ruby_audit 1.0.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 51cf3ff827f2fdbe2820e818de13a2218944ce9a
4
- data.tar.gz: 783bc7959bacd144fd046acf87abb019a2c79dd6
2
+ SHA256:
3
+ metadata.gz: b939a8de9d5f33649faf17b6181580235b4c40566e5582d99220bcf36588afb2
4
+ data.tar.gz: 22d2f224e26baac967f47a402f971175c3c7489af24720f31edc2d3d301efa5e
5
5
  SHA512:
6
- metadata.gz: 540ecf36b326b595bf50537d73196fbf4ceb1afa024a32311a4dde8d7ac932453ad60bcc4e80f259bc93d12f4fc4e0529d9e8374756606c16f34c152e769247a
7
- data.tar.gz: 7e2a5503bfe817c767271dd86b39155a04675e5d2fec28c23708fefd52e816c7cbdd10dee61b492425b3b3a1e8c45636db2c7fcc0d899e8ddd7893a3bbd21a96
6
+ metadata.gz: c04e0bf277cbb8ad80690abb7adb4680c811479e952e08257a9ae7a89792fb33e08acc7a1674195a88592c01a865fd47a2d71501b9642c37330dcd1f71bbca12
7
+ data.tar.gz: 5c54e924a470a1d9ecc7e8f913ddd50aa3e5d8f4540a70afa8e9636187cac3d9ecd4993d62f3bb6936d791bcc259c3bebf2ebe305e492905950c9709cc4a9d26
data/.rspec CHANGED
@@ -1 +1,2 @@
1
1
  --color
2
+ --warnings
data/.rubocop.yml CHANGED
@@ -1,13 +1,28 @@
1
- Metrics/LineLength:
1
+ AllCops:
2
+ TargetRubyVersion: 2.5
3
+ NewCops: enable
4
+ SuggestExtensions: false
5
+
6
+ Layout/LineLength:
2
7
  Exclude:
3
8
  - 'ruby_audit.gemspec'
4
9
 
5
10
  Metrics/MethodLength:
6
11
  Max: 15
7
12
 
13
+ Metrics/BlockLength:
14
+ IgnoredMethods:
15
+ - describe
16
+
8
17
  Style/Documentation:
9
18
  Enabled: false
10
19
 
11
- Style/FileName:
20
+ Naming/FileName:
12
21
  Exclude:
13
22
  - 'exe/ruby-audit'
23
+
24
+ Style/FrozenStringLiteralComment:
25
+ Enabled: false
26
+
27
+ Style/NumericPredicate:
28
+ Enabled: false
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.3.0
1
+ 3.0.0
data/.travis.yml CHANGED
@@ -1,5 +1,10 @@
1
1
  language: ruby
2
2
  cache: bundler
3
+ rvm:
4
+ - 2.5.8
5
+ - 2.6.6
6
+ - 2.7.2
7
+ - 3.0.0
3
8
  branches:
4
9
  only:
5
10
  - master
data/CHANGELOG.md CHANGED
@@ -1,5 +1,88 @@
1
1
  # Change Log
2
2
 
3
+ All notable changes to this project will be documented in this file.
4
+ This project adheres to [Semantic Versioning](http://semver.org/).
5
+
6
+ ## [Unreleased]
7
+
8
+ ## [2.0.0] - 2021-03-22
9
+
10
+ ### Added
11
+
12
+ * Require bundler-audit 0.8
13
+ * Added Ruby 3.0 to the Travis matrix
14
+
15
+ ### Removed
16
+
17
+ * Removed support for bundler-audit 0.7
18
+
19
+ ## [1.3.0] - 2020-07-01
20
+
21
+ ### Added
22
+
23
+ * Added Ruby 2.5, 2.6, and 2.7 to the Travis matrix
24
+ * Added the ability to ignore an advisory by its GHSA identifier
25
+
26
+ ### Changed
27
+
28
+ * Bumped the bundler-audit version to 0.7
29
+ * Bumped the Ruby version for development to 2.7.1
30
+ * Bumped the Pry version for development to 0.13
31
+ * Bumped the Rake version for development to 13
32
+ * Bumped the Rspec version for development to 3.9
33
+ * Bumped the RuboCop version for development to 0.86
34
+ * Bumped the Timecop verison for development to 0.9
35
+ * RuboCop fixes
36
+
37
+ ### Removed
38
+
39
+ * Removed Ruby 2.1 through 2.4 from the Travis matrix
40
+ * Removed the explicit Bundler dependency for development, since it is now included with RubyGems
41
+
42
+ ## [1.2.0] - 2017-09-21
43
+
44
+ ### Added
45
+
46
+ * Added 2.4 to the Travis matrix ([@errm])
47
+
48
+ ### Changed
49
+
50
+ * Bumped the bundler-audit version to 0.6 ([@errm])
51
+ * Bumped the RuboCop version for development to 0.50 ([@errm])
52
+ * Bumped the Ruby version for development to 2.4.2 ([@errm])
53
+
54
+ ## [1.1.0] - 2016-09-15
55
+
56
+ ### Added
57
+
58
+ * Added a matrix build of 2.1, 2.2, and 2.3 to Travis
59
+
60
+ ### Changed
61
+
62
+ * Added a [Code of Conduct](CODE_OF_CONDUCT.md)
63
+ * Bumped the bundler-audit version to 0.5
64
+ * Bumped the RSpec version for development to 3.5
65
+ * Bumped the Rake version for development to 11.2
66
+ * Bumped the RuboCop version for development to 0.42
67
+ * Bumped the Ruby version for development to 2.3.1
68
+
69
+ ## [1.0.1] - 2016-02-03
70
+
71
+ ### Fixed
72
+
73
+ * [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
74
+ removing unreliable last-update check
75
+
3
76
  ## 1.0.0 (2016-02-03)
4
77
 
5
78
  * Initial Release
79
+
80
+ [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
81
+ [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
82
+ [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
83
+ [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
84
+ [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
85
+ [1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
86
+ [1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316
87
+
88
+ [@errm]: https://github.com/errm
@@ -0,0 +1,50 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, and in the interest of
4
+ fostering an open and welcoming community, we pledge to respect all people who
5
+ contribute through reporting issues, posting feature requests, updating
6
+ documentation, submitting pull requests or patches, and other activities.
7
+
8
+ We are committed to making participation in this project a harassment-free
9
+ experience for everyone, regardless of level of experience, gender, gender
10
+ identity and expression, sexual orientation, disability, personal appearance,
11
+ body size, race, ethnicity, age, religion, or nationality.
12
+
13
+ Examples of unacceptable behavior by participants include:
14
+
15
+ * The use of sexualized language or imagery
16
+ * Personal attacks
17
+ * Trolling or insulting/derogatory comments
18
+ * Public or private harassment
19
+ * Publishing other's private information, such as physical or electronic
20
+ addresses, without explicit permission
21
+ * Other unethical or unprofessional conduct
22
+
23
+ Project maintainers have the right and responsibility to remove, edit, or
24
+ reject comments, commits, code, wiki edits, issues, and other contributions
25
+ that are not aligned to this Code of Conduct, or to ban temporarily or
26
+ permanently any contributor for other behaviors that they deem inappropriate,
27
+ threatening, offensive, or harmful.
28
+
29
+ By adopting this Code of Conduct, project maintainers commit themselves to
30
+ fairly and consistently applying these principles to every aspect of managing
31
+ this project. Project maintainers who do not follow or enforce the Code of
32
+ Conduct may be permanently removed from the project team.
33
+
34
+ This Code of Conduct applies both within project spaces and in public spaces
35
+ when an individual is representing the project or its community.
36
+
37
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
38
+ reported by contacting a project maintainer at opensource@civisanalytics.com.
39
+ All complaints will be reviewed and investigated and will result in a response
40
+ that is deemed necessary and appropriate to the circumstances. Maintainers are
41
+ obligated to maintain confidentiality with regard to the reporter of an
42
+ incident.
43
+
44
+
45
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
46
+ version 1.3.0, available at
47
+ [http://contributor-covenant.org/version/1/3/0/][version]
48
+
49
+ [homepage]: http://contributor-covenant.org
50
+ [version]: http://contributor-covenant.org/version/1/3/0/
data/CONTRIBUTING.md CHANGED
@@ -1,6 +1,7 @@
1
1
  # Contributing to RubyAudit
2
2
 
3
- We welcome pull requests from everyone!
3
+ We welcome bug reports and pull requests from everyone!
4
+ This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
4
5
 
5
6
  ## Getting Started
6
7
 
data/README.md CHANGED
@@ -1,8 +1,7 @@
1
1
  # RubyAudit
2
2
 
3
- [![Build Status](https://travis-ci.org/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.org/civisanalytics/ruby_audit)
3
+ [![Build Status](https://travis-ci.com/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.com/civisanalytics/ruby_audit)
4
4
  [![Gem Version](https://badge.fury.io/rb/ruby_audit.svg)](http://badge.fury.io/rb/ruby_audit)
5
- [![Dependency Status](https://gemnasium.com/civisanalytics/ruby_audit.svg)](https://gemnasium.com/civisanalytics/ruby_audit)
6
5
 
7
6
  RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
8
7
  It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.
@@ -52,7 +51,8 @@ $ ruby-audit check -n
52
51
  ## Development
53
52
 
54
53
  After checking out the repo, run `bin/setup` to install dependencies.
55
- Then, run `rake spec` to run the tests.
54
+ You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
55
+ submodule used for testing. Then, run `rake spec` to run the tests.
56
56
  You can also run `bin/console` for an interactive prompt that will allow you to experiment.
57
57
 
58
58
  To install this gem onto your local machine, run `bundle exec rake install`.
data/Rakefile CHANGED
@@ -6,4 +6,4 @@ RSpec::Core::RakeTask.new
6
6
  require 'rubocop/rake_task'
7
7
  RuboCop::RakeTask.new
8
8
 
9
- task default: [:rubocop, :spec]
9
+ task default: %i[rubocop spec]
data/lib/ruby_audit.rb CHANGED
@@ -1,4 +1,3 @@
1
- require 'bundler/audit/cli'
2
1
  require 'ruby_audit/cli'
3
2
  require 'ruby_audit/database'
4
3
  require 'ruby_audit/scanner'
@@ -1,5 +1,10 @@
1
+ require 'thor'
2
+
1
3
  module RubyAudit
2
- class CLI < Bundler::Audit::CLI
4
+ class CLI < ::Thor
5
+ default_task :check
6
+ map '--version' => :version
7
+
3
8
  desc 'check', 'Checks Ruby and RubyGems for insecure versions'
4
9
  method_option :ignore, type: :array, aliases: '-i'
5
10
  method_option :no_update, type: :boolean, aliases: '-n'
@@ -52,17 +57,81 @@ module RubyAudit
52
57
 
53
58
  private
54
59
 
60
+ def say(message = '', color = nil)
61
+ color = nil unless $stdout.tty?
62
+ super(message.to_s, color)
63
+ end
64
+
65
+ # rubocop:disable Metrics/AbcSize
66
+ # rubocop:disable Metrics/CyclomaticComplexity
67
+ # rubocop:disable Metrics/MethodLength
68
+ # rubocop:disable Metrics/PerceivedComplexity
69
+ def print_advisory(gem, advisory)
70
+ say 'Name: ', :red
71
+ say gem.name
72
+
73
+ say 'Version: ', :red
74
+ say gem.version
75
+
76
+ say 'Advisory: ', :red
77
+
78
+ if advisory.cve
79
+ say advisory.cve_id
80
+ elsif advisory.osvdb
81
+ say advisory.osvdb_id
82
+ elsif advisory.ghsa
83
+ say advisory.ghsa_id
84
+ end
85
+
86
+ say 'Criticality: ', :red
87
+ case advisory.criticality
88
+ when :none then say 'None'
89
+ when :low then say 'Low'
90
+ when :medium then say 'Medium', :yellow
91
+ when :high then say 'High', %i[red bold]
92
+ when :critical then say 'Critical', %i[red bold]
93
+ else say 'Unknown'
94
+ end
95
+
96
+ say 'URL: ', :red
97
+ say advisory.url
98
+
99
+ if options.verbose?
100
+ say 'Description:', :red
101
+ say
102
+
103
+ print_wrapped advisory.description, indent: 2
104
+ say
105
+ else
106
+
107
+ say 'Title: ', :red
108
+ say advisory.title
109
+ end
110
+
111
+ if advisory.patched_versions.empty?
112
+ say 'Solution: ', :red
113
+ say 'remove or disable this gem until a patch is available!', %i[red bold]
114
+ else
115
+ say 'Solution: upgrade to ', :red
116
+ say advisory.patched_versions.join(', ')
117
+ end
118
+
119
+ say
120
+ end
121
+ # rubocop:enable Metrics/PerceivedComplexity
122
+ # rubocop:enable Metrics/MethodLength
123
+ # rubocop:enable Metrics/CyclomaticComplexity
124
+ # rubocop:enable Metrics/AbcSize
125
+
55
126
  def check_for_stale_database
56
127
  database = Database.new
57
- if database.size == 89
58
- # bundler-audit 0.4.0 comes bundled with an old verison of
59
- # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
60
- # or RubyGems. If #size == 89, the database has never been updated.
61
- say 'The database must be updated before using RubyAudit', :red
62
- exit 1
63
- elsif database.stale
64
- say 'The database has not been updated in over 7 days', :yellow
65
- end
128
+ return unless database.size == 89
129
+
130
+ # bundler-audit 0.4.0 comes bundled with an old verison of
131
+ # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
132
+ # or RubyGems. If #size == 89, the database has never been updated.
133
+ say 'The database must be updated before using RubyAudit', :red
134
+ exit 1
66
135
  end
67
136
  end
68
137
  end
@@ -1,3 +1,5 @@
1
+ require 'bundler/audit/database'
2
+
1
3
  module RubyAudit
2
4
  class Database < Bundler::Audit::Database
3
5
  def advisories_for(name, type)
@@ -24,17 +26,6 @@ module RubyAudit
24
26
  end
25
27
  end
26
28
 
27
- def stale
28
- if File.directory?(USER_PATH) &&
29
- File.exist?(File.join(USER_PATH, '.git'))
30
- ts = Time.parse(
31
- `cd #{USER_PATH} && git log --date=iso8601 --pretty="%cd" -1`).utc
32
- ts < (Date.today - 7).to_time
33
- else
34
- true
35
- end
36
- end
37
-
38
29
  protected
39
30
 
40
31
  def each_advisory_path(&block)
@@ -1,5 +1,8 @@
1
+ require 'bundler/audit/results/unpatched_gem'
2
+ require 'set'
3
+
1
4
  module RubyAudit
2
- class Scanner < Bundler::Audit::Scanner
5
+ class Scanner
3
6
  class Version
4
7
  def initialize(name, version)
5
8
  @name = name
@@ -23,11 +26,11 @@ module RubyAudit
23
26
  end
24
27
 
25
28
  def scan_ruby(options = {}, &block)
26
- if RUBY_PATCHLEVEL < 0
27
- version = ruby_version
28
- else
29
- version = "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
30
- end
29
+ version = if RUBY_PATCHLEVEL < 0
30
+ ruby_version
31
+ else
32
+ "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
33
+ end
31
34
  specs = [Version.new(RUBY_ENGINE, version)]
32
35
  scan_inner(specs, 'ruby', options, &block)
33
36
  end
@@ -43,8 +46,8 @@ module RubyAudit
43
46
  # .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
44
47
  # 2.2.0preview1 -> 2.2.0.preview.1).
45
48
  `ruby --version`.split[1]
46
- .gsub(/(\d)([a-z]+)/, '\1.\2')
47
- .gsub(/([a-z]+)(\d)/, '\1.\2')
49
+ .gsub(/(\d)([a-z]+)/, '\1.\2')
50
+ .gsub(/([a-z]+)(\d)/, '\1.\2')
48
51
  end
49
52
 
50
53
  def rubygems_version
@@ -52,29 +55,18 @@ module RubyAudit
52
55
  end
53
56
 
54
57
  def scan_inner(specs, type, options = {})
55
- return enum_for(__method__, options) unless block_given?
58
+ return enum_for(__method__, specs, type, options) unless block_given?
56
59
 
57
60
  ignore = Set[]
58
61
  ignore += options[:ignore] if options[:ignore]
59
62
 
60
63
  specs.each do |spec|
61
64
  @database.send("check_#{type}".to_sym, spec) do |advisory|
62
- unless ignore.include?(cve_id(advisory)) ||
63
- ignore.include?(osvdb_id(advisory))
64
- yield UnpatchedGem.new(spec, advisory)
65
+ unless ignore.intersect?(advisory.identifiers.to_set)
66
+ yield Bundler::Audit::Results::UnpatchedGem.new(spec, advisory)
65
67
  end
66
68
  end
67
69
  end
68
70
  end
69
-
70
- # Workaround for advisory.cve_id, present in master but not 0.4.0.
71
- def cve_id(advisory)
72
- "CVE-#{advisory.cve}" if advisory.cve
73
- end
74
-
75
- # Workaround for advisory.osvdb_id, present in master but not 0.4.0.
76
- def osvdb_id(advisory)
77
- "OSVDB-#{advisory.osvdb}" if advisory.osvdb
78
- end
79
71
  end
80
72
  end
@@ -1,3 +1,3 @@
1
1
  module RubyAudit
2
- VERSION = '1.0.0'
2
+ VERSION = '2.0.0'.freeze
3
3
  end
data/ruby_audit.gemspec CHANGED
@@ -1,12 +1,11 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
1
+ lib = File.expand_path('lib', __dir__)
3
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
3
  require 'ruby_audit/version'
5
4
 
6
5
  Gem::Specification.new do |spec|
7
6
  spec.name = 'ruby_audit'
8
7
  spec.version = RubyAudit::VERSION
9
- spec.authors = ['Jeff Cousens']
8
+ spec.authors = ['Jeff Cousens, Mike Saelim']
10
9
  spec.email = ['opensource@civisanalytics.com']
11
10
 
12
11
  spec.summary = 'Checks Ruby and RubyGems against known vulnerabilities.'
@@ -16,18 +15,18 @@ Gem::Specification.new do |spec|
16
15
  'version. It complements bundler-audit, providing ' \
17
16
  'complete coverage for your Ruby stack.'
18
17
  spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
19
- spec.license = 'GPLv3'
18
+ spec.license = 'GPL-3.0-or-later'
20
19
 
20
+ spec.required_ruby_version = ['>= 2.5', '< 3.1']
21
21
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
22
  spec.bindir = 'exe'
23
23
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
24
24
  spec.require_paths = ['lib']
25
25
 
26
- spec.add_dependency 'bundler-audit', '~> 0.4.0'
27
- spec.add_development_dependency 'bundler', '~> 1.11'
28
- spec.add_development_dependency 'pry', '~> 0.10.3'
29
- spec.add_development_dependency 'rake', '~> 10.5'
30
- spec.add_development_dependency 'rspec', '~> 3.4'
31
- spec.add_development_dependency 'rubocop', '~> 0.35.0'
32
- spec.add_development_dependency 'timecop', '~> 0.8.0'
26
+ spec.add_dependency 'bundler-audit', '~> 0.8.0'
27
+ spec.add_development_dependency 'pry', '~> 0.13.0'
28
+ spec.add_development_dependency 'rake', '~> 13.0'
29
+ spec.add_development_dependency 'rspec', '~> 3.9'
30
+ spec.add_development_dependency 'rubocop', '~> 1.9.1'
31
+ spec.add_development_dependency 'timecop', '~> 0.9.1'
33
32
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
- - Jeff Cousens
8
- autorequire:
7
+ - Jeff Cousens, Mike Saelim
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-02-03 00:00:00.000000000 Z
11
+ date: 2021-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -16,98 +16,84 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.4.0
19
+ version: 0.8.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.4.0
27
- - !ruby/object:Gem::Dependency
28
- name: bundler
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '1.11'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '1.11'
26
+ version: 0.8.0
41
27
  - !ruby/object:Gem::Dependency
42
28
  name: pry
43
29
  requirement: !ruby/object:Gem::Requirement
44
30
  requirements:
45
31
  - - "~>"
46
32
  - !ruby/object:Gem::Version
47
- version: 0.10.3
33
+ version: 0.13.0
48
34
  type: :development
49
35
  prerelease: false
50
36
  version_requirements: !ruby/object:Gem::Requirement
51
37
  requirements:
52
38
  - - "~>"
53
39
  - !ruby/object:Gem::Version
54
- version: 0.10.3
40
+ version: 0.13.0
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: rake
57
43
  requirement: !ruby/object:Gem::Requirement
58
44
  requirements:
59
45
  - - "~>"
60
46
  - !ruby/object:Gem::Version
61
- version: '10.5'
47
+ version: '13.0'
62
48
  type: :development
63
49
  prerelease: false
64
50
  version_requirements: !ruby/object:Gem::Requirement
65
51
  requirements:
66
52
  - - "~>"
67
53
  - !ruby/object:Gem::Version
68
- version: '10.5'
54
+ version: '13.0'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rspec
71
57
  requirement: !ruby/object:Gem::Requirement
72
58
  requirements:
73
59
  - - "~>"
74
60
  - !ruby/object:Gem::Version
75
- version: '3.4'
61
+ version: '3.9'
76
62
  type: :development
77
63
  prerelease: false
78
64
  version_requirements: !ruby/object:Gem::Requirement
79
65
  requirements:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
- version: '3.4'
68
+ version: '3.9'
83
69
  - !ruby/object:Gem::Dependency
84
70
  name: rubocop
85
71
  requirement: !ruby/object:Gem::Requirement
86
72
  requirements:
87
73
  - - "~>"
88
74
  - !ruby/object:Gem::Version
89
- version: 0.35.0
75
+ version: 1.9.1
90
76
  type: :development
91
77
  prerelease: false
92
78
  version_requirements: !ruby/object:Gem::Requirement
93
79
  requirements:
94
80
  - - "~>"
95
81
  - !ruby/object:Gem::Version
96
- version: 0.35.0
82
+ version: 1.9.1
97
83
  - !ruby/object:Gem::Dependency
98
84
  name: timecop
99
85
  requirement: !ruby/object:Gem::Requirement
100
86
  requirements:
101
87
  - - "~>"
102
88
  - !ruby/object:Gem::Version
103
- version: 0.8.0
89
+ version: 0.9.1
104
90
  type: :development
105
91
  prerelease: false
106
92
  version_requirements: !ruby/object:Gem::Requirement
107
93
  requirements:
108
94
  - - "~>"
109
95
  - !ruby/object:Gem::Version
110
- version: 0.8.0
96
+ version: 0.9.1
111
97
  description: RubyAudit checks your current version of Ruby and RubyGems against known
112
98
  security vulnerabilities (CVEs), alerting you if you are using an insecure version.
113
99
  It complements bundler-audit, providing complete coverage for your Ruby stack.
@@ -125,6 +111,7 @@ files:
125
111
  - ".ruby-version"
126
112
  - ".travis.yml"
127
113
  - CHANGELOG.md
114
+ - CODE_OF_CONDUCT.md
128
115
  - CONTRIBUTING.md
129
116
  - Gemfile
130
117
  - LICENSE.md
@@ -141,9 +128,9 @@ files:
141
128
  - ruby_audit.gemspec
142
129
  homepage: https://github.com/civisanalytics/ruby_audit
143
130
  licenses:
144
- - GPLv3
131
+ - GPL-3.0-or-later
145
132
  metadata: {}
146
- post_install_message:
133
+ post_install_message:
147
134
  rdoc_options: []
148
135
  require_paths:
149
136
  - lib
@@ -151,16 +138,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
151
138
  requirements:
152
139
  - - ">="
153
140
  - !ruby/object:Gem::Version
154
- version: '0'
141
+ version: '2.5'
142
+ - - "<"
143
+ - !ruby/object:Gem::Version
144
+ version: '3.1'
155
145
  required_rubygems_version: !ruby/object:Gem::Requirement
156
146
  requirements:
157
147
  - - ">="
158
148
  - !ruby/object:Gem::Version
159
149
  version: '0'
160
150
  requirements: []
161
- rubyforge_project:
162
- rubygems_version: 2.5.1
163
- signing_key:
151
+ rubygems_version: 3.2.3
152
+ signing_key:
164
153
  specification_version: 4
165
154
  summary: Checks Ruby and RubyGems against known vulnerabilities.
166
155
  test_files: []