pronto-bundler_audit 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +9 -9
- data/lib/formatter/github_pull_request_review_formatter.rb +34 -0
- data/lib/pronto/bundler_audit.rb +4 -0
- data/lib/pronto/bundler_audit/results/pronto_messages_adapter.rb +1 -1
- data/lib/pronto/bundler_audit/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 63349abd213ac458a9949296e1ca83d99518cb74dda60eef2c043f49d4020352
|
4
|
+
data.tar.gz: 271978a3b61cd6f9b9cc53bc4610d8226959194539c3087344fe7f37ffb758f5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cc71c4b6d16ae1d9f3461c4ab03cdda9bbaae9c99b85354e50332f3481e54d2c190ba5880374a6bd6de58dfd7f67eab3ad5bfd1a92b9eee170d81e76c446ba01
|
7
|
+
data.tar.gz: 10bce0f64508e85154408a878449deccbd7176e8cb5b7ed668038b746b998f5e14ab13ed693527f9370fd12bec1a6db95460df8a81fff99f25d8466b580d870b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
### 0.5.1 - 2019-10-24
|
2
|
+
- Fix Pronto -> GitHub reporting errors
|
3
|
+
- If Gemfile.lock is not in the PR then Pronto would fail when attempting to create a comment on the Gemfile.lock file withing the PR.
|
4
|
+
- Note: This issue isn't fully fixed yet, but at least doesn't fail flat out.
|
5
|
+
- To fully fix: would like to still add a PR-level comment with CVE issue(s) instead of requiring the user to dig into their CI output to see the CVE issue(s).
|
6
|
+
|
1
7
|
### 0.5.0 - 2019-07-31
|
2
8
|
- Fix Pronto -> GitHub reporting errors
|
3
9
|
- Thanks to Inestor for the [bug report](https://github.com/pdobb/pronto-bundler_audit/issues/2).
|
data/Gemfile.lock
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pronto-bundler_audit (0.5.
|
4
|
+
pronto-bundler_audit (0.5.1)
|
5
5
|
bundler-audit (~> 0)
|
6
6
|
pronto (~> 0)
|
7
7
|
|
8
8
|
GEM
|
9
9
|
remote: https://rubygems.org/
|
10
10
|
specs:
|
11
|
-
addressable (2.
|
12
|
-
public_suffix (>= 2.0.2, <
|
11
|
+
addressable (2.7.0)
|
12
|
+
public_suffix (>= 2.0.2, < 5.0)
|
13
13
|
ansi (1.5.0)
|
14
14
|
ast (2.4.0)
|
15
15
|
builder (3.2.3)
|
@@ -19,20 +19,20 @@ GEM
|
|
19
19
|
byebug (11.0.1)
|
20
20
|
coderay (1.1.2)
|
21
21
|
docile (1.3.2)
|
22
|
-
faraday (0.
|
22
|
+
faraday (0.17.0)
|
23
23
|
multipart-post (>= 1.2, < 3)
|
24
24
|
gitlab (4.12.0)
|
25
25
|
httparty (~> 0.14, >= 0.14.0)
|
26
26
|
terminal-table (~> 1.5, >= 1.5.1)
|
27
|
-
httparty (0.17.
|
27
|
+
httparty (0.17.1)
|
28
28
|
mime-types (~> 3.0)
|
29
29
|
multi_xml (>= 0.5.2)
|
30
30
|
jaro_winkler (1.5.3)
|
31
31
|
json (2.2.0)
|
32
32
|
method_source (0.9.2)
|
33
|
-
mime-types (3.
|
33
|
+
mime-types (3.3)
|
34
34
|
mime-types-data (~> 3.2015)
|
35
|
-
mime-types-data (3.2019.
|
35
|
+
mime-types-data (3.2019.1009)
|
36
36
|
minitest (5.11.3)
|
37
37
|
minitest-reporters (1.3.6)
|
38
38
|
ansi
|
@@ -60,7 +60,7 @@ GEM
|
|
60
60
|
pry-byebug (3.7.0)
|
61
61
|
byebug (~> 11.0)
|
62
62
|
pry (~> 0.10)
|
63
|
-
public_suffix (
|
63
|
+
public_suffix (4.0.1)
|
64
64
|
rainbow (3.0.0)
|
65
65
|
rake (12.3.3)
|
66
66
|
rubocop (0.73.0)
|
@@ -71,7 +71,7 @@ GEM
|
|
71
71
|
ruby-progressbar (~> 1.7)
|
72
72
|
unicode-display_width (>= 1.4.0, < 1.7)
|
73
73
|
ruby-progressbar (1.10.1)
|
74
|
-
rugged (0.28.
|
74
|
+
rugged (0.28.3.1)
|
75
75
|
sawyer (0.8.2)
|
76
76
|
addressable (>= 2.3.5)
|
77
77
|
faraday (> 0.8, < 2.0)
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Pronto
|
2
|
+
module Formatter
|
3
|
+
# Pronto::Formatter::GithubPullRequestReviewFormatter comes from the
|
4
|
+
# Pronto gem itself.
|
5
|
+
#
|
6
|
+
# The methods below are a feature overrides to:
|
7
|
+
# 1. prevent the {#line_number} class from failing if none of the patches
|
8
|
+
# contain the `message.line.new_lineno` value found. Which can happen
|
9
|
+
# in the context of this pronto-bundler audit gem since we aren't
|
10
|
+
# necessarily altering the Gemfile.lock file within a PR at the time of
|
11
|
+
# finding an issue in the Gemfile.lock file.
|
12
|
+
# 2. FIXME: Prevent a POST error due to an unknown file path in the
|
13
|
+
# traditional Pull Request Review comment style.
|
14
|
+
class GithubPullRequestReviewFormatter
|
15
|
+
def submit_comments(client, comments)
|
16
|
+
client.create_pull_request_review(comments)
|
17
|
+
rescue Octokit::UnprocessableEntity, HTTParty::Error => e
|
18
|
+
# If Gemfile.lock doesn't exist in the PR, then attempt a non-review
|
19
|
+
# style comment instead (which doesn't attempt to reference a file
|
20
|
+
# path and line number).
|
21
|
+
begin
|
22
|
+
comments.each { |comment| client.create_pull_comment(comment) }
|
23
|
+
rescue Octokit::UnprocessableEntity, HTTParty::Error => e
|
24
|
+
$stderr.puts "Failed to post: #{e.message}"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def line_number(message, patches)
|
29
|
+
line = patches.find_line(message.full_path, message.line.new_lineno)
|
30
|
+
line&.position || message.line.new_lineno
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/pronto/bundler_audit.rb
CHANGED
@@ -40,7 +40,7 @@ module Pronto
|
|
40
40
|
@path = path
|
41
41
|
end
|
42
42
|
|
43
|
-
# Since we're not passing a commit SHA into ::
|
43
|
+
# Since we're not passing a commit SHA into ::Pronto::Message.new,
|
44
44
|
# Pronto will try calling #commit_sha on the (this) Line object.
|
45
45
|
def commit_sha
|
46
46
|
nil
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pronto-bundler_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Dobbins
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-10-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -207,6 +207,7 @@ files:
|
|
207
207
|
- images/github-check.png
|
208
208
|
- images/github-comment-compact.png
|
209
209
|
- images/github-comment-verbose.png
|
210
|
+
- lib/formatter/github_pull_request_review_formatter.rb
|
210
211
|
- lib/pronto/bundler_audit.rb
|
211
212
|
- lib/pronto/bundler_audit/advisory_formatters/base_advisory_formatter.rb
|
212
213
|
- lib/pronto/bundler_audit/advisory_formatters/compact.rb
|
@@ -239,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
239
240
|
- !ruby/object:Gem::Version
|
240
241
|
version: '0'
|
241
242
|
requirements: []
|
242
|
-
rubygems_version: 3.0.
|
243
|
+
rubygems_version: 3.0.6
|
243
244
|
signing_key:
|
244
245
|
specification_version: 4
|
245
246
|
summary: Pronto runner for bundler-audit, patch-level verification for bundler.
|