749f4cfd882094599ad12a0d0f2b494b484eed98fa87f1f9f18eec262ccda66047e0aa3302dd
6
+ metadata.gz: 547da0556ee2b901ab926f3e886f36d0098e3f142eb570cfa2e4fb50f656f49afdecfa696158e1ec9ca4df1c3a204aee5b204c7a0f012bbcf90490ee2279983b
7
+ data.tar.gz: 1d2e0812b77939c079c5f68fbbbccdf3e45522be2971705a462bc6eabe22e11c68312ea4dda66b416eb1171147ee88edf297ad5871e730ac65b7ddea80335be1
data/.gitignore CHANGED
@@ -1,5 +1,6 @@
1
1
  /*.gem
2
2
  /.bundle/
3
+ /.DS_Store
3
4
  /.yardoc
4
5
  /_yardoc/
5
6
  /coverage/
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ### 0.2.0 - 2019-04-30
2
+ - Fix conditional for running Bundle Audit scans -- was always running even if there was nothing to run on in a given Pronto::Patches set
3
+
1
4
  ### 0.1.1 - 2019-04-29
2
5
  - Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
3
6
  - Add gem version requirements to gemspec
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pronto-bundler_audit (0.1.1)
4
+ pronto-bundler_audit (0.2.0)
5
5
  bundler-audit (~> 0)
6
6
  pronto (~> 0)
7
7
 
@@ -18,6 +18,7 @@ GEM
18
18
  thor (~> 0.18)
19
19
  byebug (11.0.1)
20
20
  coderay (1.1.2)
21
+ docile (1.3.1)
21
22
  faraday (0.15.4)
22
23
  multipart-post (>= 1.2, < 3)
23
24
  gitlab (4.11.0)
@@ -27,6 +28,8 @@ GEM
27
28
  mime-types (~> 3.0)
28
29
  multi_xml (>= 0.5.2)
29
30
  jaro_winkler (1.5.2)
31
+ json (2.2.0)
32
+ metaclass (0.0.4)
30
33
  method_source (0.9.2)
31
34
  mime-types (3.2.2)
32
35
  mime-types-data (~> 3.2015)
@@ -37,6 +40,8 @@ GEM
37
40
  builder
38
41
  minitest (>= 5.0)
39
42
  ruby-progressbar
43
+ mocha (1.8.0)
44
+ metaclass (~> 0.0.1)
40
45
  multi_xml (0.6.0)
41
46
  multipart-post (2.0.0)
42
47
  octokit (4.14.0)
@@ -72,6 +77,11 @@ GEM
72
77
  sawyer (0.8.1)
73
78
  addressable (>= 2.3.5, < 2.6)
74
79
  faraday (~> 0.8, < 1.0)
80
+ simplecov (0.16.1)
81
+ docile (~> 1.1)
82
+ json (>= 1.8, < 3)
83
+ simplecov-html (~> 0.10.0)
84
+ simplecov-html (0.10.2)
75
85
  terminal-table (1.8.0)
76
86
  unicode-display_width (~> 1.1, >= 1.1.1)
77
87
  thor (0.20.3)
@@ -85,11 +95,13 @@ DEPENDENCIES
85
95
  byebug (~> 11)
86
96
  minitest (~> 5)
87
97
  minitest-reporters (~> 1)
98
+ mocha (~> 1)
88
99
  pronto-bundler_audit!
89
100
  pry (~> 0)
90
101
  pry-byebug (~> 3)
91
102
  rake (~> 12)
92
- rubocop (~> 0)
103
+ rubocop (>= 0.67.2, < 1)
104
+ simplecov (~> 0.16)
93
105
 
94
106
  BUNDLED WITH
95
107
  2.0.1
data/README.md CHANGED
@@ -1,13 +1,18 @@
1
+ [![Gem Version](https://badge.fury.io/rb/pronto-bundler_audit.svg)](https://badge.fury.io/rb/pronto-bundler_audit)
2
+ [![Build Status](https://travis-ci.org/pdobb/pronto-bundler_audit.svg?branch=master)](https://travis-ci.org/pdobb/pronto-bundler_audit)
3
+ [![Maintainability](https://api.codeclimate.com/v1/badges/7ac01a6a6eace46487d9/maintainability)](https://codeclimate.com/github/pdobb/pronto-bundler_audit/maintainability)
4
+ [![Test Coverage](https://api.codeclimate.com/v1/badges/7ac01a6a6eace46487d9/test_coverage)](https://codeclimate.com/github/pdobb/pronto-bundler_audit/test_coverage)
5
+
1
6
  # Pronto::BundlerAudit
2
7
 
3
8
  Pronto runner for [bundler-audit](https://github.com/rubysec/bundler-audit), patch-level verification for bundler. [What is Pronto?](https://github.com/prontolabs/pronto)
4
9
 
5
10
  ## Installation
6
11
 
7
- Add this line to your application's Gemfile:
12
+ Add this line to the `development` group of your application's Gemfile:
8
13
 
9
14
  ```ruby
10
- gem 'pronto-bundler_audit'
15
+ gem 'pronto-bundler_audit', require: false
11
16
  ```
12
17
 
13
18
  And then execute:
@@ -18,9 +23,38 @@ Or install it yourself as:
18
23
 
19
24
  $ gem install pronto-bundler_audit
20
25
 
26
+ ## Compatibility
27
+
28
+ Tested MRI Ruby Versions:
29
+ * 2.3
30
+ * 2.4
31
+ * 2.5
32
+ * 2.6
33
+ * edge
34
+
21
35
  ## Usage
22
36
 
23
- This runner will run automatically when [running Pronto](https://github.com/prontolabs/pronto#usage).
37
+ Once installed as a gem, this runner activate automatically when [running Pronto](https://github.com/prontolabs/pronto#usage) -- no configuration is required.
38
+
39
+ ### Examples
40
+
41
+ #### Local Pronto Run
42
+
43
+ ```bash
44
+ $ time pronto run -c=development --runner bundler_audit
45
+ Running Pronto::BundlerAudit
46
+ Gemfile.lock: E: Gem: bootstrap-sass v3.4.0 | Medium Advisory: XSS vulnerability in bootstrap-sass -- CVE-2019-8331 (https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/) | Solution: Upgrade to >= 3.4.1.
47
+
48
+ real 0m1.417s
49
+ user 0m0.773s
50
+ sys 0m0.252s
51
+ ```
52
+
53
+ #### Github Pull Request - Checks
54
+ ![Github Check](images/github-check.png)
55
+
56
+ #### Github Pull Request - Comments
57
+ ![Github Comment](images/github-comment.png)
24
58
 
25
59
  ## Development
26
60
 
@@ -28,6 +62,11 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
28
62
 
29
63
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
30
64
 
65
+ ## TODO
66
+
67
+ * Add more tests
68
+ * Add configuration for compact vs expanded advisories reporting
69
+
31
70
  ## Contributing
32
71
 
33
72
  Bug reports and pull requests are welcome on GitHub at https://github.com/pdobb/pronto-bundler_audit.
Binary file
Binary file
@@ -0,0 +1,165 @@
1
+ module Pronto
2
+ class BundlerAudit < Runner
3
+ # Pronto::BundlerAudit::PatchHandler runs Bundle Audit on the given patch
4
+ # and returns an Array of Pronto::Message objects if any advisories are
5
+ # found.
6
+ class PatchHandler
7
+ def initialize(patch, runner:)
8
+ @patch = patch
9
+ @runner = runner
10
+ end
11
+
12
+ # @return (see: #run_scan)
13
+ def call
14
+ update_ruby_advisory_db
15
+ run_scan
16
+ end
17
+
18
+ private
19
+
20
+ def update_ruby_advisory_db
21
+ Bundler::Audit::Database.update!(quiet: true)
22
+ end
23
+
24
+ # @return [Array>] if no advisories were found
25
+ # @return [Array<Pronto::Message>] if advisories were found
26
+ def run_scan
27
+ scanner = Bundler::Audit::Scanner.new
28
+
29
+ scanner.scan.inject([]) do |acc, scan_result|
30
+ acc << process_scan_result(scan_result)
31
+ end
32
+ end
33
+
34
+ def process_scan_result(scan_result)
35
+ case scan_result
36
+ when Bundler::Audit::Scanner::InsecureSource
37
+ report_insecure_source_scan_result
38
+ when Bundler::Audit::Scanner::UnpatchedGem
39
+ report_unpatched_gem_scan_result(scan_result)
40
+ else
41
+ raise ArgumentError, "unexpected type: #{scan_result.class}"
42
+ end
43
+ end
44
+
45
+ def report_insecure_source_scan_result(scan_result)
46
+ build_warning_message(
47
+ "Insecure Source URI found: #{scan_result.source}")
48
+ end
49
+
50
+ def report_unpatched_gem_scan_result(scan_result)
51
+ advisory =
52
+ AdvisoryFormatter.new(
53
+ gem: scan_result.gem, advisory: scan_result.advisory)
54
+ message = advisory.to_compact_s
55
+ line = find_relevant_line(advisory)
56
+
57
+ build_error_message(message, line: line)
58
+ end
59
+
60
+ # @return [Pronto::Git::Line]
61
+ def find_relevant_line(advisory)
62
+ first_added_line_for_affected_gem_name(advisory.gem_name)
63
+ end
64
+
65
+ # @return [Pronto::Git::Line]
66
+ def first_added_line_for_affected_gem_name(gem_name)
67
+ @patch.added_lines.detect { |line| line.content.include?(gem_name) }
68
+ end
69
+
70
+ def build_warning_message(message)
71
+ build_message(message, level: :warning)
72
+ end
73
+
74
+ def build_error_message(message, line:)
75
+ build_message(message, level: :error, line: line)
76
+ end
77
+
78
+ def build_message(message, level:, line:)
79
+ Message.new(
80
+ GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
81
+ end
82
+
83
+ # Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
84
+ # formatter for the given gem object and Bundler::Audit::Advisory#advisory
85
+ # object.
86
+ class AdvisoryFormatter
87
+ # param gem [Bundler::LazySpecification]
88
+ # param advisory [Bundler::Audit::Advisory]
89
+ def initialize(gem:, advisory:)
90
+ @gem = gem
91
+ @advisory = advisory
92
+ end
93
+
94
+ def to_s
95
+ [
96
+ "Name: #{gem_name}",
97
+ "Version: #{gem_version}",
98
+ "Advisory: #{advisory_description}",
99
+ "Criticality: #{advisory_criticality}",
100
+ "URL: #{advisory_url}",
101
+ "Title: #{advisory_title}",
102
+ "Solution: #{advisory_solution}"
103
+ ].join("\n")
104
+ end
105
+
106
+ def to_compact_s
107
+ [
108
+ "Gem: #{gem_name} v#{gem_version}",
109
+ "#{advisory_criticality} Advisory: #{advisory_title} -- "\
110
+ "#{advisory_description} (#{advisory_url})",
111
+ "Solution: #{advisory_solution}"
112
+ ].join(" | ")
113
+ end
114
+
115
+ def gem_name
116
+ @gem.name
117
+ end
118
+
119
+ private
120
+
121
+ def gem_version
122
+ @gem.version
123
+ end
124
+
125
+ def advisory_description
126
+ if @advisory.cve
127
+ "CVE-#{@advisory.cve}"
128
+ elsif @advisory.osvdb
129
+ @advisory.osvdb
130
+ end
131
+ end
132
+
133
+ def advisory_criticality
134
+ str = @advisory.criticality.to_s.capitalize
135
+ str = "Unknown" if str.empty?
136
+ str
137
+ end
138
+
139
+ def advisory_url
140
+ @advisory.url
141
+ end
142
+
143
+ def advisory_title
144
+ @advisory.title
145
+ end
146
+
147
+ def advisory_solution
148
+ if any_patched_versions?
149
+ "Upgrade to #{patched_versions}."
150
+ else
151
+ "Remove or disable this gem until a patch is available!"
152
+ end
153
+ end
154
+
155
+ def patched_versions
156
+ @advisory.patched_versions.join(', ')
157
+ end
158
+
159
+ def any_patched_versions?
160
+ !@advisory.patched_versions.empty?
161
+ end
162
+ end
163
+ end
164
+ end
165
+ end
@@ -1,5 +1,6 @@
1
1
  module Pronto
2
- module BundlerAudit
3
- VERSION = "0.1.1"
2
+ # Pronto::BundlerAuditVersion
3
+ module BundlerAuditVersion
4
+ VERSION = "0.2.0"
4
5
  end
5
6
  end
@@ -1,6 +1,8 @@
1
1
  require "pronto"
2
2
  require "bundler/audit/database"
3
3
  require "bundler/audit/scanner"
4
+ require "pronto/bundler_audit/version"
5
+ require "pronto/bundler_audit/patch_handler"
4
6
 
5
7
  module Pronto
6
8
  # Pronto::BundlerAudit is a Pronto::Runner that:
@@ -8,22 +10,24 @@ module Pronto
8
10
  # Gemfile.lock)
9
11
  # 2. Updates the Ruby Advisory Database
10
12
  # 3. Runs bundle-audit to scan the Gemfile.lock
11
- # 4. Returns an Array of Pronto::Message objects if any issues are found
13
+ # 4. Returns an Array of Pronto::Message objects if any advisories are found
12
14
  class BundlerAudit < Runner
13
15
  GEMFILE_LOCK_FILENAME = "Gemfile.lock".freeze
14
16
 
15
17
  def run
16
18
  patch = find_relevant_patch
17
19
 
18
- patch_handler = PatchHandler.new(patch, runner: self)
19
- patch_handler.call
20
+ if patch
21
+ patch_handler = PatchHandler.new(patch, runner: self)
22
+ patch_handler.call
23
+ end
20
24
  end
21
25
 
22
26
  private
23
27
 
24
28
  def find_relevant_patch
25
- @patches.reverse_each { |patch|
26
- break patch if patch.additions > 0 && relevant_patch_path?(patch)
29
+ @patches.reverse.detect { |patch|
30
+ patch.additions > 0 && relevant_patch_path?(patch)
27
31
  }
28
32
  end
29
33
 
@@ -31,164 +35,5 @@ module Pronto
31
35
  patch_path = patch.new_file_full_path.to_s
32
36
  patch_path.end_with?(GEMFILE_LOCK_FILENAME)
33
37
  end
34
-
35
- # Pronto::BundlerAudit::PatchHandler run Bundle Audit on the given patch
36
- # and returns an Array of Pronto::Message objects, if any issues are found.
37
- class PatchHandler
38
- def initialize(patch, runner:)
39
- @patch = patch
40
- @runner = runner
41
- end
42
-
43
- # @return (see: #run_scan)
44
- def call
45
- update_ruby_advisory_db
46
- run_scan
47
- end
48
-
49
- private
50
-
51
- def update_ruby_advisory_db
52
- Bundler::Audit::Database.update!(quiet: true)
53
- end
54
-
55
- # @return [Array>] if no issues were found
56
- # @return [Array<Pronto::Message>] if issues were found
57
- def run_scan
58
- scanner = Bundler::Audit::Scanner.new
59
-
60
- scanner.scan.inject([]) do |acc, scan_result|
61
- acc << process_scan_result(scan_result)
62
- end
63
- end
64
-
65
- def process_scan_result(scan_result)
66
- case scan_result
67
- when Bundler::Audit::Scanner::InsecureSource
68
- report_insecure_source_scan_result
69
- when Bundler::Audit::Scanner::UnpatchedGem
70
- report_unpatched_gem_scan_result(scan_result)
71
- end
72
- end
73
-
74
- def report_insecure_source_scan_result(scan_result)
75
- build_warning_message(
76
- "Insecure Source URI found: #{scan_result.source}")
77
- end
78
-
79
- def report_unpatched_gem_scan_result(scan_result)
80
- advisory =
81
- AdvisoryFormatter.new(
82
- gem: scan_result.gem, advisory: scan_result.advisory)
83
- message = advisory.to_compact_s
84
- line = find_relevant_line(advisory)
85
-
86
- build_error_message(message, line: line)
87
- end
88
-
89
- # @return [Pronto::Git::Line]
90
- def find_relevant_line(advisory)
91
- first_added_line_for_affected_gem_name(advisory.gem_name)
92
- end
93
-
94
- # @return [Pronto::Git::Line]
95
- def first_added_line_for_affected_gem_name(gem_name)
96
- @patch.added_lines.detect { |line| line.content.include?(gem_name) }
97
- end
98
-
99
- def build_warning_message(message)
100
- build_message(message, level: :warning)
101
- end
102
-
103
- def build_error_message(message, line:)
104
- build_message(message, level: :error, line: line)
105
- end
106
-
107
- def build_message(message, level:, line:)
108
- Message.new(
109
- GEMFILE_LOCK_FILENAME, line, level, message, nil, @runner.class)
110
- end
111
-
112
- # Pronto::BundlerAudit::PatchHandler::AdvisoryFormatter is a message
113
- # formatter for the given gem object and Bundler::Audit::Advisory#advisory
114
- # object.
115
- class AdvisoryFormatter
116
- # param gem [Bundler::LazySpecification]
117
- # param advisory [Bundler::Audit::Advisory]
118
- def initialize(gem:, advisory:)
119
- @gem = gem
120
- @advisory = advisory
121
- end
122
-
123
- def to_s
124
- [
125
- "Name: #{gem_name}",
126
- "Version: #{gem_version}",
127
- "Advisory: #{advisory_description}",
128
- "Criticality: #{advisory_criticality}",
129
- "URL: #{advisory_url}",
130
- "Title: #{advisory_title}",
131
- "Solution: #{advisory_solution}"
132
- ].join("\n")
133
- end
134
-
135
- def to_compact_s
136
- [
137
- "Gem: #{gem_name} v#{gem_version}",
138
- "#{advisory_criticality} Advisory: #{advisory_title} -- "\
139
- "#{advisory_description} (#{advisory_url})",
140
- "Solution: #{advisory_solution}"
141
- ].join(" | ")
142
- end
143
-
144
- def gem_name
145
- @gem.name
146
- end
147
-
148
- private
149
-
150
- def gem_version
151
- @gem.version
152
- end
153
-
154
- def advisory_description
155
- if @advisory.cve
156
- "CVE-#{@advisory.cve}"
157
- elsif @advisory.osvdb
158
- @advisory.osvdb
159
- end
160
- end
161
-
162
- def advisory_criticality
163
- str = @advisory.criticality.to_s.capitalize
164
- str = "Unknown" if str.empty?
165
- str
166
- end
167
-
168
- def advisory_url
169
- @advisory.url
170
- end
171
-
172
- def advisory_title
173
- @advisory.title
174
- end
175
-
176
- def advisory_solution
177
- if any_patched_versions?
178
- "Upgrade to #{patched_versions}."
179
- else
180
- "Remove or disable this gem until a patch is available!"
181
- end
182
- end
183
-
184
- def patched_versions
185
- @advisory.patched_versions.join(', ')
186
- end
187
-
188
- def any_patched_versions?
189
- !@advisory.patched_versions.empty?
190
- end
191
- end
192
- end
193
38
  end
194
39
  end
@@ -1,11 +1,10 @@
1
-
2
1
  lib = File.expand_path("../lib", __FILE__)
3
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
3
  require "pronto/bundler_audit/version"
5
4
 
6
5
  Gem::Specification.new do |spec|
7
6
  spec.name = "pronto-bundler_audit"
8
- spec.version = Pronto::BundlerAudit::VERSION
7
+ spec.version = Pronto::BundlerAuditVersion::VERSION
9
8
  spec.authors = ["Paul Dobbins"]
10
9
  spec.email = ["paul.dobbins@icloud.com"]
11
10
 
@@ -42,9 +41,10 @@ Gem::Specification.new do |spec|
42
41
  spec.add_development_dependency "byebug", "~> 11"
43
42
  spec.add_development_dependency "minitest", "~> 5"
44
43
  spec.add_development_dependency "minitest-reporters", "~> 1"
44
+ spec.add_development_dependency "mocha", "~> 1"
45
45
  spec.add_development_dependency "pry", "~> 0"
46
46
  spec.add_development_dependency "pry-byebug", "~> 3"
47
47
  spec.add_development_dependency "rake", "~> 12"
48
- spec.add_development_dependency "rubocop", "~> 0"
49
- # spec.add_development_dependency "simplecov", "~> 0.16"
48
+ spec.add_development_dependency "rubocop", ">= 0.67.2", "< 1"
49
+ spec.add_development_dependency "simplecov", "~> 0.16"
50
50
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-bundler_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Dobbins
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-04-29 00:00:00.000000000 Z
11
+ date: 2019-04-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: pronto
@@ -94,6 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1'
97
+ - !ruby/object:Gem::Dependency
98
+ name: mocha
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '1'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1'
97
111
  - !ruby/object:Gem::Dependency
98
112
  name: pry
99
113
  requirement: !ruby/object:Gem::Requirement
@@ -138,18 +152,38 @@ dependencies:
138
152
  version: '12'
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: rubocop
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - ">="
158
+ - !ruby/object:Gem::Version
159
+ version: 0.67.2
160
+ - - "<"
161
+ - !ruby/object:Gem::Version
162
+ version: '1'
163
+ type: :development
164
+ prerelease: false
165
+ version_requirements: !ruby/object:Gem::Requirement
166
+ requirements:
167
+ - - ">="
168
+ - !ruby/object:Gem::Version
169
+ version: 0.67.2
170
+ - - "<"
171
+ - !ruby/object:Gem::Version
172
+ version: '1'
173
+ - !ruby/object:Gem::Dependency
174
+ name: simplecov
141
175
  requirement: !ruby/object:Gem::Requirement
142
176
  requirements:
143
177
  - - "~>"
144
178
  - !ruby/object:Gem::Version
145
- version: '0'
179
+ version: '0.16'
146
180
  type: :development
147
181
  prerelease: false
148
182
  version_requirements: !ruby/object:Gem::Requirement
149
183
  requirements:
150
184
  - - "~>"
151
185
  - !ruby/object:Gem::Version
152
- version: '0'
186
+ version: '0.16'
153
187
  description:
154
188
  email:
155
189
  - paul.dobbins@icloud.com
@@ -167,7 +201,10 @@ files:
167
201
  - Rakefile
168
202
  - bin/console
169
203
  - bin/setup
204
+ - images/github-check.png
205
+ - images/github-comment.png
170
206
  - lib/pronto/bundler_audit.rb
207
+ - lib/pronto/bundler_audit/patch_handler.rb
171
208
  - lib/pronto/bundler_audit/version.rb
172
209
  - pronto-bundler_audit.gemspec
173
210
  homepage: http://github.com/pdobb/pronto-bundler_audit