pronto-bundler_audit 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +9 -9
- data/lib/formatter/github_pull_request_review_formatter.rb +34 -0
- data/lib/pronto/bundler_audit.rb +4 -0
- data/lib/pronto/bundler_audit/results/pronto_messages_adapter.rb +1 -1
- data/lib/pronto/bundler_audit/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 63349abd213ac458a9949296e1ca83d99518cb74dda60eef2c043f49d4020352
|
4
|
+
data.tar.gz: 271978a3b61cd6f9b9cc53bc4610d8226959194539c3087344fe7f37ffb758f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cc71c4b6d16ae1d9f3461c4ab03cdda9bbaae9c99b85354e50332f3481e54d2c190ba5880374a6bd6de58dfd7f67eab3ad5bfd1a92b9eee170d81e76c446ba01
|
7
|
+
data.tar.gz: 10bce0f64508e85154408a878449deccbd7176e8cb5b7ed668038b746b998f5e14ab13ed693527f9370fd12bec1a6db95460df8a81fff99f25d8466b580d870b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
### 0.5.1 - 2019-10-24
|
2
|
+
- Fix Pronto -> GitHub reporting errors
|
3
|
+
- If Gemfile.lock is not in the PR then Pronto would fail when attempting to create a comment on the Gemfile.lock file withing the PR.
|
4
|
+
- Note: This issue isn't fully fixed yet, but at least doesn't fail flat out.
|
5
|
+
- To fully fix: would like to still add a PR-level comment with CVE issue(s) instead of requiring the user to dig into their CI output to see the CVE issue(s).
|
6
|
+
|
1
7
|
### 0.5.0 - 2019-07-31
|
2
8
|
- Fix Pronto -> GitHub reporting errors
|
3
9
|
- Thanks to Inestor for the [bug report](https://github.com/pdobb/pronto-bundler_audit/issues/2).
|
data/Gemfile.lock
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pronto-bundler_audit (0.5.
|
4
|
+
pronto-bundler_audit (0.5.1)
|
5
5
|
bundler-audit (~> 0)
|
6
6
|
pronto (~> 0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
10
10
|
specs:
|
11
|
-
addressable (2.
|
12
|
-
public_suffix (>= 2.0.2, <
|
11
|
+
addressable (2.7.0)
|
12
|
+
public_suffix (>= 2.0.2, < 5.0)
|
13
13
|
ansi (1.5.0)
|
14
14
|
ast (2.4.0)
|
15
15
|
builder (3.2.3)
|
@@ -19,20 +19,20 @@ GEM
|
|
19
19
|
byebug (11.0.1)
|
20
20
|
coderay (1.1.2)
|
21
21
|
docile (1.3.2)
|
22
|
-
faraday (0.
|
22
|
+
faraday (0.17.0)
|
23
23
|
multipart-post (>= 1.2, < 3)
|
24
24
|
gitlab (4.12.0)
|
25
25
|
httparty (~> 0.14, >= 0.14.0)
|
26
26
|
terminal-table (~> 1.5, >= 1.5.1)
|
27
|
-
httparty (0.17.
|
27
|
+
httparty (0.17.1)
|
28
28
|
mime-types (~> 3.0)
|
29
29
|
multi_xml (>= 0.5.2)
|
30
30
|
jaro_winkler (1.5.3)
|
31
31
|
json (2.2.0)
|
32
32
|
method_source (0.9.2)
|
33
|
-
mime-types (3.
|
33
|
+
mime-types (3.3)
|
34
34
|
mime-types-data (~> 3.2015)
|
35
|
-
mime-types-data (3.2019.
|
35
|
+
mime-types-data (3.2019.1009)
|
36
36
|
minitest (5.11.3)
|
37
37
|
minitest-reporters (1.3.6)
|
38
38
|
ansi
|
@@ -60,7 +60,7 @@ GEM
|
|
60
60
|
pry-byebug (3.7.0)
|
61
61
|
byebug (~> 11.0)
|
62
62
|
pry (~> 0.10)
|
63
|
-
public_suffix (
|
63
|
+
public_suffix (4.0.1)
|
64
64
|
rainbow (3.0.0)
|
65
65
|
rake (12.3.3)
|
66
66
|
rubocop (0.73.0)
|
@@ -71,7 +71,7 @@ GEM
|
|
71
71
|
ruby-progressbar (~> 1.7)
|
72
72
|
unicode-display_width (>= 1.4.0, < 1.7)
|
73
73
|
ruby-progressbar (1.10.1)
|
74
|
-
rugged (0.28.
|
74
|
+
rugged (0.28.3.1)
|
75
75
|
sawyer (0.8.2)
|
76
76
|
addressable (>= 2.3.5)
|
77
77
|
faraday (> 0.8, < 2.0)
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Pronto
|
2
|
+
module Formatter
|
3
|
+
# Pronto::Formatter::GithubPullRequestReviewFormatter comes from the
|
4
|
+
# Pronto gem itself.
|
5
|
+
#
|
6
|
+
# The methods below are a feature overrides to:
|
7
|
+
# 1. prevent the {#line_number} class from failing if none of the patches
|
8
|
+
# contain the `message.line.new_lineno` value found. Which can happen
|
9
|
+
# in the context of this pronto-bundler audit gem since we aren't
|
10
|
+
# necessarily altering the Gemfile.lock file within a PR at the time of
|
11
|
+
# finding an issue in the Gemfile.lock file.
|
12
|
+
# 2. FIXME: Prevent a POST error due to an unknown file path in the
|
13
|
+
# traditional Pull Request Review comment style.
|
14
|
+
class GithubPullRequestReviewFormatter
|
15
|
+
def submit_comments(client, comments)
|
16
|
+
client.create_pull_request_review(comments)
|
17
|
+
rescue Octokit::UnprocessableEntity, HTTParty::Error => e
|
18
|
+
# If Gemfile.lock doesn't exist in the PR, then attempt a non-review
|
19
|
+
# style comment instead (which doesn't attempt to reference a file
|
20
|
+
# path and line number).
|
21
|
+
begin
|
22
|
+
comments.each { |comment| client.create_pull_comment(comment) }
|
23
|
+
rescue Octokit::UnprocessableEntity, HTTParty::Error => e
|
24
|
+
$stderr.puts "Failed to post: #{e.message}"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def line_number(message, patches)
|
29
|
+
line = patches.find_line(message.full_path, message.line.new_lineno)
|
30
|
+
line&.position || message.line.new_lineno
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/pronto/bundler_audit.rb
CHANGED
@@ -40,7 +40,7 @@ module Pronto
|
|
40
40
|
@path = path
|
41
41
|
end
|
42
42
|
|
43
|
-
# Since we're not passing a commit SHA into ::
|
43
|
+
# Since we're not passing a commit SHA into ::Pronto::Message.new,
|
44
44
|
# Pronto will try calling #commit_sha on the (this) Line object.
|
45
45
|
def commit_sha
|
46
46
|
nil
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pronto-bundler_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Dobbins
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -207,6 +207,7 @@ files:
|
|
207
207
|
- images/github-check.png
|
208
208
|
- images/github-comment-compact.png
|
209
209
|
- images/github-comment-verbose.png
|
210
|
+
- lib/formatter/github_pull_request_review_formatter.rb
|
210
211
|
- lib/pronto/bundler_audit.rb
|
211
212
|
- lib/pronto/bundler_audit/advisory_formatters/base_advisory_formatter.rb
|
212
213
|
- lib/pronto/bundler_audit/advisory_formatters/compact.rb
|
@@ -239,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
239
240
|
- !ruby/object:Gem::Version
|
240
241
|
version: '0'
|
241
242
|
requirements: []
|
242
|
-
rubygems_version: 3.0.
|
243
|
+
rubygems_version: 3.0.6
|
243
244
|
signing_key:
|
244
245
|
specification_version: 4
|
245
246
|
summary: Pronto runner for bundler-audit, patch-level verification for bundler.
|