ruby_audit 2.2.0 → 2.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aad7870d27f5de754eade8dfe027412753fdd70707623bfd994f964647ef313c
4
- data.tar.gz: 04060d22f7942ecf43bedb7b6e0c2dd2e00e9ae23a640dcd1585a4098ba5907d
3
+ metadata.gz: f279cf36dd7235aecac769d5179ac4dd4bd827aeb63091f656a8b28a840856e8
4
+ data.tar.gz: f9e74e7dc700d31d521df493659379baf922957c9727f79efb57f9166d95cf64
5
5
  SHA512:
6
- metadata.gz: 537646b02f8ceb22f20b4b5eee82bb4eda6a09246720bd2a1bc74886e493a79acba8c008863a8cdabe00ffb4f5b2db37c6b8583ec3913bc7904904568f7fd17c
7
- data.tar.gz: 291ef39276804c663f1a3875f8428f3f01fa50bb5f96c3854e3790d77494cd71cdc37979221dad2938e68619c63bbf9d2cc6992cbdb552d72fbf95a517a289c6
6
+ metadata.gz: d0e764605a9362ba2af5e0ae830625a3496091c00d436fd655c9f582f410a00f5ecf5787bf51c2feb7c460d88bb26564d62baeaaa1c0126936c2c48c6c79828b
7
+ data.tar.gz: b0192910cf78633adb5b82a8b5cb9e43b725d3d829c240b6507e583e387f19fd1eb0bd64d317a72fcc571ec9bc1983eb5f37ec85b151c052ba6e6fa781610f37
@@ -12,7 +12,7 @@ jobs:
12
12
  test:
13
13
  strategy:
14
14
  matrix:
15
- ruby_version: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2]
15
+ ruby_version: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, 3.3]
16
16
  runs-on: ubuntu-latest
17
17
  steps:
18
18
  - uses: actions/checkout@v2
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 3.2.0
1
+ 3.3.0
data/CHANGELOG.md CHANGED
@@ -5,6 +5,24 @@ This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
+ ## [2.3.1] - 2024-05-17
9
+
10
+ ### Removed
11
+
12
+ * [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
13
+ Removed check for stale database that no longer does anything
14
+
15
+ ### Fixed
16
+
17
+ * [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
18
+ Look for rubygems advisories in the correct directory of the ruby-advisory-db
19
+
20
+ ## [2.3.0] - 2024-01-10
21
+
22
+ ### Added
23
+
24
+ * Support for Ruby 3.3
25
+
8
26
  ## [2.2.0] - 2023-01-05
9
27
 
10
28
  ### Added
@@ -90,8 +108,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
90
108
 
91
109
  * Initial Release
92
110
 
93
- [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
94
- [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
111
+ [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
112
+ [2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
113
+ [2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
114
+ [2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0
115
+ [2.0.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
95
116
  [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
96
117
  [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
97
118
  [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
data/README.md CHANGED
@@ -57,9 +57,12 @@ $ ruby-audit check -n
57
57
 
58
58
  After checking out the repo, run `bin/setup` to install dependencies.
59
59
  You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
60
- submodule used for testing. Then, run `rake spec` to run the tests.
60
+ submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
61
61
  You can also run `bin/console` for an interactive prompt that will allow you to experiment.
62
62
 
63
+ The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.
64
+ By default, the database used for actual vulnerability checks is stored at `~/.local/share/ruby-advisory-db`.
65
+
63
66
  To install this gem onto your local machine, run `bundle exec rake install`.
64
67
  To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
65
68
 
@@ -12,8 +12,6 @@ module RubyAudit
12
12
  def check
13
13
  update unless options[:no_update]
14
14
 
15
- check_for_stale_database
16
-
17
15
  scanner = Scanner.new
18
16
  vulnerable = false
19
17
 
@@ -30,7 +28,6 @@ module RubyAudit
30
28
  end
31
29
  end
32
30
 
33
- # Copied from bundler-audit master. Not present in 0.4.0.
34
31
  desc 'update', 'Updates the ruby-advisory-db'
35
32
  def update
36
33
  say 'Updating ruby-advisory-db ...'
@@ -45,14 +42,16 @@ module RubyAudit
45
42
  say 'Skipping update', :yellow
46
43
  end
47
44
 
48
- puts "ruby-advisory-db: #{Database.new.size} advisories"
45
+ database = Database.new
46
+ puts "ruby-advisory-db: #{database.size} advisories, " \
47
+ "last updated #{database.last_updated_at.utc}"
49
48
  end
50
49
 
51
50
  desc 'version', 'Prints the ruby-audit version'
52
51
  def version
53
52
  database = Database.new
54
- puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
55
- "(advisories: #{database.size})"
53
+ puts "#{File.basename($PROGRAM_NAME)} #{VERSION} " \
54
+ "(advisories: #{database.size}, last updated: #{database.last_updated_at.utc})"
56
55
  end
57
56
 
58
57
  private
@@ -122,16 +121,5 @@ module RubyAudit
122
121
  # rubocop:enable Metrics/MethodLength
123
122
  # rubocop:enable Metrics/CyclomaticComplexity
124
123
  # rubocop:enable Metrics/AbcSize
125
-
126
- def check_for_stale_database
127
- database = Database.new
128
- return unless database.size == 89
129
-
130
- # bundler-audit 0.4.0 comes bundled with an old verison of
131
- # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
132
- # or RubyGems. If #size == 89, the database has never been updated.
133
- say 'The database must be updated before using RubyAudit', :red
134
- exit 1
135
- end
136
124
  end
137
125
  end
@@ -14,8 +14,8 @@ module RubyAudit
14
14
  check(ruby, 'rubies', &block)
15
15
  end
16
16
 
17
- def check_library(library, &block)
18
- check(library, 'libraries', &block)
17
+ def check_rubygems(rubygems, &block)
18
+ check(rubygems, 'gems', &block)
19
19
  end
20
20
 
21
21
  def check(object, type = 'gems')
@@ -29,8 +29,7 @@ module RubyAudit
29
29
  protected
30
30
 
31
31
  def each_advisory_path(&block)
32
- Dir.glob(File.join(@path, '{gems,libraries,rubies}', '*', '*.yml'),
33
- &block)
32
+ Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
34
33
  end
35
34
 
36
35
  def each_advisory_path_for(name, type = 'gems', &block)
@@ -36,8 +36,8 @@ module RubyAudit
36
36
  end
37
37
 
38
38
  def scan_rubygems(options = {}, &block)
39
- specs = [Version.new('rubygems', rubygems_version)]
40
- scan_inner(specs, 'library', options, &block)
39
+ specs = [Version.new('rubygems-update', rubygems_version)]
40
+ scan_inner(specs, 'rubygems', options, &block)
41
41
  end
42
42
 
43
43
  private
@@ -1,3 +1,3 @@
1
1
  module RubyAudit
2
- VERSION = '2.2.0'.freeze
2
+ VERSION = '2.3.1'.freeze
3
3
  end
data/ruby_audit.gemspec CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
17
17
  spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
18
18
  spec.license = 'GPL-3.0-or-later'
19
19
 
20
- spec.required_ruby_version = ['>= 2.5', '< 3.3']
20
+ spec.required_ruby_version = ['>= 2.5', '< 3.4']
21
21
  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
22
  spec.bindir = 'exe'
23
23
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Cousens, Mike Saelim
8
8
  - John Zhang
9
9
  - Cristina Muñoz
10
- autorequire:
10
+ autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2023-01-17 00:00:00.000000000 Z
13
+ date: 2024-05-23 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler-audit
@@ -132,7 +132,7 @@ homepage: https://github.com/civisanalytics/ruby_audit
132
132
  licenses:
133
133
  - GPL-3.0-or-later
134
134
  metadata: {}
135
- post_install_message:
135
+ post_install_message:
136
136
  rdoc_options: []
137
137
  require_paths:
138
138
  - lib
@@ -143,15 +143,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
143
143
  version: '2.5'
144
144
  - - "<"
145
145
  - !ruby/object:Gem::Version
146
- version: '3.3'
146
+ version: '3.4'
147
147
  required_rubygems_version: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - ">="
150
150
  - !ruby/object:Gem::Version
151
151
  version: '0'
152
152
  requirements: []
153
- rubygems_version: 3.0.3.1
154
- signing_key:
153
+ rubygems_version: 3.4.10
154
+ signing_key:
155
155
  specification_version: 4
156
156
  summary: Checks Ruby and RubyGems against known vulnerabilities.
157
157
  test_files: []