ruby_audit 2.3.0 → 2.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 03b8220013a541f8b113b8b6fababafecdd92de4badea9df13147d5ecc8df68a
4
- data.tar.gz: 0c873a6f538b774268df8c7e670a21e28eab51348337b36bffa62aa91df09850
3
+ metadata.gz: f279cf36dd7235aecac769d5179ac4dd4bd827aeb63091f656a8b28a840856e8
4
+ data.tar.gz: f9e74e7dc700d31d521df493659379baf922957c9727f79efb57f9166d95cf64
5
5
  SHA512:
6
- metadata.gz: 3e1c97decf4d3acf3b742f3d5697d9c629160f96102fc596cdc296fd52a1847d66dc3dd7f118f3084e929b93ec8b8eff04bad1b6360130052987da2c0a9015f2
7
- data.tar.gz: 329e52e574282fd6b40ba7a046c8f5dfe9e2fa8680e7237abc8b936032efa86e9cf11c60b6dea4f9521c3633d8721dcdc8afb51df347d177021171496b47dbc1
6
+ metadata.gz: d0e764605a9362ba2af5e0ae830625a3496091c00d436fd655c9f582f410a00f5ecf5787bf51c2feb7c460d88bb26564d62baeaaa1c0126936c2c48c6c79828b
7
+ data.tar.gz: b0192910cf78633adb5b82a8b5cb9e43b725d3d829c240b6507e583e387f19fd1eb0bd64d317a72fcc571ec9bc1983eb5f37ec85b151c052ba6e6fa781610f37
data/CHANGELOG.md CHANGED
@@ -5,6 +5,20 @@ This project adheres to [Semantic Versioning](http://semver.org/).
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
+ ## [2.3.1] - 2024-05-17
9
+
10
+ ### Removed
11
+
12
+ * [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
13
+ Removed check for stale database that no longer does anything
14
+
15
+ ### Fixed
16
+
17
+ * [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
18
+ Look for rubygems advisories in the correct directory of the ruby-advisory-db
19
+
20
+ ## [2.3.0] - 2024-01-10
21
+
8
22
  ### Added
9
23
 
10
24
  * Support for Ruby 3.3
@@ -94,8 +108,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
94
108
 
95
109
  * Initial Release
96
110
 
97
- [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
98
- [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
111
+ [Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
112
+ [2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
113
+ [2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
114
+ [2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0
115
+ [2.0.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
99
116
  [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
100
117
  [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
101
118
  [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0
data/README.md CHANGED
@@ -57,9 +57,12 @@ $ ruby-audit check -n
57
57
 
58
58
  After checking out the repo, run `bin/setup` to install dependencies.
59
59
  You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
60
- submodule used for testing. Then, run `rake spec` to run the tests.
60
+ submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
61
61
  You can also run `bin/console` for an interactive prompt that will allow you to experiment.
62
62
 
63
+ The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.
64
+ By default, the database used for actual vulnerability checks is stored at `~/.local/share/ruby-advisory-db`.
65
+
63
66
  To install this gem onto your local machine, run `bundle exec rake install`.
64
67
  To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
65
68
 
@@ -12,8 +12,6 @@ module RubyAudit
12
12
  def check
13
13
  update unless options[:no_update]
14
14
 
15
- check_for_stale_database
16
-
17
15
  scanner = Scanner.new
18
16
  vulnerable = false
19
17
 
@@ -30,7 +28,6 @@ module RubyAudit
30
28
  end
31
29
  end
32
30
 
33
- # Copied from bundler-audit master. Not present in 0.4.0.
34
31
  desc 'update', 'Updates the ruby-advisory-db'
35
32
  def update
36
33
  say 'Updating ruby-advisory-db ...'
@@ -45,14 +42,16 @@ module RubyAudit
45
42
  say 'Skipping update', :yellow
46
43
  end
47
44
 
48
- puts "ruby-advisory-db: #{Database.new.size} advisories"
45
+ database = Database.new
46
+ puts "ruby-advisory-db: #{database.size} advisories, " \
47
+ "last updated #{database.last_updated_at.utc}"
49
48
  end
50
49
 
51
50
  desc 'version', 'Prints the ruby-audit version'
52
51
  def version
53
52
  database = Database.new
54
- puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
55
- "(advisories: #{database.size})"
53
+ puts "#{File.basename($PROGRAM_NAME)} #{VERSION} " \
54
+ "(advisories: #{database.size}, last updated: #{database.last_updated_at.utc})"
56
55
  end
57
56
 
58
57
  private
@@ -122,16 +121,5 @@ module RubyAudit
122
121
  # rubocop:enable Metrics/MethodLength
123
122
  # rubocop:enable Metrics/CyclomaticComplexity
124
123
  # rubocop:enable Metrics/AbcSize
125
-
126
- def check_for_stale_database
127
- database = Database.new
128
- return unless database.size == 89
129
-
130
- # bundler-audit 0.4.0 comes bundled with an old verison of
131
- # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
132
- # or RubyGems. If #size == 89, the database has never been updated.
133
- say 'The database must be updated before using RubyAudit', :red
134
- exit 1
135
- end
136
124
  end
137
125
  end
@@ -14,8 +14,8 @@ module RubyAudit
14
14
  check(ruby, 'rubies', &block)
15
15
  end
16
16
 
17
- def check_library(library, &block)
18
- check(library, 'libraries', &block)
17
+ def check_rubygems(rubygems, &block)
18
+ check(rubygems, 'gems', &block)
19
19
  end
20
20
 
21
21
  def check(object, type = 'gems')
@@ -29,8 +29,7 @@ module RubyAudit
29
29
  protected
30
30
 
31
31
  def each_advisory_path(&block)
32
- Dir.glob(File.join(@path, '{gems,libraries,rubies}', '*', '*.yml'),
33
- &block)
32
+ Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
34
33
  end
35
34
 
36
35
  def each_advisory_path_for(name, type = 'gems', &block)
@@ -36,8 +36,8 @@ module RubyAudit
36
36
  end
37
37
 
38
38
  def scan_rubygems(options = {}, &block)
39
- specs = [Version.new('rubygems', rubygems_version)]
40
- scan_inner(specs, 'library', options, &block)
39
+ specs = [Version.new('rubygems-update', rubygems_version)]
40
+ scan_inner(specs, 'rubygems', options, &block)
41
41
  end
42
42
 
43
43
  private
@@ -1,3 +1,3 @@
1
1
  module RubyAudit
2
- VERSION = '2.3.0'.freeze
2
+ VERSION = '2.3.1'.freeze
3
3
  end
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeff Cousens, Mike Saelim
8
8
  - John Zhang
9
9
  - Cristina Muñoz
10
- autorequire:
10
+ autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2024-01-10 00:00:00.000000000 Z
13
+ date: 2024-05-23 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler-audit
@@ -132,7 +132,7 @@ homepage: https://github.com/civisanalytics/ruby_audit
132
132
  licenses:
133
133
  - GPL-3.0-or-later
134
134
  metadata: {}
135
- post_install_message:
135
+ post_install_message:
136
136
  rdoc_options: []
137
137
  require_paths:
138
138
  - lib
@@ -150,8 +150,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
150
150
  - !ruby/object:Gem::Version
151
151
  version: '0'
152
152
  requirements: []
153
- rubygems_version: 3.0.3.1
154
- signing_key:
153
+ rubygems_version: 3.4.10
154
+ signing_key:
155
155
  specification_version: 4
156
156
  summary: Checks Ruby and RubyGems against known vulnerabilities.
157
157
  test_files: []