ruby_audit 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a37c98041a8f0f867ac25c7d9294035612adf005
-  data.tar.gz: 6315f1277b519e00030dde661ce471eba79366d4
+SHA256:
+  metadata.gz: 529f49e7e88c457cb4c29a4aace7564b7753d2252541d61a4383110e6a7e8b48
+  data.tar.gz: cd616a710742a529c9782f032980e3d6c350aab2e6bff3c683b5886d2123e39e
 SHA512:
-  metadata.gz: c5f92890f816a5a5c496081c097051fd7d889db1503fc245893db3029efb7e0da1a1282428f1da45f1db28c09d0c81143e4583d9e42f1655ed0ddea8cf33323c
-  data.tar.gz: 2814899f17162b460a87751ee2639cf12150c4302de7d9f71e60da7f2e31c4c935fa3ed96b397934ddac6161147cfd8942ceded675999b65056dd8b71e210633
+  metadata.gz: ce3763a7c324c47adf80a8558e6b3f11ed579730f7ebca3a726e40bd3a23ee98928c7f3dc6c3fc63823010a9cdc2c56672c4e58a6cb2a6cf1118ef7bfcbcf9d5
+  data.tar.gz: aab0478eb61ab75e739d6197394cf0bd6dac75bf96f66c94cd115329a510f82f0917837374d226266cec043383759b59ce3cebd904d0df9858532354cc5b140c

data/.ruby-version

@@ -1 +1 @@
-2.4.2
+2.7.1

data/.travis.yml

@@ -1,10 +1,9 @@
 language: ruby
 cache: bundler
 rvm:
-  - 2.1.10
-  - 2.2.8
-  - 2.3.5
-  - 2.4.2
+  - 2.5.8
+  - 2.6.6
+  - 2.7.1
 branches:
   only:
     - master

data/CHANGELOG.md

@@ -5,6 +5,29 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [1.3.0] - 2020-07-01
+
+### Added
+
+* Added Ruby 2.5, 2.6, and 2.7 to the Travis matrix
+* Added the ability to ignore an advisory by its GHSA identifier
+
+### Changed
+
+* Bumped the bundler-audit version to 0.7
+* Bumped the Ruby version for development to 2.7.1
+* Bumped the Pry version for development to 0.13
+* Bumped the Rake version for development to 13
+* Bumped the Rspec version for development to 3.9
+* Bumped the RuboCop version for development to 0.86
+* Bumped the Timecop verison for development to 0.9
+* RuboCop fixes
+
+### Removed
+
+* Removed Ruby 2.1 through 2.4 from the Travis matrix
+* Removed the explicit Bundler dependency for development, since it is now included with RubyGems
+
 ## [1.2.0] - 2017-09-21
 
 ### Added
@@ -43,7 +66,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 * Initial Release
 
-[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...HEAD
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...HEAD
+[1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
 [1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1

data/README.md

@@ -51,7 +51,8 @@ $ ruby-audit check -n
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies.
-Then, run `rake spec` to run the tests.
+You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
+submodule used for testing. Then, run `rake spec` to run the tests.
 You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`.

data/lib/ruby_audit/cli.rb

@@ -55,6 +55,7 @@ module RubyAudit
     def check_for_stale_database
       database = Database.new
       return unless database.size == 89
+
       # bundler-audit 0.4.0 comes bundled with an old verison of
       # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
       # or RubyGems. If #size == 89, the database has never been updated.

data/lib/ruby_audit/scanner.rb

@@ -59,10 +59,7 @@ module RubyAudit
 
       specs.each do |spec|
         @database.send("check_#{type}".to_sym, spec) do |advisory|
-          unless ignore.include?(advisory.cve_id) ||
-                 ignore.include?(advisory.osvdb_id)
-            yield UnpatchedGem.new(spec, advisory)
-          end
+          yield UnpatchedGem.new(spec, advisory) unless ignore.intersect?(advisory.identifiers.to_set)
         end
       end
     end

data/lib/ruby_audit/version.rb

@@ -1,3 +1,3 @@
 module RubyAudit
-  VERSION = '1.2.0'.freeze
+  VERSION = '1.3.0'.freeze
 end

data/ruby_audit.gemspec

@@ -1,11 +1,11 @@
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'ruby_audit/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'ruby_audit'
   spec.version       = RubyAudit::VERSION
-  spec.authors       = ['Jeff Cousens']
+  spec.authors       = ['Jeff Cousens, Mike Saelim']
   spec.email         = ['opensource@civisanalytics.com']
 
   spec.summary       = 'Checks Ruby and RubyGems against known vulnerabilities.'
@@ -22,11 +22,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'bundler-audit', '~> 0.6.0'
-  spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'pry', '~> 0.10.3'
-  spec.add_development_dependency 'rake', '~> 11.2'
-  spec.add_development_dependency 'rspec', '~> 3.5'
-  spec.add_development_dependency 'rubocop', '~> 0.50.0'
-  spec.add_development_dependency 'timecop', '~> 0.8.0'
+  spec.add_dependency 'bundler-audit', '~> 0.7.0'
+  spec.add_development_dependency 'pry', '~> 0.13.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.9'
+  spec.add_development_dependency 'rubocop', '~> 0.86.0'
+  spec.add_development_dependency 'timecop', '~> 0.9.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_audit
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
-- Jeff Cousens
+- Jeff Cousens, Mike Saelim
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-09-21 00:00:00.000000000 Z
+date: 2020-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -16,98 +16,84 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.3
+        version: 0.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.10.3
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.2'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.2'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.50.0
+        version: 0.86.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.50.0
+        version: 0.86.0
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: 0.9.1
 description: RubyAudit checks your current version of Ruby and RubyGems against known
   security vulnerabilities (CVEs), alerting you if you are using an insecure version.
   It complements bundler-audit, providing complete coverage for your Ruby stack.
@@ -159,8 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Checks Ruby and RubyGems against known vulnerabilities.