RubyGems - ruby_audit - Versions diffs - 1.0.1 → 1.1.0 - Mend

ruby_audit 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 555d018e6be6f837e1c896e5e3a4f4b5b89e01d0
-  data.tar.gz: a322a46b3c4b53e601f43616045e7c2ff3d8b184
+  metadata.gz: 3612d5a53b16b0cf99d2be474839e2f3a5489db3
+  data.tar.gz: cdb8a71484f39baf3de2c970c9b456e0d595cf11
 SHA512:
-  metadata.gz: a07623f037e287c5b587a42d8323fe585ca5e9e785d8a112e8f491fbadf759bfac54769bd6d07eb5aea512c874bcb17c7490dbe0ea0d92bd4eda7fbf3a592429
-  data.tar.gz: b92184f83ec25d87c07ad9f673242f23e993e44bc37c92b7c71baab2b8b3c98b2f97b6a56129cf2949aad2cf27169a5f00b5a80593fcb07a4426fae21619e27f
+  metadata.gz: 020fb7a066379134b03766b26ed65a0993a73c10185e62a3f91d97d8b86f995ab37f13b967c735aa51ebb9fcb053365687445066b795da0e93cbac4a57345ad9
+  data.tar.gz: 149540b1f57e9cfa3fb526e36d5ba0e64a7212fbc1dd615d2cd333b305f9c63a8f6db66ed1d788365f33388a11f7ad7f5a1e05e3dca81851f551478f5ead3dab

data/.rubocop.yml CHANGED Viewed

@@ -11,3 +11,9 @@ Style/Documentation:
 Style/FileName:
   Exclude:
     - 'exe/ruby-audit'
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.3.0
1	+ 2.3.1

data/.travis.yml CHANGED Viewed

@@ -1,5 +1,9 @@
 language: ruby
 cache: bundler
+rvm:
+  - 2.1.10
+  - 2.2.5
+  - 2.3.1
 branches:
   only:
     - master

data/CHANGELOG.md CHANGED Viewed

@@ -1,8 +1,28 @@
 # Change Log
-## 1.0.1 (2016-02-03)
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
-### Bugs Fixed
+## Unreleased
+## [1.1.0] - 2016-09-15
+### Added
+* Added a matrix build of 2.1, 2.2, and 2.3 to Travis
+### Changed
+* Added a [Code of Conduct](CODE_OF_CONDUCT.md)
+* Bumped the bundler-audit version to 0.5
+* Bumped the RSpec version for development to 3.5
+* Bumped the Rake version for development to 11.2
+* Bumped the RuboCop version for development to 0.42
+* Bumped the Ruby version for development to 2.3.1
+## [1.0.1] - 2016-02-03
+### Fixed
 * [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
   removing unreliable last-update check
@@ -10,3 +30,8 @@
 ## 1.0.0 (2016-02-03)
 * Initial Release
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...HEAD
+[1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
+[1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316

data/CODE_OF_CONDUCT.md ADDED Viewed

@@ -0,0 +1,50 @@
+# Contributor Code of Conduct
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+Examples of unacceptable behavior by participants include:
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at opensource@civisanalytics.com.
+All complaints will be reviewed and investigated and will result in a response
+that is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/CONTRIBUTING.md CHANGED Viewed

@@ -1,6 +1,7 @@
 # Contributing to RubyAudit
-We welcome pull requests from everyone!
+We welcome bug reports and pull requests from everyone!
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 ## Getting Started

data/README.md CHANGED Viewed

@@ -2,7 +2,6 @@
 [![Build Status](https://travis-ci.org/civisanalytics/ruby_audit.svg?branch=master)](https://travis-ci.org/civisanalytics/ruby_audit)
 [![Gem Version](https://badge.fury.io/rb/ruby_audit.svg)](http://badge.fury.io/rb/ruby_audit)
-[![Dependency Status](https://gemnasium.com/civisanalytics/ruby_audit.svg)](https://gemnasium.com/civisanalytics/ruby_audit)
 RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
 It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.

data/lib/ruby_audit/scanner.rb CHANGED Viewed

@@ -23,11 +23,11 @@ module RubyAudit
     end
     def scan_ruby(options = {}, &block)
-      if RUBY_PATCHLEVEL < 0
-        version = ruby_version
-      else
-        version = "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
-      end
+      version = if RUBY_PATCHLEVEL < 0
+                  ruby_version
+                else
+                  "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
+                end
       specs = [Version.new(RUBY_ENGINE, version)]
       scan_inner(specs, 'ruby', options, &block)
     end
@@ -43,8 +43,8 @@ module RubyAudit
       # .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
       # 2.2.0preview1 -> 2.2.0.preview.1).
       `ruby --version`.split[1]
-        .gsub(/(\d)([a-z]+)/, '\1.\2')
-        .gsub(/([a-z]+)(\d)/, '\1.\2')
+                      .gsub(/(\d)([a-z]+)/, '\1.\2')
+                      .gsub(/([a-z]+)(\d)/, '\1.\2')
     end
     def rubygems_version
@@ -59,22 +59,12 @@ module RubyAudit
       specs.each do |spec|
         @database.send("check_#{type}".to_sym, spec) do |advisory|
-          unless ignore.include?(cve_id(advisory)) ||
-                 ignore.include?(osvdb_id(advisory))
+          unless ignore.include?(advisory.cve_id) ||
+                 ignore.include?(advisory.osvdb_id)
             yield UnpatchedGem.new(spec, advisory)
           end
         end
       end
     end
-    # Workaround for advisory.cve_id, present in master but not 0.4.0.
-    def cve_id(advisory)
-      "CVE-#{advisory.cve}" if advisory.cve
-    end
-    # Workaround for advisory.osvdb_id, present in master but not 0.4.0.
-    def osvdb_id(advisory)
-      "OSVDB-#{advisory.osvdb}" if advisory.osvdb
-    end
   end
 end

data/lib/ruby_audit/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubyAudit
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'.freeze
 end

data/ruby_audit.gemspec CHANGED Viewed

@@ -23,11 +23,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.add_dependency 'bundler-audit', '~> 0.4.0'
+  spec.add_dependency 'bundler-audit', '~> 0.5.0'
   spec.add_development_dependency 'bundler', '~> 1.11'
   spec.add_development_dependency 'pry', '~> 0.10.3'
-  spec.add_development_dependency 'rake', '~> 10.5'
-  spec.add_development_dependency 'rspec', '~> 3.4'
-  spec.add_development_dependency 'rubocop', '~> 0.35.0'
+  spec.add_development_dependency 'rake', '~> 11.2'
+  spec.add_development_dependency 'rspec', '~> 3.5'
+  spec.add_development_dependency 'rubocop', '~> 0.42.0'
   spec.add_development_dependency 'timecop', '~> 0.8.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_audit
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Jeff Cousens
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-02-04 00:00:00.000000000 Z
+date: 2016-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -58,42 +58,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '11.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '11.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.5'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.35.0
+        version: 0.42.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.35.0
+        version: 0.42.0
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -125,6 +125,7 @@ files:
 - ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE.md