pronto-bundler_audit 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: be60a36fb202bbe2b740917510a6b190658d68791240662551954367515ebd12
-  data.tar.gz: d568065fff3c7b49dbc4f46a19615093bdcc4c13b0f6a067f519afb000d8a896
+  metadata.gz: 8112a836fbdf9cfbedc584f8a6f6546da622fea402df4be5e6a21b883504377e
+  data.tar.gz: 1e2c2c4e8144bc9c1dbc8d2c84887a0419d95570e357b92054ff73400517c095
 SHA512:
-  metadata.gz: aa11ae92eb8809537687a93540da7b25fb2fe9cd4940ec625483e2eb10e639b3b0aea994e62f17e0b3128d3b38b54fec1e67ed53f4a33e50e7a6cf5f02c1ab1b
-  data.tar.gz: d33d55ffb3414f7cd0b7bf64b48ea3b439f93b0c5e9954063565bd63a9c863e7bcc509599c84999d11b57a40a7fa5dbbf22880b5109ee8b59584648a40d8e582
+  metadata.gz: c92d25f870b348a78b3f52f16d4fd839b14c4f96a10ad59f803a27a4891160c6249ed397a7d28ce52068bf01be4c609f85a8e106710c97ab9fd10aa096455c4d
+  data.tar.gz: 9e12deff351a41433d0386567c46e3240a06ca71ccc7eb588ff15b95916be62221678705255619b906f1c7272c4e54f832cad10a1d7e9eb44903ded29fe885c1

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+### 0.7.0 - 2021-04-29
+- [#11](https://github.com/pdobb/pronto-bundler_audit/pull/11)
+  - Attempted Fix for `NoMethodError: undefined method 'line' for #<Pronto::BundlerAudit::Results::ProntoMessagesAdapter::DeepLine...>`
+- [#10](https://github.com/pdobb/pronto-bundler_audit/pull/10) Pronto 0.11.0 compatibility
+  - Fix Pronto -> GitHub call :publish_pull_request_comments instead of :create_pull_request_review
+
+#### NOTE:
+This version requires pronto 0.11+ and bundler-audit 0.8+. Use v0.6.0 if you cannot update pronto and bundler-audit at this time.
+
+### 0.6.1 - 2021-04-08
+- Unreleased... see 0.7.0 instead.
+
 ### 0.6.0 - 2019-11-30
 - [#7](https://github.com/pdobb/pronto-bundler_audit/pull/7) Add configurability via .pronto-bundler_audit.yml file
   - For now, the only configuration available is ignoring advisories in the bundler_audit scan. See the [README](https://github.com/pdobb/pronto-bundler_audit#configuration).

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    pronto-bundler_audit (0.6.0)
-      bundler-audit (~> 0)
-      pronto (~> 0)
+    pronto-bundler_audit (0.7.0)
+      bundler-audit (~> 0.8)
+      pronto (~> 0.11)
 
 GEM
   remote: https://rubygems.org/
@@ -13,26 +13,33 @@ GEM
     ansi (1.5.0)
     ast (2.4.0)
     builder (3.2.3)
-    bundler-audit (0.6.1)
+    bundler-audit (0.8.0)
       bundler (>= 1.2.0, < 3)
-      thor (~> 0.18)
+      thor (~> 1.0)
     byebug (11.0.1)
     coderay (1.1.2)
     docile (1.3.2)
-    faraday (0.17.1)
+    faraday (1.4.1)
+      faraday-excon (~> 1.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
       multipart-post (>= 1.2, < 3)
-    gitlab (4.12.0)
-      httparty (~> 0.14, >= 0.14.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-excon (1.1.0)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.1.0)
+    gitlab (4.17.0)
+      httparty (~> 0.18)
       terminal-table (~> 1.5, >= 1.5.1)
-    httparty (0.17.1)
+    httparty (0.18.1)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     jaro_winkler (1.5.3)
-    json (2.2.0)
+    json (2.3.1)
     method_source (0.9.2)
-    mime-types (3.3)
+    mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
+    mime-types-data (3.2021.0225)
     minitest (5.11.3)
     minitest-reporters (1.3.6)
       ansi
@@ -42,27 +49,30 @@ GEM
     much-stub (0.1.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    octokit (4.14.0)
+    octokit (4.21.0)
+      faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
     parallel (1.17.0)
     parser (2.6.3.0)
       ast (~> 2.4.0)
-    pronto (0.10.0)
-      gitlab (~> 4.0, >= 4.0.0)
+    pronto (0.11.0)
+      gitlab (~> 4.4, >= 4.4.0)
       httparty (>= 0.13.7)
       octokit (~> 4.7, >= 4.7.0)
       rainbow (>= 2.2, < 4.0)
-      rugged (~> 0.24, >= 0.23.0)
-      thor (~> 0.20.0)
+      rexml (~> 3.2)
+      rugged (>= 0.23.0, < 1.1.0)
+      thor (>= 0.20.3, < 2.0)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     pry-byebug (3.7.0)
       byebug (~> 11.0)
       pry (~> 0.10)
-    public_suffix (4.0.1)
+    public_suffix (4.0.6)
     rainbow (3.0.0)
     rake (12.3.3)
+    rexml (3.2.5)
     rubocop (0.73.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -71,7 +81,8 @@ GEM
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
     ruby-progressbar (1.10.1)
-    rugged (0.28.3.1)
+    ruby2_keywords (0.0.4)
+    rugged (1.0.1)
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
@@ -82,7 +93,7 @@ GEM
     simplecov-html (0.10.2)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
-    thor (0.20.3)
+    thor (1.1.0)
     unicode-display_width (1.6.0)
 
 PLATFORMS
@@ -102,4 +113,4 @@ DEPENDENCIES
   simplecov (~> 0.16)
 
 BUNDLED WITH
-   2.0.2
+   2.2.16

data/README.md

@@ -1,3 +1,8 @@
+# Maintainer needed
+
+Unfortunately, I (@pdobb) am no longer working on any projects and, therefore, don't have a good way to test fixes. There are probably numerous fixes needed right now as pronto 0.11.0 has been recently released and since there is no proper API for using pronto's internals, each update to pronto will likely mean breaking changes in gems such as this one. But, probably... especially this one. This gem attempts to do something that pronto isn't made for: examine code from a file that isn't necessarily contained within the diff that pronto is analyzing. Most of pronto-bundler_audit is attempting to solve this problem by overriding the pronto API  with custom adapter objects standing in for Pronto-native object.
+
+
 [![Gem Version](https://badge.fury.io/rb/pronto-bundler_audit.svg)](https://badge.fury.io/rb/pronto-bundler_audit)
 [![Build Status](https://travis-ci.org/pdobb/pronto-bundler_audit.svg?branch=master)](https://travis-ci.org/pdobb/pronto-bundler_audit)
 [![Maintainability](https://api.codeclimate.com/v1/badges/7ac01a6a6eace46487d9/maintainability)](https://codeclimate.com/github/pdobb/pronto-bundler_audit/maintainability)
@@ -31,6 +36,8 @@ Tested MRI Ruby Versions:
 * 2.6
 * edge
 
+NOTE: pronto-bundler_audit v0.7.0 requires pronto v0.11+ and bundler-audit v0.8+. Use pronto-bundler_audit v0.6.0 if you cannot update pronto and bundler-audit at this time.
+
 ## Usage
 
 Once installed as a gem, this runner activates automatically when [running Pronto](https://github.com/prontolabs/pronto#usage) -- no configuration is required.

data/lib/formatter/github_pull_request_review_formatter.rb

@@ -15,7 +15,7 @@ module Pronto
     #      traditional Pull Request Review comment style.
     class GithubPullRequestReviewFormatter
       def submit_comments(client, comments)
-        client.create_pull_request_review(comments)
+        client.publish_pull_request_comments(comments)
       rescue Octokit::UnprocessableEntity, HTTParty::Error => e
         # If Gemfile.lock doesn't exist in the PR, then attempt a non-review
         # style comment instead (which doesn't attempt to reference a file

data/lib/pronto/bundler_audit.rb

@@ -25,7 +25,9 @@ module Pronto
     def run
       results = Auditor.call
 
-      Results::ProntoMessagesAdapter.call(results, runner: self)
+      Pronto::BundlerAudit::Results::ProntoMessagesAdapter.call(
+        results,
+        runner: self)
     end
 
     # @return [Pathname] the absolute path to the current git repo / code.

data/lib/pronto/bundler_audit/auditor.rb

@@ -21,14 +21,14 @@ module Pronto
       private
 
       def update_ruby_advisory_db
-        Bundler::Audit::Database.update!(quiet: true)
+        ::Bundler::Audit::Database.update!(quiet: true)
       end
 
       # @return [Array<>] if no issues were found
       # @return [Array<Pronto::BundlerAudit::Results::BaseResult>] if unpatched
       #   gem sources or if advisories were found
       def run_scanner
-        Scanner.call
+        Pronto::BundlerAudit::Scanner.call
       end
     end
   end

data/lib/pronto/bundler_audit/results/pronto_messages_adapter.rb

@@ -46,6 +46,10 @@ module Pronto
             nil
           end
 
+          def line
+            self
+          end
+
           alias_method :new_lineno, :line_number
           alias_method :repo, :itself
           alias_method :patch, :itself

data/lib/pronto/bundler_audit/results/unpatched_gem.rb

@@ -36,7 +36,9 @@ module Pronto
 
         def advisory_formatter
           # TODO: Switch type based on configuration options, once available.
-          AdvisoryFormatters::Verbose.new(gem: @gem, advisory: @advisory)
+          Pronto::BundlerAudit::AdvisoryFormatters::Verbose.new(
+            gem: @gem,
+            advisory: @advisory)
         end
       end
     end

data/lib/pronto/bundler_audit/scanner.rb

@@ -57,10 +57,10 @@ module Pronto
       # @return [Pronto::BundlerAudit::Results::BaseResult]
       def match_result(scan_result)
         case scan_result
-        when ::Bundler::Audit::Scanner::InsecureSource
-          Results::InsecureSource.new(scan_result)
-        when ::Bundler::Audit::Scanner::UnpatchedGem
-          Results::UnpatchedGem.new(scan_result)
+        when ::Bundler::Audit::Results::InsecureSource
+          Pronto::BundlerAudit::Results::InsecureSource.new(scan_result)
+        when ::Bundler::Audit::Results::UnpatchedGem
+          Pronto::BundlerAudit::Results::UnpatchedGem.new(scan_result)
         else
           raise ArgumentError, "Unexpected type: #{scan_result.class}"
         end

data/lib/pronto/bundler_audit/version.rb

@@ -3,6 +3,6 @@
 module Pronto
   # Pronto::BundlerAuditVersion
   module BundlerAuditVersion
-    VERSION = "0.6.0"
+    VERSION = "0.7.0"
   end
 end

data/pronto-bundler_audit.gemspec

@@ -27,8 +27,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency "bundler-audit", "~> 0"
-  spec.add_runtime_dependency "pronto", "~> 0"
+  spec.add_runtime_dependency "bundler-audit", "~> 0.8"
+  spec.add_runtime_dependency "pronto", "~> 0.11"
 
   spec.add_development_dependency "bundler", "~> 2"
   spec.add_development_dependency "byebug", "~> 11"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pronto-bundler_audit
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Paul Dobbins
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-30 00:00:00.000000000 Z
+date: 2021-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: pronto
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -241,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Pronto runner for bundler-audit, patch-level verification for bundler.