rondabot 0.0.10

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 76ef4c5c79896efc24cfe7700f8069e591bf24d4e5fe9f2b75200589f7f481f3
+  data.tar.gz: b22c709271b237e7963b3c50e19a965aab50e4d91df7924ca540b8b7f9d09813
+SHA512:
+  metadata.gz: 6db3c3fafdb96e18fd49827744d9ca9828cd0e240fa416c283b598d619f7e8e5ff85cda3718fd65f98c63078ad807e4c31e4251047185cd832ee23cfc421cc2c
+  data.tar.gz: f9c4e7efe0c460889863ec482824ed7b8da39c6f1b984709e13281be2c12bf4c3d8c70ad2c223730e3dedb9eeb96a62e1c0e2c0a94229b87a2fe01fe43359b59

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2020 Rondinelli Morais
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# Getting Started
+
+**Rondabot** is a powerful agent that checks for vulnerabilities on the project's premises and submits pull requests with the best version.
+
+The high-level flow looks like this:
+
+<p align="center">
+  <img src="resources/flow.svg" alt="Rondabot architecture">
+</p>
+
+# Install
+
+To get started let's create our Gemfile:
+
+```ruby
+# Gemfile
+ruby "2.5.5"
+source "https://rubygems.org"
+
+gem "dependabot-omnibus", "~> 0.111.5"
+gem "rondabot", "~> 1.0.0"
+```
+
+run:
+
+```bash
+bundle install
+```
+
+After installation! To start using Rondabot all you need is a script looks like this:
+
+```ruby
+require "dependabot/omnibus"
+require "rondabot"
+
+core = Rondabot::Core.new(
+  # ...
+  # the parameters. See Parameters table below
+  # ...
+)
+
+# start bot
+core.start()
+```
+
+## Parameters
+
+| Name | Description |
+|:------|:------|
+| **provider** | Source control provider **azure**, **gitlab** or **github** |
+| **organization** | Name of your organization on azure devops |
+| **project** | Name of your project on azure devops |
+| **repository** | Name of your project to using for clone and create pull requests |
+| **credentials** | A user credentials (_username_ and _password_) permission to clone e create pull requests |
+| **feed_id** | Your feed id npm/yarn on azure devops. Go to Azure Devops, your project _Artifacts_ > _Connect to feed_ > _npm_ and then you can find feed id in the url looks like `https://pkgs.dev.azure.com/your organization name/you feed id to be right here/_packaging/npm-packages/npm/registry/` |
+| **github_public_token** | A GitHub access token with read access to public repos. Go to your GitHub account _Settings_ > _Developer settings_ > _Personal access tokens_ and then _Generate new token_ |
+
+## Example
+
+```ruby
+require "dependabot/omnibus"
+require "rondabot"
+
+core = Rondabot::Core.new(
+  provider: "azure",
+  organization: "Akatsuki",
+  project: "Digital%20Channel",
+  repository: "akatsuki-website",
+  credentials: {
+    :username => "Ronda.Bot",
+    :password => "cm9uZGluZWxsaW1vcmFpcwcm9uZGFib3Q"
+  },
+  feed_id: "11db190-e3b1872-1e6e6e-c97f2dd-49253",
+  github_public_token: "11db190e3b18721e6e6ec97f2dd49253"
+)
+
+core.start()
+```
+
+# License
+
+MIT.

data/lib/module/Azure.rb

@@ -0,0 +1,47 @@
+module Rondabot 
+  class Azure < SourceControl
+    def initialize params
+      super(params)
+      @repository = params[:repository]
+      @project = params[:project]
+
+      user_credentials = get_user_credentials(params)
+      @credentials << {
+        "type" => "git_source",
+        "host" => "dev.azure.com",
+        "username" => user_credentials[:username],
+        "password" => user_credentials[:password]
+      }
+
+      # get organization
+      @organization = params[:organization]
+      if @organization.nil?
+        raise ArgumentError.new("'organization' param is missing!")
+      end
+
+      # get npm registry feed id
+      @feed_id = params[:feed_id]
+      if @feed_id.nil?
+        raise ArgumentError.new("'feed_id' param is missing!")
+      end
+
+      @credentials << {
+        "type" => "npm_registry",
+        "registry" => "https://pkgs.dev.azure.com/#{@organization}/#{@feed_id}/_packaging/npm-packages/npm/registry/",
+        "token" => "#{@feed_id}:#{user_credentials[:password]}"
+      }
+    end
+
+    def repository_uri
+      if @repository.nil?
+        raise ArgumentError.new("'repository' param is missing!")
+      end
+
+      if @project.nil?
+        raise ArgumentError.new("'project' param is missing!")
+      end
+
+      return "#{@organization}/#{@project}/_git/#{@repository}"
+    end
+  end
+end

data/lib/module/Core.rb

@@ -0,0 +1,102 @@
+require "dependabot/omnibus"
+require "json"
+
+module Rondabot
+  class Core
+    def initialize params
+      @provider = params[:provider]
+
+      case @provider
+        when 'azure'
+          @source_control = Rondabot::Azure.new(params)
+        when 'gitlab'
+          # @source_control = Rondabot::GitLab.new(params)
+          raise ArgumentError.new("gitlab available soon :)")
+        when 'github'
+          # @source_control = Rondabot::GitHub.new(params)
+          raise ArgumentError.new("github available soon :)")
+        else
+          raise ArgumentError.new("'provider' param is missing! The available values are: azure, gitlab or github.")
+      end
+    end
+
+    def start
+      package_manager = "npm_and_yarn"
+      source = Dependabot::Source.new(
+        provider: @provider,
+        repo: @source_control.repository_uri
+      )
+
+      fetcher = @source_control.clone(source)
+      files = fetcher.files
+      commit = fetcher.commit
+
+      # keep only safe files
+      exclude_files = [
+        'yarn.lock',
+        'package-lock.json'
+      ]
+
+      dependency_files = files.select do |f|
+        !exclude_files.include?(f.name)
+      end
+
+      parser = Dependabot::FileParsers.for_package_manager(package_manager).new(
+        dependency_files: dependency_files,
+        source: source,
+        credentials: @source_control.credentials,
+      )
+
+      dependencies = parser.parse
+
+      # Get the audit report to find out which
+      # dependencies are vulnerable
+      npm_and_yarn = Rondabot::NpmAndYarn.new(dependencies)
+      audit_obj = npm_and_yarn.audit()
+
+      #r report
+      print_audit_table(audit_obj)
+
+      # for each dependency, the best version for the
+      # upgrade must be analyzed
+      audit_obj.each do |audit|
+        best_version_to_go = Rondabot::Version.next(
+          audit[:current_version],
+          audit[:patched_versions]
+        )
+
+        dependency = Dependabot::Dependency.new(
+          name: audit[:name],
+          version: best_version_to_go.version,
+          requirements: [{:requirement=>best_version_to_go.version, :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+          previous_requirements: [{:requirement=>audit[:current_version].version, :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+          package_manager: package_manager
+        )
+        
+        updater = Dependabot::FileUpdaters.for_package_manager(package_manager).new(
+          dependencies: [dependency],
+          dependency_files: dependency_files,
+          credentials: @source_control.credentials,
+        )
+
+        @source_control.create_pull_request(
+          updater: updater,
+          base_commit: commit,
+          dependencies: [dependency],
+          source: source
+        )
+      end
+    end
+
+    def print_audit_table audit_obj
+      if !audit_obj.empty?
+        puts "\nThe following dependencies are considered vulnerable."
+        puts "=============="
+        audit_obj.each do |audit|
+          puts "#{audit[:name]}@#{audit[:current_version].version}"
+        end
+        puts "\n"
+      end
+    end
+  end
+end

data/lib/module/GitHub.rb

@@ -0,0 +1,14 @@
+module Rondabot
+  class GitHub < SourceControl
+    def initialize params
+      super(params)
+      
+      # get the user credentials
+      # user_credentials = get_user_credentials(params)
+    end
+
+    def repository_uri
+      raise "not implemented"
+    end
+  end
+end

data/lib/module/GitLab.rb

@@ -0,0 +1,14 @@
+module Rondabot
+  class GitLab < SourceControl
+    def initialize params
+      super(params)
+
+      # get the user credentials
+      # user_credentials = get_user_credentials(params)
+    end
+
+    def repository_uri
+      raise "not implemented"
+    end
+  end
+end

data/lib/module/NpmAndYarn.rb

@@ -0,0 +1,132 @@
+require "dependabot/omnibus"
+require "uri"
+require "net/http"
+require "json"
+
+module Rondabot
+  class NpmAndYarn
+
+    attr_accessor :dependencies
+
+    def initialize dependencies
+      @dependencies = dependencies
+    end
+
+    #
+    # Faz uma requisição do serviço do npm para verificar quais
+    # dependencias da lista são vulneráveis
+    #
+    # Retorna uma lista de 
+    # {
+    #   :name => "module name",
+    #   :patched_versions => [Rondabot::Version],
+    #   :current_version => Rondabot::Version
+    # }
+    def audit
+      requires = {}
+      dependencies = {}
+      self.dependencies.each do |dep|
+        # create the requires object
+        requires[:"#{dep.name}"] = dep.requirements.first[:requirement]
+
+        # create the dependencies object
+        dependencies[:"#{dep.name}"] = {
+          :version => dep.requirements.first[:requirement]
+        }
+      end
+
+      body = {
+        :name => "rondabot",
+        :version => "1.0.0",
+        :requires => requires,
+        :dependencies => dependencies
+      }
+
+      response = request(
+        url: URI("https://registry.npmjs.org/-/npm/v1/security/audits"),
+        body: body
+      )
+
+      audit_data = response.read_body
+      
+      #
+      # Com a resposta do serviço monta um objeto contendo a versão atual
+      # e as versões com vulnerabilidades
+      #
+      vulnerable_versions = []
+      if audit_data != nil && audit_data.length > 0
+        object = JSON.parse(audit_data)
+        vulnerabilidades(object).each do |vul|
+          vulnerable_versions << vulnerable_version(object["advisories"], vul)
+        end
+      end
+      return vulnerable_versions
+    end
+
+    private
+
+    def request(config)
+
+      https = Net::HTTP.new(config[:url].host, config[:url].port)
+      https.use_ssl = true
+
+      request = Net::HTTP::Post.new(config[:url])
+      request["Content-Type"] = "application/json"
+      request.body = config[:body].to_json
+
+      return https.request(request)
+    end
+
+    def vulnerabilidades(obj_audit_data)
+      vulnerabs = []
+      actions = obj_audit_data["actions"]
+      if !actions.empty?
+        actions.each do |action|
+          resolves = action["resolves"]
+          if !resolves.empty?
+            resolves.each do |r|
+              vulnerabs << {:id => r["id"]}
+            end
+          end
+        end
+      end
+      return vulnerabs
+    end
+
+    def vulnerable_version(advisories, vulnerability)
+      depend = advisories["#{vulnerability[:id]}"]
+      return {
+        :name => depend["module_name"],
+        :patched_versions => Rondabot::Version.make(depend["patched_versions"]),
+        :current_version => Rondabot::Version.new(depend["findings"].first["version"])
+      }
+    end
+  end
+end
+
+# dependencies = [
+#   Dependabot::Dependency.new(
+#     name: "minimist",
+#     version: "1.2.0",
+#     requirements: [{:requirement=>"1.2.0", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     previous_requirements: [{:requirement=>"1.2.0", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     package_manager: "npm_and_yarn"
+#   ),
+#   Dependabot::Dependency.new(
+#     name: "date-fns",
+#     version: "2.5.0",
+#     requirements: [{:requirement=>"2.5.0", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     previous_requirements: [{:requirement=>"2.3.0", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     package_manager: "npm_and_yarn"
+#   ),
+#   Dependabot::Dependency.new(
+#     name: "node.extend",
+#     version: "1.1.6",
+#     requirements: [{:requirement=>"1.1.6", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     previous_requirements: [{:requirement=>"1.1.6", :file=>"package.json", :groups=>["dependencies"], :source=>nil}],
+#     package_manager: "npm_and_yarn"
+#   )
+# ]
+
+# npm_and_yarn = Rondabot::NpmAndYarn.new(dependencies)
+# puts npm_and_yarn.audit()

data/lib/module/Option.rb

@@ -0,0 +1,28 @@
+require 'optparse'
+
+module Rondabot
+  class Option
+    def self.parse()
+      options = {}
+      opt_parser = OptionParser.new do |opts|
+        opts.banner = "Usage: example.rb [options]"
+
+        opts.on("-h", "--help", "Prints this help") do
+          puts opts
+          exit
+        end
+        
+        opts.on("-ePATH", "--env=PATH", "The path to the .env file") { |v| options[:env] = v }
+      end
+
+      begin opt_parser.parse! ARGV
+        rescue OptionParser::InvalidOption => e
+        puts e
+        puts opt_parser
+        exit 1
+      end
+
+      return options
+    end
+  end
+end

data/lib/module/SourceControl.rb

@@ -0,0 +1,66 @@
+require "dependabot/omnibus"
+
+module Rondabot
+  class SourceControl
+    attr_accessor :credentials, :provider
+
+    def initialize params
+      @credentials = []
+      @provider = params[:provider]
+
+      # A GitHub access token with read access to public repos
+      if params[:github_public_token].nil?
+        raise ArgumentError.new("'github_public_token' param is missing!")
+      end
+
+      @credentials << {
+        "type" => "git_source",
+        "host" => "github.com",
+        "username" => "x-access-token",
+        "password" => "#{params[:github_public_token]}"
+      }
+    end
+
+    def repository_uri
+      raise "this method cannot be called directly, do override!"
+    end
+
+    def clone source
+      return Dependabot::FileFetchers.for_package_manager("npm_and_yarn").new(
+        source: source,
+        credentials: self.credentials,
+      )
+    end
+
+    def create_pull_request params
+      files = params[:updater].updated_dependency_files
+      pr_creator = Dependabot::PullRequestCreator.new(
+        source: params[:source],
+        base_commit: params[:base_commit],
+        dependencies: params[:dependencies],
+        files: files,
+        credentials: self.credentials,
+        label_language: true
+      )
+
+      pull_request = pr_creator.create
+
+      if pull_request&.status == 201
+        content = JSON[pull_request.body]
+        puts "  PR ##{content["pullRequestId"]} submitted"
+      else
+        puts "  PR already exists or an error has occurred"
+      end
+    end
+
+    private
+    def get_user_credentials(params)
+      _credentials = params[:credentials]
+      if _credentials.nil? || _credentials[:username].nil? || _credentials[:password].nil?
+        raise ArgumentError.new("'credentials' param is missing! Check your credentials parameter")
+      end
+      return _credentials
+    end
+  end
+end
+  

data/lib/module/Version.rb

@@ -0,0 +1,177 @@
+# 
+# Fontes de pesquisa
+# 
+# https://github.com/npm/node-semver
+# https://github.com/jlindsey/semantic
+# https://semver.org/
+#
+module Rondabot
+  class Version
+    
+    SemVerRegExp = /\A(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][a-zA-Z0-9-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][a-zA-Z0-9-]*))*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?\Z/
+    
+    attr_accessor :major, :minor, :patch, :pre, :version
+
+    def initialize version_str
+      v = version_str.match(SemVerRegExp)
+
+      raise ArgumentError.new("#{version_str} is not a valid SemVer Version (http://semver.org)") if v.nil?
+      @major = v[1].to_i
+      @minor = v[2].to_i
+      @patch = v[3].to_i
+      @pre = v[4]
+      @build = v[5]
+      @version = version_str
+    end
+
+    # Public Methods
+
+    def gt? other_version
+      compare(other_version) > 0
+    end
+
+    def lt? other_version
+      compare(other_version) < 0
+    end
+
+    def eq? other_version
+      compare(other_version) == 0
+    end
+
+    # Static Methods
+
+    def self.max versions
+      ordered = versions.sort_by { |s| Gem::Version.new(s.version) }
+      return ordered.last
+    end
+
+    def self.min versions
+      ordered = versions.sort_by { |s| Gem::Version.new(s.version) }
+      return ordered.first
+    end
+
+    def self.valid str
+      return str.match(SemVerRegExp)
+    end
+
+    # 
+    # Cria uma lista de Version com base na string semântica
+    # exemplo: 
+    #   str => ">=1.1.7 <2.0.0 || >=2.0.1"
+    #   vira => [Rondabot::Version[1.1.7], Rondabot::Version[2.0.0], Rondabot::Version[2.0.1]]
+    # 
+    def self.make str_versions
+      cleared_versions = str_versions.gsub(/[^a-zA-Z0-9_\.]+/, ",").split(",")
+      
+      versions = []
+      cleared_versions.each do |v|
+        if valid(v)
+          versions << Version.new(v)
+        end
+      end
+      return versions
+    end
+
+    # 
+    # A próxima versão é a mínima maior do que a atual
+    #
+    def self.next(current_version, patched_versions)
+      biggest_versions = []
+      ordered = patched_versions.sort_by { |s| Gem::Version.new(s.version) }
+      ordered.each do |v|
+        # Versões maiores do que a versão atual são adicionada no array
+        if v.gt?(current_version.version)
+          biggest_versions << v
+        end
+      end
+      return min(biggest_versions)
+    end
+
+    # Private Methods
+    private
+
+    def compare other_version
+      other_version = Version.new(other_version)
+      return Gem::Version.new(self.version) <=> Gem::Version.new(other_version.version)
+    end
+  end
+end
+
+
+#
+# CRIAÇÃO DO OBJETO
+#
+# version = Rondabot::Version.new('1.6.5')
+# version.major             # => 1
+# version.minor             # => 6
+# version.patch             # => 5
+# puts "Aqui está => #{version.patch}"
+
+
+#
+# TESTE DE ORDENACAO DE ARRAY
+#
+
+# array = [
+#   Rondabot::Version.new('1.2.3-beta'),
+#   Rondabot::Version.new('1.1.7'),
+#   Rondabot::Version.new('2.0.1'),
+#   Rondabot::Version.new('1.2.2-alpha'),
+#   Rondabot::Version.new('0.0.54'),
+#   Rondabot::Version.new('1.0.54'),
+#   Rondabot::Version.new('0.79.4'),
+  # Rondabot::Version.new('0.83.0'),
+  # Rondabot::Version.new('0.83.1'),
+#   Rondabot::Version.new('2.0.0')
+# ]
+
+# ordered = array.sort_by { |s| Gem::Version.new(s.version) }
+# ordered.each do |s|
+#   puts s.version
+# end
+
+
+#
+# TESTE DE COMPARACAO
+#
+# version117 = Rondabot::Version.new('1.1.7')
+# puts "gt? #{version117.gt?('1.1.8')}"
+# puts "lt? #{version117.lt?('1.1.8')}"
+# puts "eq? #{version117.eq?('1.1.8')}"
+
+
+#
+# MAX VERSION
+#
+# array = [
+#   Rondabot::Version.new('1.1.7'),
+#   Rondabot::Version.new('2.0.1'),
+#   Rondabot::Version.new('2.0.0')
+# ]
+
+# puts Rondabot::Version::max(array).version
+# puts Rondabot::Version::min(array).version
+
+#
+# CRIADOR DE VERSOES COM BASE NO PATHCED
+#
+# ">=1.1.7 <2.0.0 || >= 2.0.1"
+#
+
+# versions = Rondabot::Version.make(">=1.1.7 <2.0.0 || >= 2.0.1")
+# puts versions
+# exit
+
+#
+# METODO QUE IRÁ ACHAR A PROXIMA VERSAO COM BASE NA ATUAL
+#
+# versions = [
+#   Rondabot::Version.new('0.83.0'),
+#   Rondabot::Version.new('0.83.1'),
+#   Rondabot::Version.new('1.1.7'),
+#   Rondabot::Version.new('2.0.1'),
+#   Rondabot::Version.new('2.0.0')
+# ]
+# current_version = Rondabot::Version.new('1.0.54')
+# best_version_to_go = Rondabot::Version.next(current_version, versions)
+# puts best_version_to_go.version

data/lib/rondabot.rb

@@ -0,0 +1,11 @@
+module Rondabot
+  VERSION = '0.0.10'
+  autoload :Option, File.join(File.dirname(__FILE__), 'module/Option')
+  autoload :Core, File.join(File.dirname(__FILE__), 'module/Core')
+  autoload :Version, File.join(File.dirname(__FILE__), 'module/Version')
+  autoload :NpmAndYarn, File.join(File.dirname(__FILE__), 'module/NpmAndYarn')
+  autoload :SourceControl, File.join(File.dirname(__FILE__), 'module/SourceControl')
+  autoload :Azure, File.join(File.dirname(__FILE__), 'module/Azure')
+  autoload :GitHub, File.join(File.dirname(__FILE__), 'module/GitHub')
+  autoload :GitLab, File.join(File.dirname(__FILE__), 'module/GitLab')
+end

data/spec/rondabot_spec.rb

@@ -0,0 +1,5 @@
+RSpec.describe Rondabot do
+  it "has a version number => #{Rondabot::VERSION}" do
+    expect(Rondabot::VERSION).not_to be nil
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+require "bundler/setup"
+require "rondabot"
+
+RSpec.configure do |config|
+  # Enable flags like --only-failures and --next-failure
+  config.example_status_persistence_file_path = ".rspec_status"
+
+  # Disable RSpec exposing methods globally on `Module` and `main`
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -0,0 +1,88 @@
+--- !ruby/object:Gem::Specification
+name: rondabot
+version: !ruby/object:Gem::Version
+  version: 0.0.10
+platform: ruby
+authors:
+- Rondinelli Morais
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-08-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+description: Rondabot Rondabot is a powerful agent that checks for vulnerabilities
+  on the project's premises and submits pull requests with the best version.
+email:
+- rondinellimorais@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/module/Azure.rb
+- lib/module/Core.rb
+- lib/module/GitHub.rb
+- lib/module/GitLab.rb
+- lib/module/NpmAndYarn.rb
+- lib/module/Option.rb
+- lib/module/SourceControl.rb
+- lib/module/Version.rb
+- lib/rondabot.rb
+- spec/rondabot_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/rondinellimorais/rondabot
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/rondinellimorais/rondabot
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: Rondabot searches for and fixes dependencies with security vulnerabilities.
+test_files:
+- spec/rondabot_spec.rb
+- spec/spec_helper.rb