pronto-bundler_audit 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/Gemfile.lock +9 -9
  4. data/lib/formatter/github_pull_request_review_formatter.rb +34 -0
  5. data/lib/pronto/bundler_audit.rb +4 -0
  6. data/lib/pronto/bundler_audit/results/pronto_messages_adapter.rb +1 -1
  7. data/lib/pronto/bundler_audit/version.rb +1 -1
  8. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dfd045795800e3a9d915819c4d0f3fb1bf8a33fe809621a181b90596b06c0337
4
- data.tar.gz: 47fb28f8cae54edd5b17bb9f487a079d0a46664a081dd59e4b9d5e41be0c987c
3
+ metadata.gz: 63349abd213ac458a9949296e1ca83d99518cb74dda60eef2c043f49d4020352
4
+ data.tar.gz: 271978a3b61cd6f9b9cc53bc4610d8226959194539c3087344fe7f37ffb758f5
5
5
  SHA512:
6
- metadata.gz: c07df77c524372667979fa43d5500d76ef92586833f37e23e13e1240001ca042634afa626d0c512528fc35224f5c0d1d7039e21834533619767d7799c1eab43e
7
- data.tar.gz: cf3e5d64dc3583a35ff2a5b8a32c982a9ce9336fca06a169039e3207a33af4633f65bfebfc19dbccabff9ce705ae2166e330565b82a1ab44c619eebe31ce3dd2
6
+ metadata.gz: cc71c4b6d16ae1d9f3461c4ab03cdda9bbaae9c99b85354e50332f3481e54d2c190ba5880374a6bd6de58dfd7f67eab3ad5bfd1a92b9eee170d81e76c446ba01
7
+ data.tar.gz: 10bce0f64508e85154408a878449deccbd7176e8cb5b7ed668038b746b998f5e14ab13ed693527f9370fd12bec1a6db95460df8a81fff99f25d8466b580d870b
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 0.5.1 - 2019-10-24
2
+ - Fix Pronto -> GitHub reporting errors
3
+ - If Gemfile.lock is not in the PR then Pronto would fail when attempting to create a comment on the Gemfile.lock file withing the PR.
4
+ - Note: This issue isn't fully fixed yet, but at least doesn't fail flat out.
5
+ - To fully fix: would like to still add a PR-level comment with CVE issue(s) instead of requiring the user to dig into their CI output to see the CVE issue(s).
6
+
1
7
  ### 0.5.0 - 2019-07-31
2
8
  - Fix Pronto -> GitHub reporting errors
3
9
  - Thanks to Inestor for the [bug report](https://github.com/pdobb/pronto-bundler_audit/issues/2).
data/Gemfile.lock CHANGED
@@ -1,15 +1,15 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pronto-bundler_audit (0.5.0)
4
+ pronto-bundler_audit (0.5.1)
5
5
  bundler-audit (~> 0)
6
6
  pronto (~> 0)
7
7
 
8
8
  GEM
9
9
  remote: https://rubygems.org/
10
10
  specs:
11
- addressable (2.6.0)
12
- public_suffix (>= 2.0.2, < 4.0)
11
+ addressable (2.7.0)
12
+ public_suffix (>= 2.0.2, < 5.0)
13
13
  ansi (1.5.0)
14
14
  ast (2.4.0)
15
15
  builder (3.2.3)
@@ -19,20 +19,20 @@ GEM
19
19
  byebug (11.0.1)
20
20
  coderay (1.1.2)
21
21
  docile (1.3.2)
22
- faraday (0.15.4)
22
+ faraday (0.17.0)
23
23
  multipart-post (>= 1.2, < 3)
24
24
  gitlab (4.12.0)
25
25
  httparty (~> 0.14, >= 0.14.0)
26
26
  terminal-table (~> 1.5, >= 1.5.1)
27
- httparty (0.17.0)
27
+ httparty (0.17.1)
28
28
  mime-types (~> 3.0)
29
29
  multi_xml (>= 0.5.2)
30
30
  jaro_winkler (1.5.3)
31
31
  json (2.2.0)
32
32
  method_source (0.9.2)
33
- mime-types (3.2.2)
33
+ mime-types (3.3)
34
34
  mime-types-data (~> 3.2015)
35
- mime-types-data (3.2019.0331)
35
+ mime-types-data (3.2019.1009)
36
36
  minitest (5.11.3)
37
37
  minitest-reporters (1.3.6)
38
38
  ansi
@@ -60,7 +60,7 @@ GEM
60
60
  pry-byebug (3.7.0)
61
61
  byebug (~> 11.0)
62
62
  pry (~> 0.10)
63
- public_suffix (3.1.1)
63
+ public_suffix (4.0.1)
64
64
  rainbow (3.0.0)
65
65
  rake (12.3.3)
66
66
  rubocop (0.73.0)
@@ -71,7 +71,7 @@ GEM
71
71
  ruby-progressbar (~> 1.7)
72
72
  unicode-display_width (>= 1.4.0, < 1.7)
73
73
  ruby-progressbar (1.10.1)
74
- rugged (0.28.2)
74
+ rugged (0.28.3.1)
75
75
  sawyer (0.8.2)
76
76
  addressable (>= 2.3.5)
77
77
  faraday (> 0.8, < 2.0)
data/lib/formatter/github_pull_request_review_formatter.rb ADDED
@@ -0,0 +1,34 @@
1
+ module Pronto
2
+ module Formatter
3
+ # Pronto::Formatter::GithubPullRequestReviewFormatter comes from the
4
+ # Pronto gem itself.
5
+ #
6
+ # The methods below are a feature overrides to:
7
+ # 1. prevent the {#line_number} class from failing if none of the patches
8
+ # contain the `message.line.new_lineno` value found. Which can happen
9
+ # in the context of this pronto-bundler audit gem since we aren't
10
+ # necessarily altering the Gemfile.lock file within a PR at the time of
11
+ # finding an issue in the Gemfile.lock file.
12
+ # 2. FIXME: Prevent a POST error due to an unknown file path in the
13
+ # traditional Pull Request Review comment style.
14
+ class GithubPullRequestReviewFormatter
15
+ def submit_comments(client, comments)
16
+ client.create_pull_request_review(comments)
17
+ rescue Octokit::UnprocessableEntity, HTTParty::Error => e
18
+ # If Gemfile.lock doesn't exist in the PR, then attempt a non-review
19
+ # style comment instead (which doesn't attempt to reference a file
20
+ # path and line number).
21
+ begin
22
+ comments.each { |comment| client.create_pull_comment(comment) }
23
+ rescue Octokit::UnprocessableEntity, HTTParty::Error => e
24
+ $stderr.puts "Failed to post: #{e.message}"
25
+ end
26
+ end
27
+
28
+ def line_number(message, patches)
29
+ line = patches.find_line(message.full_path, message.line.new_lineno)
30
+ line&.position || message.line.new_lineno
31
+ end
32
+ end
33
+ end
34
+ end
data/lib/pronto/bundler_audit.rb CHANGED
@@ -1,6 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "pronto"
4
+
5
+ # Pronto gem overrides (use sparingly):
6
+ require "formatter/github_pull_request_review_formatter"
7
+
4
8
  require "bundler/audit/database"
5
9
  require "bundler/audit/scanner"
6
10
 
data/lib/pronto/bundler_audit/results/pronto_messages_adapter.rb CHANGED
@@ -40,7 +40,7 @@ module Pronto
40
40
  @path = path
41
41
  end
42
42
 
43
- # Since we're not passing a commit SHA into ::Proton::Message.new,
43
+ # Since we're not passing a commit SHA into ::Pronto::Message.new,
44
44
  # Pronto will try calling #commit_sha on the (this) Line object.
45
45
  def commit_sha
46
46
  nil
data/lib/pronto/bundler_audit/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
  module Pronto
4
4
  # Pronto::BundlerAuditVersion
5
5
  module BundlerAuditVersion
6
- VERSION = "0.5.0"
6
+ VERSION = "0.5.1"
7
7
  end
8
8
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pronto-bundler_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Dobbins
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-08-01 00:00:00.000000000 Z
11
+ date: 2019-10-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -207,6 +207,7 @@ files:
207
207
  - images/github-check.png
208
208
  - images/github-comment-compact.png
209
209
  - images/github-comment-verbose.png
210
+ - lib/formatter/github_pull_request_review_formatter.rb
210
211
  - lib/pronto/bundler_audit.rb
211
212
  - lib/pronto/bundler_audit/advisory_formatters/base_advisory_formatter.rb
212
213
  - lib/pronto/bundler_audit/advisory_formatters/compact.rb
@@ -239,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
240
  - !ruby/object:Gem::Version
240
241
  version: '0'
241
242
  requirements: []
242
- rubygems_version: 3.0.4
243
+ rubygems_version: 3.0.6
243
244
  signing_key:
244
245
  specification_version: 4
245
246
  summary: Pronto runner for bundler-audit, patch-level verification for bundler.