RubyGems - ruby_audit - Versions diffs - 2.3.0 → 2.3.1 - Mend

ruby_audit 2.3.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 03b8220013a541f8b113b8b6fababafecdd92de4badea9df13147d5ecc8df68a
-  data.tar.gz: 0c873a6f538b774268df8c7e670a21e28eab51348337b36bffa62aa91df09850
+  metadata.gz: f279cf36dd7235aecac769d5179ac4dd4bd827aeb63091f656a8b28a840856e8
+  data.tar.gz: f9e74e7dc700d31d521df493659379baf922957c9727f79efb57f9166d95cf64
 SHA512:
-  metadata.gz: 3e1c97decf4d3acf3b742f3d5697d9c629160f96102fc596cdc296fd52a1847d66dc3dd7f118f3084e929b93ec8b8eff04bad1b6360130052987da2c0a9015f2
-  data.tar.gz: 329e52e574282fd6b40ba7a046c8f5dfe9e2fa8680e7237abc8b936032efa86e9cf11c60b6dea4f9521c3633d8721dcdc8afb51df347d177021171496b47dbc1
+  metadata.gz: d0e764605a9362ba2af5e0ae830625a3496091c00d436fd655c9f582f410a00f5ecf5787bf51c2feb7c460d88bb26564d62baeaaa1c0126936c2c48c6c79828b
+  data.tar.gz: b0192910cf78633adb5b82a8b5cb9e43b725d3d829c240b6507e583e387f19fd1eb0bd64d317a72fcc571ec9bc1983eb5f37ec85b151c052ba6e6fa781610f37

data/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,20 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ## [Unreleased]
+## [2.3.1] - 2024-05-17
+### Removed
+* [#34](https://github.com/civisanalytics/ruby_audit/pull/34)
+Removed check for stale database that no longer does anything
+### Fixed
+* [#35](https://github.com/civisanalytics/ruby_audit/pull/35)
+Look for rubygems advisories in the correct directory of the ruby-advisory-db
+## [2.3.0] - 2024-01-10
 ### Added
 * Support for Ruby 3.3
@@ -94,8 +108,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 * Initial Release
-[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...HEAD
-[1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v2.3.0...HEAD
+[2.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.2.0...v2.3.0
+[2.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.1.0...v2.2.0
+[2.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v2.0.0...v2.1.0
+[2.0.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.3.0...v2.0.0
 [1.3.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.1...v1.1.0

data/README.md CHANGED Viewed

@@ -57,9 +57,12 @@ $ ruby-audit check -n
 After checking out the repo, run `bin/setup` to install dependencies.
 You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
-submodule used for testing. Then, run `rake spec` to run the tests.
+submodule in `/vendor` that is used for testing. Then, run `rake spec` to run the tests.
 You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+The database in `/vendor/ruby-advisory-db` is only used as a fixture for unit tests.
+By default, the database used for actual vulnerability checks is stored at `~/.local/share/ruby-advisory-db`.
 To install this gem onto your local machine, run `bundle exec rake install`.
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/ruby_audit/cli.rb CHANGED Viewed

@@ -12,8 +12,6 @@ module RubyAudit
     def check
       update unless options[:no_update]
-      check_for_stale_database
       scanner = Scanner.new
       vulnerable = false
@@ -30,7 +28,6 @@ module RubyAudit
       end
     end
-    # Copied from bundler-audit master. Not present in 0.4.0.
     desc 'update', 'Updates the ruby-advisory-db'
     def update
       say 'Updating ruby-advisory-db ...'
@@ -45,14 +42,16 @@ module RubyAudit
         say 'Skipping update', :yellow
       end
-      puts "ruby-advisory-db: #{Database.new.size} advisories"
+      database = Database.new
+      puts "ruby-advisory-db: #{database.size} advisories, " \
+           "last updated #{database.last_updated_at.utc}"
     end
     desc 'version', 'Prints the ruby-audit version'
     def version
       database = Database.new
-      puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
-           "(advisories: #{database.size})"
+      puts "#{File.basename($PROGRAM_NAME)} #{VERSION} " \
+           "(advisories: #{database.size}, last updated: #{database.last_updated_at.utc})"
     end
     private
@@ -122,16 +121,5 @@ module RubyAudit
     # rubocop:enable Metrics/MethodLength
     # rubocop:enable Metrics/CyclomaticComplexity
     # rubocop:enable Metrics/AbcSize
-    def check_for_stale_database
-      database = Database.new
-      return unless database.size == 89
-      # bundler-audit 0.4.0 comes bundled with an old verison of
-      # ruby-advisory-db that has 89 advisories and NO advisories for Ruby
-      # or RubyGems. If #size == 89, the database has never been updated.
-      say 'The database must be updated before using RubyAudit', :red
-      exit 1
-    end
   end
 end

data/lib/ruby_audit/database.rb CHANGED Viewed

@@ -14,8 +14,8 @@ module RubyAudit
       check(ruby, 'rubies', &block)
     end
-    def check_library(library, &block)
-      check(library, 'libraries', &block)
+    def check_rubygems(rubygems, &block)
+      check(rubygems, 'gems', &block)
     end
     def check(object, type = 'gems')
@@ -29,8 +29,7 @@ module RubyAudit
     protected
     def each_advisory_path(&block)
-      Dir.glob(File.join(@path, '{gems,libraries,rubies}', '*', '*.yml'),
-               &block)
+      Dir.glob(File.join(@path, '{gems,rubies}', '*', '*.yml'), &block)
     end
     def each_advisory_path_for(name, type = 'gems', &block)

data/lib/ruby_audit/scanner.rb CHANGED Viewed

@@ -36,8 +36,8 @@ module RubyAudit
     end
     def scan_rubygems(options = {}, &block)
-      specs = [Version.new('rubygems', rubygems_version)]
-      scan_inner(specs, 'library', options, &block)
+      specs = [Version.new('rubygems-update', rubygems_version)]
+      scan_inner(specs, 'rubygems', options, &block)
     end
     private

data/lib/ruby_audit/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RubyAudit
-  VERSION = '2.3.0'.freeze
+  VERSION = '2.3.1'.freeze
 end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: ruby_audit
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Jeff Cousens, Mike Saelim
 - John Zhang
 - Cristina Muñoz
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-10 00:00:00.000000000 Z
+date: 2024-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -132,7 +132,7 @@ homepage: https://github.com/civisanalytics/ruby_audit
 licenses:
 - GPL-3.0-or-later
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -150,8 +150,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key:
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Checks Ruby and RubyGems against known vulnerabilities.
 test_files: []