ruby_audit 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rspec +1 -0
- data/.rubocop.yml +17 -2
- data/.ruby-version +1 -1
- data/.travis.yml +5 -0
- data/CHANGELOG.md +83 -0
- data/CODE_OF_CONDUCT.md +50 -0
- data/CONTRIBUTING.md +2 -1
- data/README.md +3 -3
- data/Rakefile +1 -1
- data/lib/ruby_audit.rb +0 -1
- data/lib/ruby_audit/cli.rb +79 -10
- data/lib/ruby_audit/database.rb +2 -11
- data/lib/ruby_audit/scanner.rb +14 -22
- data/lib/ruby_audit/version.rb +1 -1
- data/ruby_audit.gemspec +10 -11
- metadata +25 -36
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: b939a8de9d5f33649faf17b6181580235b4c40566e5582d99220bcf36588afb2
|
4
|
+
data.tar.gz: 22d2f224e26baac967f47a402f971175c3c7489af24720f31edc2d3d301efa5e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c04e0bf277cbb8ad80690abb7adb4680c811479e952e08257a9ae7a89792fb33e08acc7a1674195a88592c01a865fd47a2d71501b9642c37330dcd1f71bbca12
|
7
|
+
data.tar.gz: 5c54e924a470a1d9ecc7e8f913ddd50aa3e5d8f4540a70afa8e9636187cac3d9ecd4993d62f3bb6936d791bcc259c3bebf2ebe305e492905950c9709cc4a9d26
|
data/.rspec
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,13 +1,28 @@
|
|
1
|
-
|
1
|
+
AllCops:
|
2
|
+
TargetRubyVersion: 2.5
|
3
|
+
NewCops: enable
|
4
|
+
SuggestExtensions: false
|
5
|
+
|
6
|
+
Layout/LineLength:
|
2
7
|
Exclude:
|
3
8
|
- 'ruby_audit.gemspec'
|
4
9
|
|
5
10
|
Metrics/MethodLength:
|
6
11
|
Max: 15
|
7
12
|
|
13
|
+
Metrics/BlockLength:
|
14
|
+
IgnoredMethods:
|
15
|
+
- describe
|
16
|
+
|
8
17
|
Style/Documentation:
|
9
18
|
Enabled: false
|
10
19
|
|
11
|
-
|
20
|
+
Naming/FileName:
|
12
21
|
Exclude:
|
13
22
|
- 'exe/ruby-audit'
|
23
|
+
|
24
|
+
Style/FrozenStringLiteralComment:
|
25
|
+
Enabled: false
|
26
|
+
|
27
|
+
Style/NumericPredicate:
|
28
|
+
Enabled: false
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
3.0.0
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,88 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
4
|
+
This project adheres to [Semantic Versioning](http://semver.org/).
|
5
|
+
|
6
|
+
## [Unreleased]
|
7
|
+
|
8
|
+
## [2.0.0] - 2021-03-22
|
9
|
+
|
10
|
+
### Added
|
11
|
+
|
12
|
+
* Require bundler-audit 0.8
|
13
|
+
* Added Ruby 3.0 to the Travis matrix
|
14
|
+
|
15
|
+
### Removed
|
16
|
+
|
17
|
+
* Removed support for bundler-audit 0.7
|
18
|
+
|
19
|
+
## [1.3.0] - 2020-07-01
|
20
|
+
|
21
|
+
### Added
|
22
|
+
|
23
|
+
* Added Ruby 2.5, 2.6, and 2.7 to the Travis matrix
|
24
|
+
* Added the ability to ignore an advisory by its GHSA identifier
|
25
|
+
|
26
|
+
### Changed
|
27
|
+
|
28
|
+
* Bumped the bundler-audit version to 0.7
|
29
|
+
* Bumped the Ruby version for development to 2.7.1
|
30
|
+
* Bumped the Pry version for development to 0.13
|
31
|
+
* Bumped the Rake version for development to 13
|
32
|
+
* Bumped the Rspec version for development to 3.9
|
33
|
+
* Bumped the RuboCop version for development to 0.86
|
34
|
+
* Bumped the Timecop verison for development to 0.9
|
35
|
+
* RuboCop fixes
|
36
|
+
|
37
|
+
### Removed
|
38
|
+
|
39
|
+
* Removed Ruby 2.1 through 2.4 from the Travis matrix
|
40
|
+
* Removed the explicit Bundler dependency for development, since it is now included with RubyGems
|
41
|
+
|
42
|
+
## [1.2.0] - 2017-09-21
|
43
|
+
|
44
|
+
### Added
|
45
|
+
|
46
|
+
* Added 2.4 to the Travis matrix ([@errm])
|
47
|
+
|
48
|
+
### Changed
|
49
|
+
|
50
|
+
* Bumped the bundler-audit version to 0.6 ([@errm])
|
51
|
+
* Bumped the RuboCop version for development to 0.50 ([@errm])
|
52
|
+
* Bumped the Ruby version for development to 2.4.2 ([@errm])
|
53
|
+
|
54
|
+
## [1.1.0] - 2016-09-15
|
55
|
+
|
56
|
+
### Added
|
57
|
+
|
58
|
+
* Added a matrix build of 2.1, 2.2, and 2.3 to Travis
|
59
|
+
|
60
|
+
### Changed
|
61
|
+
|
62
|
+
* Added a [Code of Conduct](CODE_OF_CONDUCT.md)
|
63
|
+
* Bumped the bundler-audit version to 0.5
|
64
|
+
* Bumped the RSpec version for development to 3.5
|
65
|
+
* Bumped the Rake version for development to 11.2
|
66
|
+
* Bumped the RuboCop version for development to 0.42
|
67
|
+
* Bumped the Ruby version for development to 2.3.1
|
68
|
+
|
69
|
+
## [1.0.1] - 2016-02-03
|
70
|
+
|
71
|
+
### Fixed
|
72
|
+
|
73
|
+
* [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
|
74
|
+
removing unreliable last-update check
|
75
|
+
|
3
76
|
## 1.0.0 (2016-02-03)
|
4
77
|
|
5
78
|
* Initial Release
|
79
|
+
|
80
|
+
[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
|
81
|
+
[1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
|
82
|
+
[1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
|
83
|
+
[1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
|
84
|
+
[1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
|
85
|
+
[1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
|
86
|
+
[1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316
|
87
|
+
|
88
|
+
[@errm]: https://github.com/errm
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at opensource@civisanalytics.com.
|
39
|
+
All complaints will be reviewed and investigated and will result in a response
|
40
|
+
that is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
|
45
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
46
|
+
version 1.3.0, available at
|
47
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
48
|
+
|
49
|
+
[homepage]: http://contributor-covenant.org
|
50
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/CONTRIBUTING.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# Contributing to RubyAudit
|
2
2
|
|
3
|
-
We welcome pull requests from everyone!
|
3
|
+
We welcome bug reports and pull requests from everyone!
|
4
|
+
This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
4
5
|
|
5
6
|
## Getting Started
|
6
7
|
|
data/README.md
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
# RubyAudit
|
2
2
|
|
3
|
-
[![Build Status](https://travis-ci.
|
3
|
+
[![Build Status](https://travis-ci.com/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.com/civisanalytics/ruby_audit)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/ruby_audit.svg)](http://badge.fury.io/rb/ruby_audit)
|
5
|
-
[![Dependency Status](https://gemnasium.com/civisanalytics/ruby_audit.svg)](https://gemnasium.com/civisanalytics/ruby_audit)
|
6
5
|
|
7
6
|
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
|
8
7
|
It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.
|
@@ -52,7 +51,8 @@ $ ruby-audit check -n
|
|
52
51
|
## Development
|
53
52
|
|
54
53
|
After checking out the repo, run `bin/setup` to install dependencies.
|
55
|
-
|
54
|
+
You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
|
55
|
+
submodule used for testing. Then, run `rake spec` to run the tests.
|
56
56
|
You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
57
57
|
|
58
58
|
To install this gem onto your local machine, run `bundle exec rake install`.
|
data/Rakefile
CHANGED
data/lib/ruby_audit.rb
CHANGED
data/lib/ruby_audit/cli.rb
CHANGED
@@ -1,5 +1,10 @@
|
|
1
|
+
require 'thor'
|
2
|
+
|
1
3
|
module RubyAudit
|
2
|
-
class CLI <
|
4
|
+
class CLI < ::Thor
|
5
|
+
default_task :check
|
6
|
+
map '--version' => :version
|
7
|
+
|
3
8
|
desc 'check', 'Checks Ruby and RubyGems for insecure versions'
|
4
9
|
method_option :ignore, type: :array, aliases: '-i'
|
5
10
|
method_option :no_update, type: :boolean, aliases: '-n'
|
@@ -52,17 +57,81 @@ module RubyAudit
|
|
52
57
|
|
53
58
|
private
|
54
59
|
|
60
|
+
def say(message = '', color = nil)
|
61
|
+
color = nil unless $stdout.tty?
|
62
|
+
super(message.to_s, color)
|
63
|
+
end
|
64
|
+
|
65
|
+
# rubocop:disable Metrics/AbcSize
|
66
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
67
|
+
# rubocop:disable Metrics/MethodLength
|
68
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
69
|
+
def print_advisory(gem, advisory)
|
70
|
+
say 'Name: ', :red
|
71
|
+
say gem.name
|
72
|
+
|
73
|
+
say 'Version: ', :red
|
74
|
+
say gem.version
|
75
|
+
|
76
|
+
say 'Advisory: ', :red
|
77
|
+
|
78
|
+
if advisory.cve
|
79
|
+
say advisory.cve_id
|
80
|
+
elsif advisory.osvdb
|
81
|
+
say advisory.osvdb_id
|
82
|
+
elsif advisory.ghsa
|
83
|
+
say advisory.ghsa_id
|
84
|
+
end
|
85
|
+
|
86
|
+
say 'Criticality: ', :red
|
87
|
+
case advisory.criticality
|
88
|
+
when :none then say 'None'
|
89
|
+
when :low then say 'Low'
|
90
|
+
when :medium then say 'Medium', :yellow
|
91
|
+
when :high then say 'High', %i[red bold]
|
92
|
+
when :critical then say 'Critical', %i[red bold]
|
93
|
+
else say 'Unknown'
|
94
|
+
end
|
95
|
+
|
96
|
+
say 'URL: ', :red
|
97
|
+
say advisory.url
|
98
|
+
|
99
|
+
if options.verbose?
|
100
|
+
say 'Description:', :red
|
101
|
+
say
|
102
|
+
|
103
|
+
print_wrapped advisory.description, indent: 2
|
104
|
+
say
|
105
|
+
else
|
106
|
+
|
107
|
+
say 'Title: ', :red
|
108
|
+
say advisory.title
|
109
|
+
end
|
110
|
+
|
111
|
+
if advisory.patched_versions.empty?
|
112
|
+
say 'Solution: ', :red
|
113
|
+
say 'remove or disable this gem until a patch is available!', %i[red bold]
|
114
|
+
else
|
115
|
+
say 'Solution: upgrade to ', :red
|
116
|
+
say advisory.patched_versions.join(', ')
|
117
|
+
end
|
118
|
+
|
119
|
+
say
|
120
|
+
end
|
121
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
122
|
+
# rubocop:enable Metrics/MethodLength
|
123
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
124
|
+
# rubocop:enable Metrics/AbcSize
|
125
|
+
|
55
126
|
def check_for_stale_database
|
56
127
|
database = Database.new
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
say 'The database has not been updated in over 7 days', :yellow
|
65
|
-
end
|
128
|
+
return unless database.size == 89
|
129
|
+
|
130
|
+
# bundler-audit 0.4.0 comes bundled with an old verison of
|
131
|
+
# ruby-advisory-db that has 89 advisories and NO advisories for Ruby
|
132
|
+
# or RubyGems. If #size == 89, the database has never been updated.
|
133
|
+
say 'The database must be updated before using RubyAudit', :red
|
134
|
+
exit 1
|
66
135
|
end
|
67
136
|
end
|
68
137
|
end
|
data/lib/ruby_audit/database.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'bundler/audit/database'
|
2
|
+
|
1
3
|
module RubyAudit
|
2
4
|
class Database < Bundler::Audit::Database
|
3
5
|
def advisories_for(name, type)
|
@@ -24,17 +26,6 @@ module RubyAudit
|
|
24
26
|
end
|
25
27
|
end
|
26
28
|
|
27
|
-
def stale
|
28
|
-
if File.directory?(USER_PATH) &&
|
29
|
-
File.exist?(File.join(USER_PATH, '.git'))
|
30
|
-
ts = Time.parse(
|
31
|
-
`cd #{USER_PATH} && git log --date=iso8601 --pretty="%cd" -1`).utc
|
32
|
-
ts < (Date.today - 7).to_time
|
33
|
-
else
|
34
|
-
true
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
29
|
protected
|
39
30
|
|
40
31
|
def each_advisory_path(&block)
|
data/lib/ruby_audit/scanner.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
|
+
require 'bundler/audit/results/unpatched_gem'
|
2
|
+
require 'set'
|
3
|
+
|
1
4
|
module RubyAudit
|
2
|
-
class Scanner
|
5
|
+
class Scanner
|
3
6
|
class Version
|
4
7
|
def initialize(name, version)
|
5
8
|
@name = name
|
@@ -23,11 +26,11 @@ module RubyAudit
|
|
23
26
|
end
|
24
27
|
|
25
28
|
def scan_ruby(options = {}, &block)
|
26
|
-
if RUBY_PATCHLEVEL < 0
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
29
|
+
version = if RUBY_PATCHLEVEL < 0
|
30
|
+
ruby_version
|
31
|
+
else
|
32
|
+
"#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
|
33
|
+
end
|
31
34
|
specs = [Version.new(RUBY_ENGINE, version)]
|
32
35
|
scan_inner(specs, 'ruby', options, &block)
|
33
36
|
end
|
@@ -43,8 +46,8 @@ module RubyAudit
|
|
43
46
|
# .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
|
44
47
|
# 2.2.0preview1 -> 2.2.0.preview.1).
|
45
48
|
`ruby --version`.split[1]
|
46
|
-
|
47
|
-
|
49
|
+
.gsub(/(\d)([a-z]+)/, '\1.\2')
|
50
|
+
.gsub(/([a-z]+)(\d)/, '\1.\2')
|
48
51
|
end
|
49
52
|
|
50
53
|
def rubygems_version
|
@@ -52,29 +55,18 @@ module RubyAudit
|
|
52
55
|
end
|
53
56
|
|
54
57
|
def scan_inner(specs, type, options = {})
|
55
|
-
return enum_for(__method__, options) unless block_given?
|
58
|
+
return enum_for(__method__, specs, type, options) unless block_given?
|
56
59
|
|
57
60
|
ignore = Set[]
|
58
61
|
ignore += options[:ignore] if options[:ignore]
|
59
62
|
|
60
63
|
specs.each do |spec|
|
61
64
|
@database.send("check_#{type}".to_sym, spec) do |advisory|
|
62
|
-
unless ignore.
|
63
|
-
|
64
|
-
yield UnpatchedGem.new(spec, advisory)
|
65
|
+
unless ignore.intersect?(advisory.identifiers.to_set)
|
66
|
+
yield Bundler::Audit::Results::UnpatchedGem.new(spec, advisory)
|
65
67
|
end
|
66
68
|
end
|
67
69
|
end
|
68
70
|
end
|
69
|
-
|
70
|
-
# Workaround for advisory.cve_id, present in master but not 0.4.0.
|
71
|
-
def cve_id(advisory)
|
72
|
-
"CVE-#{advisory.cve}" if advisory.cve
|
73
|
-
end
|
74
|
-
|
75
|
-
# Workaround for advisory.osvdb_id, present in master but not 0.4.0.
|
76
|
-
def osvdb_id(advisory)
|
77
|
-
"OSVDB-#{advisory.osvdb}" if advisory.osvdb
|
78
|
-
end
|
79
71
|
end
|
80
72
|
end
|
data/lib/ruby_audit/version.rb
CHANGED
data/ruby_audit.gemspec
CHANGED
@@ -1,12 +1,11 @@
|
|
1
|
-
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
3
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
3
|
require 'ruby_audit/version'
|
5
4
|
|
6
5
|
Gem::Specification.new do |spec|
|
7
6
|
spec.name = 'ruby_audit'
|
8
7
|
spec.version = RubyAudit::VERSION
|
9
|
-
spec.authors = ['Jeff Cousens']
|
8
|
+
spec.authors = ['Jeff Cousens, Mike Saelim']
|
10
9
|
spec.email = ['opensource@civisanalytics.com']
|
11
10
|
|
12
11
|
spec.summary = 'Checks Ruby and RubyGems against known vulnerabilities.'
|
@@ -16,18 +15,18 @@ Gem::Specification.new do |spec|
|
|
16
15
|
'version. It complements bundler-audit, providing ' \
|
17
16
|
'complete coverage for your Ruby stack.'
|
18
17
|
spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
|
19
|
-
spec.license = '
|
18
|
+
spec.license = 'GPL-3.0-or-later'
|
20
19
|
|
20
|
+
spec.required_ruby_version = ['>= 2.5', '< 3.1']
|
21
21
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
22
|
spec.bindir = 'exe'
|
23
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
24
|
spec.require_paths = ['lib']
|
25
25
|
|
26
|
-
spec.add_dependency 'bundler-audit', '~> 0.
|
27
|
-
spec.add_development_dependency '
|
28
|
-
spec.add_development_dependency '
|
29
|
-
spec.add_development_dependency '
|
30
|
-
spec.add_development_dependency '
|
31
|
-
spec.add_development_dependency '
|
32
|
-
spec.add_development_dependency 'timecop', '~> 0.8.0'
|
26
|
+
spec.add_dependency 'bundler-audit', '~> 0.8.0'
|
27
|
+
spec.add_development_dependency 'pry', '~> 0.13.0'
|
28
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
29
|
+
spec.add_development_dependency 'rspec', '~> 3.9'
|
30
|
+
spec.add_development_dependency 'rubocop', '~> 1.9.1'
|
31
|
+
spec.add_development_dependency 'timecop', '~> 0.9.1'
|
33
32
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- Jeff Cousens
|
8
|
-
autorequire:
|
7
|
+
- Jeff Cousens, Mike Saelim
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -16,98 +16,84 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.8.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: bundler
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '1.11'
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '1.11'
|
26
|
+
version: 0.8.0
|
41
27
|
- !ruby/object:Gem::Dependency
|
42
28
|
name: pry
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
44
30
|
requirements:
|
45
31
|
- - "~>"
|
46
32
|
- !ruby/object:Gem::Version
|
47
|
-
version: 0.
|
33
|
+
version: 0.13.0
|
48
34
|
type: :development
|
49
35
|
prerelease: false
|
50
36
|
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
38
|
- - "~>"
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version: 0.
|
40
|
+
version: 0.13.0
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
42
|
name: rake
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
58
44
|
requirements:
|
59
45
|
- - "~>"
|
60
46
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
47
|
+
version: '13.0'
|
62
48
|
type: :development
|
63
49
|
prerelease: false
|
64
50
|
version_requirements: !ruby/object:Gem::Requirement
|
65
51
|
requirements:
|
66
52
|
- - "~>"
|
67
53
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
54
|
+
version: '13.0'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: rspec
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
72
58
|
requirements:
|
73
59
|
- - "~>"
|
74
60
|
- !ruby/object:Gem::Version
|
75
|
-
version: '3.
|
61
|
+
version: '3.9'
|
76
62
|
type: :development
|
77
63
|
prerelease: false
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
79
65
|
requirements:
|
80
66
|
- - "~>"
|
81
67
|
- !ruby/object:Gem::Version
|
82
|
-
version: '3.
|
68
|
+
version: '3.9'
|
83
69
|
- !ruby/object:Gem::Dependency
|
84
70
|
name: rubocop
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
86
72
|
requirements:
|
87
73
|
- - "~>"
|
88
74
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
75
|
+
version: 1.9.1
|
90
76
|
type: :development
|
91
77
|
prerelease: false
|
92
78
|
version_requirements: !ruby/object:Gem::Requirement
|
93
79
|
requirements:
|
94
80
|
- - "~>"
|
95
81
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
82
|
+
version: 1.9.1
|
97
83
|
- !ruby/object:Gem::Dependency
|
98
84
|
name: timecop
|
99
85
|
requirement: !ruby/object:Gem::Requirement
|
100
86
|
requirements:
|
101
87
|
- - "~>"
|
102
88
|
- !ruby/object:Gem::Version
|
103
|
-
version: 0.
|
89
|
+
version: 0.9.1
|
104
90
|
type: :development
|
105
91
|
prerelease: false
|
106
92
|
version_requirements: !ruby/object:Gem::Requirement
|
107
93
|
requirements:
|
108
94
|
- - "~>"
|
109
95
|
- !ruby/object:Gem::Version
|
110
|
-
version: 0.
|
96
|
+
version: 0.9.1
|
111
97
|
description: RubyAudit checks your current version of Ruby and RubyGems against known
|
112
98
|
security vulnerabilities (CVEs), alerting you if you are using an insecure version.
|
113
99
|
It complements bundler-audit, providing complete coverage for your Ruby stack.
|
@@ -125,6 +111,7 @@ files:
|
|
125
111
|
- ".ruby-version"
|
126
112
|
- ".travis.yml"
|
127
113
|
- CHANGELOG.md
|
114
|
+
- CODE_OF_CONDUCT.md
|
128
115
|
- CONTRIBUTING.md
|
129
116
|
- Gemfile
|
130
117
|
- LICENSE.md
|
@@ -141,9 +128,9 @@ files:
|
|
141
128
|
- ruby_audit.gemspec
|
142
129
|
homepage: https://github.com/civisanalytics/ruby_audit
|
143
130
|
licenses:
|
144
|
-
-
|
131
|
+
- GPL-3.0-or-later
|
145
132
|
metadata: {}
|
146
|
-
post_install_message:
|
133
|
+
post_install_message:
|
147
134
|
rdoc_options: []
|
148
135
|
require_paths:
|
149
136
|
- lib
|
@@ -151,16 +138,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
151
138
|
requirements:
|
152
139
|
- - ">="
|
153
140
|
- !ruby/object:Gem::Version
|
154
|
-
version: '
|
141
|
+
version: '2.5'
|
142
|
+
- - "<"
|
143
|
+
- !ruby/object:Gem::Version
|
144
|
+
version: '3.1'
|
155
145
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
156
146
|
requirements:
|
157
147
|
- - ">="
|
158
148
|
- !ruby/object:Gem::Version
|
159
149
|
version: '0'
|
160
150
|
requirements: []
|
161
|
-
|
162
|
-
|
163
|
-
signing_key:
|
151
|
+
rubygems_version: 3.2.3
|
152
|
+
signing_key:
|
164
153
|
specification_version: 4
|
165
154
|
summary: Checks Ruby and RubyGems against known vulnerabilities.
|
166
155
|
test_files: []
|