ruby_audit 2.3.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f279cf36dd7235aecac769d5179ac4dd4bd827aeb63091f656a8b28a840856e8
-  data.tar.gz: f9e74e7dc700d31d521df493659379baf922957c9727f79efb57f9166d95cf64
+  metadata.gz: 8f71226a262a50a961bdccdf3f2fda2a87a4eb693111f62a947740a110e7140e
+  data.tar.gz: 3f1162a9fb55f4d9c4dbb285071c4e7abeef818eea62b89abba8d1271a208bda
 SHA512:
-  metadata.gz: d0e764605a9362ba2af5e0ae830625a3496091c00d436fd655c9f582f410a00f5ecf5787bf51c2feb7c460d88bb26564d62baeaaa1c0126936c2c48c6c79828b
-  data.tar.gz: b0192910cf78633adb5b82a8b5cb9e43b725d3d829c240b6507e583e387f19fd1eb0bd64d317a72fcc571ec9bc1983eb5f37ec85b151c052ba6e6fa781610f37
+  metadata.gz: 425adb8be5ac2ed6652bfb48537e8276a07b6bf9f77824956b222648ece30c1d426e02793a81697c407f4cbad86cbd46fe8362b1b97a3013e1e321083ca4f688
+  data.tar.gz: 1a241cde3f5a558c8a8d04fc5d46d8a523c2db2f6baf3c318092bd64265c412a54a5c7330b1c2f97dc616aee1c6f0efb76febfbcd911d5ea9c3be33f19a389c2

data/.github/workflows/test.yml

@@ -12,7 +12,7 @@ jobs:
   test:
     strategy:
       matrix:
-        ruby_version: [2.5, 2.6, 2.7, '3.0', 3.1, 3.2, 3.3]
+        ruby_version: [3.1, 3.2, 3.3, 3.4, 4.0]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -21,8 +21,6 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby_version }}
           bundler-cache: true
-      - name: Install dependencies
-        run: bundle install --jobs=3 --retry=3
       - name: Initialize submodule
         run: git submodule update --init
       - name: Run tests

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+ruby_audit-*.gem

data/.rubocop.yml

@@ -1,8 +1,11 @@
 AllCops:
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 3.1
   NewCops: enable
   SuggestExtensions: false
 
+Gemspec/DevelopmentDependencies:
+  EnforcedStyle: gemspec
+
 Layout/LineLength:
   Exclude:
     - 'ruby_audit.gemspec'
@@ -11,7 +14,7 @@ Metrics/MethodLength:
   Max: 15
 
 Metrics/BlockLength:
-  IgnoredMethods:
+  AllowedMethods:
     - describe
 
 Style/Documentation:

data/.ruby-version

@@ -1 +1 @@
-3.3.0
+4.0.0

data/CHANGELOG.md

@@ -5,110 +5,132 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [3.1.0] - 2026-01-07
+
+### Added
+
+- Support for Ruby 3.4
+- Support for Ruby 4.0
+
+## [3.0.0] - 2025-01-09
+
+### Changed
+
+- Bumped Rubocop dependency to 1.64.0
+- Require MFA for rubygems operations
+
+### Removed
+
+- Removed support for Ruby 2.5 through 3.0
+- Removed Timecop dependency
+
 ## [2.3.1] - 2024-05-17
 
 ### Removed
 
-* [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
-Removed check for stale database that no longer does anything
+- [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
+  Removed check for stale database that no longer does anything
 
 ### Fixed
 
-* [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
-Look for rubygems advisories in the correct directory of the ruby-advisory-db
+- [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
+  Look for rubygems advisories in the correct directory of the ruby-advisory-db
 
 ## [2.3.0] - 2024-01-10
 
 ### Added
 
-* Support for Ruby 3.3
+- Support for Ruby 3.3
 
 ## [2.2.0] - 2023-01-05
 
 ### Added
 
-* Support for Ruby 3.2
+- Support for Ruby 3.2
 
 ## [2.1.0] - 2022-02-23
 
 ### Added
 
-* Support for ruby 3.1
-* Require bundler-audit >= 0.9
+- Support for ruby 3.1
+- Require bundler-audit >= 0.9
 
 ## [2.0.0] - 2021-03-22
 
 ### Added
 
-* Require bundler-audit 0.8
-* Added Ruby 3.0 to the Travis matrix
+- Require bundler-audit 0.8
+- Added Ruby 3.0 to the Travis matrix
 
 ### Removed
 
-* Removed support for bundler-audit 0.7
+- Removed support for bundler-audit 0.7
 
 ## [1.3.0] - 2020-07-01
 
 ### Added
 
-* Added Ruby 2.5, 2.6, and 2.7 to the Travis matrix
-* Added the ability to ignore an advisory by its GHSA identifier
+- Added Ruby 2.5, 2.6, and 2.7 to the Travis matrix
+- Added the ability to ignore an advisory by its GHSA identifier
 
 ### Changed
 
-* Bumped the bundler-audit version to 0.7
-* Bumped the Ruby version for development to 2.7.1
-* Bumped the Pry version for development to 0.13
-* Bumped the Rake version for development to 13
-* Bumped the Rspec version for development to 3.9
-* Bumped the RuboCop version for development to 0.86
-* Bumped the Timecop verison for development to 0.9
-* RuboCop fixes
+- Bumped the bundler-audit version to 0.7
+- Bumped the Ruby version for development to 2.7.1
+- Bumped the Pry version for development to 0.13
+- Bumped the Rake version for development to 13
+- Bumped the Rspec version for development to 3.9
+- Bumped the RuboCop version for development to 0.86
+- Bumped the Timecop verison for development to 0.9
+- RuboCop fixes
 
 ### Removed
 
-* Removed Ruby 2.1 through 2.4 from the Travis matrix
-* Removed the explicit Bundler dependency for development, since it is now included with RubyGems
+- Removed Ruby 2.1 through 2.4 from the Travis matrix
+- Removed the explicit Bundler dependency for development, since it is now included with RubyGems
 
 ## [1.2.0] - 2017-09-21
 
 ### Added
 
-* Added 2.4 to the Travis matrix ([@errm])
+- Added 2.4 to the Travis matrix ([@errm])
 
 ### Changed
 
-* Bumped the bundler-audit version to 0.6 ([@errm])
-* Bumped the RuboCop version for development to 0.50 ([@errm])
-* Bumped the Ruby version for development to 2.4.2 ([@errm])
+- Bumped the bundler-audit version to 0.6 ([@errm])
+- Bumped the RuboCop version for development to 0.50 ([@errm])
+- Bumped the Ruby version for development to 2.4.2 ([@errm])
 
 ## [1.1.0] - 2016-09-15
 
 ### Added
 
-* Added a matrix build of 2.1, 2.2, and 2.3 to Travis
+- Added a matrix build of 2.1, 2.2, and 2.3 to Travis
 
 ### Changed
 
-* Added a [Code of Conduct](CODE_OF_CONDUCT.md)
-* Bumped the bundler-audit version to 0.5
-* Bumped the RSpec version for development to 3.5
-* Bumped the Rake version for development to 11.2
-* Bumped the RuboCop version for development to 0.42
-* Bumped the Ruby version for development to 2.3.1
+- Added a [Code of Conduct](CODE_OF_CONDUCT.md)
+- Bumped the bundler-audit version to 0.5
+- Bumped the RSpec version for development to 3.5
+- Bumped the Rake version for development to 11.2
+- Bumped the RuboCop version for development to 0.42
+- Bumped the Ruby version for development to 2.3.1
 
 ## [1.0.1] - 2016-02-03
 
 ### Fixed
 
-* [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
+- [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
   removing unreliable last-update check
 
 ## 1.0.0 (2016-02-03)
 
-* Initial Release
+- Initial Release
 
-[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v3.1.0...HEAD
+[3.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v3.0.0...v3.1.0
+[3.0.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.1...v3.0.0
+[2.3.1]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...v2.3.1
 [2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
 [2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
 [2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0
@@ -118,5 +140,4 @@ Look for rubygems advisories in the correct directory of the ruby-advisory-db
 [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
 [1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
 [1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316
-
 [@errm]: https://github.com/errm

data/Gemfile

@@ -2,3 +2,10 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in ruby_audit.gemspec
 gemspec
+
+gem 'base64', '~> 0.2.0'
+gem 'ostruct', '~> 0.6.1'
+gem 'pry', '~> 0.14.1'
+gem 'rake', '~> 13.0'
+gem 'rspec', '~> 3.9'
+gem 'rubocop', '~> 1.69.2'

data/README.md

@@ -57,7 +57,7 @@ $ ruby-audit check -n
 
 After checking out the repo, run `bin/setup` to install dependencies.
 You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
-submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
+submodule in `/vendor` that is used for testing. Then, run `rake` to run linting and tests.
 You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.

data/lib/ruby_audit/database.rb

@@ -10,12 +10,12 @@ module RubyAudit
       end
     end
 
-    def check_ruby(ruby, &block)
-      check(ruby, 'rubies', &block)
+    def check_ruby(ruby, &)
+      check(ruby, 'rubies', &)
     end
 
-    def check_rubygems(rubygems, &block)
-      check(rubygems, 'gems', &block)
+    def check_rubygems(rubygems, &)
+      check(rubygems, 'gems', &)
     end
 
     def check(object, type = 'gems')
@@ -28,12 +28,12 @@ module RubyAudit
 
     protected
 
-    def each_advisory_path(&block)
-      Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
+    def each_advisory_path(&)
+      Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &)
     end
 
-    def each_advisory_path_for(name, type = 'gems', &block)
-      Dir.glob(File.join(@path, type, name, '*.yml'), &block)
+    def each_advisory_path_for(name, type = 'gems', &)
+      Dir.glob(File.join(@path, type, name, '*.yml'), &)
     end
   end
 end

data/lib/ruby_audit/scanner.rb

@@ -25,19 +25,19 @@ module RubyAudit
       self
     end
 
-    def scan_ruby(options = {}, &block)
+    def scan_ruby(options = {}, &)
       version = if RUBY_PATCHLEVEL < 0
                   ruby_version
                 else
                   "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
                 end
       specs = [Version.new(RUBY_ENGINE, version)]
-      scan_inner(specs, 'ruby', options, &block)
+      scan_inner(specs, 'ruby', options, &)
     end
 
-    def scan_rubygems(options = {}, &block)
+    def scan_rubygems(options = {}, &)
       specs = [Version.new('rubygems-update', rubygems_version)]
-      scan_inner(specs, 'rubygems', options, &block)
+      scan_inner(specs, 'rubygems', options, &)
     end
 
     private
@@ -61,7 +61,7 @@ module RubyAudit
       ignore += options[:ignore] if options[:ignore]
 
       specs.each do |spec|
-        @database.send("check_#{type}".to_sym, spec) do |advisory|
+        @database.send(:"check_#{type}", spec) do |advisory|
           unless ignore.intersect?(advisory.identifiers.to_set)
             yield Bundler::Audit::Results::UnpatchedGem.new(spec, advisory)
           end

data/lib/ruby_audit/version.rb

@@ -1,3 +1,3 @@
 module RubyAudit
-  VERSION = '2.3.1'.freeze
+  VERSION = '3.1.0'.freeze
 end

data/ruby_audit.gemspec

@@ -7,6 +7,7 @@ Gem::Specification.new do |spec|
   spec.version       = RubyAudit::VERSION
   spec.authors       = ['Jeff Cousens, Mike Saelim', 'John Zhang', 'Cristina Muñoz']
   spec.email         = ['opensource@civisanalytics.com']
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   spec.summary       = 'Checks Ruby and RubyGems against known vulnerabilities.'
   spec.description   = 'RubyAudit checks your current version of Ruby and ' \
@@ -17,16 +18,11 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/civisanalytics/ruby_audit'
   spec.license       = 'GPL-3.0-or-later'
 
-  spec.required_ruby_version = ['>= 2.5', '< 3.4']
+  spec.required_ruby_version = ['>= 3.1', '< 4.1']
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
   spec.add_dependency 'bundler-audit', '~> 0.9.0'
-  spec.add_development_dependency 'pry', '~> 0.14.1'
-  spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'rspec', '~> 3.9'
-  spec.add_development_dependency 'rubocop', '~> 1.9.1'
-  spec.add_development_dependency 'timecop', '~> 0.9.1'
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: ruby_audit
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Jeff Cousens, Mike Saelim
 - John Zhang
 - Cristina Muñoz
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-05-23 00:00:00.000000000 Z
+date: 2026-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -26,76 +26,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.9.0
-- !ruby/object:Gem::Dependency
-  name: pry
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.14.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.14.1
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.9'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.9.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.9.1
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.9.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.9.1
 description: RubyAudit checks your current version of Ruby and RubyGems against known
   security vulnerabilities (CVEs), alerting you if you are using an insecure version.
   It complements bundler-audit, providing complete coverage for your Ruby stack.
@@ -131,8 +61,9 @@ files:
 homepage: https://github.com/civisanalytics/ruby_audit
 licenses:
 - GPL-3.0-or-later
-metadata: {}
-post_install_message:
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -140,18 +71,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '3.1'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.4'
+      version: '4.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key: 
 specification_version: 4
 summary: Checks Ruby and RubyGems against known vulnerabilities.
 test_files: []