pronto-bundler_audit 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dfd045795800e3a9d915819c4d0f3fb1bf8a33fe809621a181b90596b06c0337
4
- data.tar.gz: 47fb28f8cae54edd5b17bb9f487a079d0a46664a081dd59e4b9d5e41be0c987c
3
+ metadata.gz: 63349abd213ac458a9949296e1ca83d99518cb74dda60eef2c043f49d4020352
4
+ data.tar.gz: 271978a3b61cd6f9b9cc53bc4610d8226959194539c3087344fe7f37ffb758f5
5
5
  SHA512:
6
- metadata.gz: c07df77c524372667979fa43d5500d76ef92586833f37e23e13e1240001ca042634afa626d0c512528fc35224f5c0d1d7039e21834533619767d7799c1eab43e
7
- data.tar.gz: cf3e5d64dc3583a35ff2a5b8a32c982a9ce9336fca06a169039e3207a33af4633f65bfebfc19dbccabff9ce705ae2166e330565b82a1ab44c619eebe31ce3dd2
6
+ metadata.gz: cc71c4b6d16ae1d9f3461c4ab03cdda9bbaae9c99b85354e50332f3481e54d2c190ba5880374a6bd6de58dfd7f67eab3ad5bfd1a92b9eee170d81e76c446ba01
7
+ data.tar.gz: 10bce0f64508e85154408a878449deccbd7176e8cb5b7ed668038b746b998f5e14ab13ed693527f9370fd12bec1a6db95460df8a81fff99f25d8466b580d870b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 0.5.1 - 2019-10-24
2
+ - Fix Pronto -> GitHub reporting errors
3
+ - If Gemfile.lock is not in the PR then Pronto would fail when attempting to create a comment on the Gemfile.lock file withing the PR.
4
+ - Note: This issue isn't fully fixed yet, but at least doesn't fail flat out.
5
+ - To fully fix: would like to still add a PR-level comment with CVE issue(s) instead of requiring the user to dig into their CI output to see the CVE issue(s).
6
+
1
7
  ### 0.5.0 - 2019-07-31
2
8
  - Fix Pronto -> GitHub reporting errors
3
9
  - Thanks to Inestor for the [bug report](https://github.com/pdobb/pronto-bundler_audit/issues/2).
data/Gemfile.lock CHANGED
@@ -1,15 +1,15 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pronto-bundler_audit (0.5.0)
4
+ pronto-bundler_audit (0.5.1)
5
5
  bundler-audit (~> 0)
6
6
  pronto (~> 0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- addressable (2.6.0)
12
- public_suffix (>= 2.0.2, < 4.0)
11
+ addressable (2.7.0)
12
+ public_suffix (>= 2.0.2, < 5.0)
13
13
  ansi (1.5.0)
14
14
  ast (2.4.0)
15
15
  builder (3.2.3)
@@ -19,20 +19,20 @@ GEM
19
19
  byebug (11.0.1)
20
20
  coderay (1.1.2)
21
21
  docile (1.3.2)
22
- faraday (0.15.4)
22
+ faraday (0.17.0)
23
23
  multipart-post (>= 1.2, < 3)
24
24
  gitlab (4.12.0)
25
25
  httparty (~> 0.14, >= 0.14.0)
26
26
  terminal-table (~> 1.5, >= 1.5.1)
27
- httparty (0.17.0)
27
+ httparty (0.17.1)
28
28
  mime-types (~> 3.0)
29
29
  multi_xml (>= 0.5.2)
30
30
  jaro_winkler (1.5.3)
31
31
  json (2.2.0)
32
32
  method_source (0.9.2)
33
- mime-types (3.2.2)
33
+ mime-types (3.3)
34
34
  mime-types-data (~> 3.2015)
35
- mime-types-data (3.2019.0331)
35
+ mime-types-data (3.2019.1009)
36
36
  minitest (5.11.3)
37
37
  minitest-reporters (1.3.6)
38
38
  ansi
@@ -60,7 +60,7 @@ GEM
60
60
  pry-byebug (3.7.0)
61
61
  byebug (~> 11.0)
62
62
  pry (~> 0.10)
63
- public_suffix (3.1.1)
63
+ public_suffix (4.0.1)
64
64
  rainbow (3.0.0)
65
65
  rake (12.3.3)
66
66
  rubocop (0.73.0)
@@ -71,7 +71,7 @@ GEM
71
71
  ruby-progressbar (~> 1.7)
72
72
  unicode-display_width (>= 1.4.0, < 1.7)
73
73
  ruby-progressbar (1.10.1)
74
- rugged (0.28.2)
74
+ rugged (0.28.3.1)
75
75
  sawyer (0.8.2)
76
76
  addressable (>= 2.3.5)
77
77
  faraday (> 0.8, < 2.0)
@@ -0,0 +1,34 @@
1
+ module Pronto
2
+ module Formatter
3
+ # Pronto::Formatter::GithubPullRequestReviewFormatter comes from the
4
+ # Pronto gem itself.
5
+ #
6
+ # The methods below are a feature overrides to:
7
+ # 1. prevent the {#line_number} class from failing if none of the patches
8
+ # contain the `message.line.new_lineno` value found. Which can happen
9
+ # in the context of this pronto-bundler audit gem since we aren't
10
+ # necessarily altering the Gemfile.lock file within a PR at the time of
11
+ # finding an issue in the Gemfile.lock file.
12
+ # 2. FIXME: Prevent a POST error due to an unknown file path in the
13
+ # traditional Pull Request Review comment style.
14
+ class GithubPullRequestReviewFormatter
15
+ def submit_comments(client, comments)
16
+ client.create_pull_request_review(comments)
17
+ rescue Octokit::UnprocessableEntity, HTTParty::Error => e
18
+ # If Gemfile.lock doesn't exist in the PR, then attempt a non-review
19
+ # style comment instead (which doesn't attempt to reference a file
20
+ # path and line number).
21
+ begin
22
+ comments.each { |comment| client.create_pull_comment(comment) }
23
+ rescue Octokit::UnprocessableEntity, HTTParty::Error => e
24
+ $stderr.puts "Failed to post: #{e.message}"
25
+ end
26
+ end
27
+
28
+ def line_number(message, patches)
29
+ line = patches.find_line(message.full_path, message.line.new_lineno)
30
+ line&.position || message.line.new_lineno
31
+ end
32
+ end
33
+ end
34
+ end
@@ -1,6 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "pronto"
4
+
5
+ # Pronto gem overrides (use sparingly):
6
+ require "formatter/github_pull_request_review_formatter"
7
+
4
8
  require "bundler/audit/database"
5
9
  require "bundler/audit/scanner"
6
10
 
@@ -40,7 +40,7 @@ module Pronto
40
40
  @path = path
41
41
  end
42
42
 
43
- # Since we're not passing a commit SHA into ::Proton::Message.new,
43
+ # Since we're not passing a commit SHA into ::Pronto::Message.new,
44
44
  # Pronto will try calling #commit_sha on the (this) Line object.
45
45
  def commit_sha
46
46
  nil
@@ -3,6 +3,6 @@
3
3
  module Pronto
4
4
  # Pronto::BundlerAuditVersion
5
5
  module BundlerAuditVersion
6
- VERSION = "0.5.0"
6
+ VERSION = "0.5.1"
7
7
  end
8
8
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-bundler_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Dobbins
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-08-01 00:00:00.000000000 Z
11
+ date: 2019-10-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -207,6 +207,7 @@ files:
207
207
  - images/github-check.png
208
208
  - images/github-comment-compact.png
209
209
  - images/github-comment-verbose.png
210
+ - lib/formatter/github_pull_request_review_formatter.rb
210
211
  - lib/pronto/bundler_audit.rb
211
212
  - lib/pronto/bundler_audit/advisory_formatters/base_advisory_formatter.rb
212
213
  - lib/pronto/bundler_audit/advisory_formatters/compact.rb
@@ -239,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
240
  - !ruby/object:Gem::Version
240
241
  version: '0'
241
242
  requirements: []
242
- rubygems_version: 3.0.4
243
+ rubygems_version: 3.0.6
243
244
  signing_key:
244
245
  specification_version: 4
245
246
  summary: Pronto runner for bundler-audit, patch-level verification for bundler.