still_active 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/README.md +19 -5
  4. data/bin/still_active +1 -1
  5. data/lib/helpers/bundler_helper.rb +9 -4
  6. data/lib/still_active/cli.rb +6 -1
  7. data/lib/still_active/config.rb +12 -3
  8. data/lib/still_active/errors.rb +6 -0
  9. data/lib/still_active/version.rb +1 -1
  10. data/lib/still_active.rb +1 -2
  11. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: be6f4e86c6afb3564385acfaf5733cecc38845c300a8a2ef624d0b267cc93a94
4
- data.tar.gz: ec381b31257189f8f171bb5bdc4f318dfd0edd03cba957dd58b3400935ab5898
3
+ metadata.gz: 32a0544a8668d86b73edc4296a246b875e3c5bfbc5016544ea2b1133e1332bb8
4
+ data.tar.gz: bdbbaa17281dac2425cbe96a386164ae608566b3a4dd594e7e8d3d262a10f206
5
5
  SHA512:
6
- metadata.gz: dcb580e83cedb482f05fe6a2cfebc91190050339dfb4a0986075d4cc28c6f9788d96efa86a66a7a28c22d248e6b15305d78f2e7f7bcd09c82ad0e9fbbed5fd0f
7
- data.tar.gz: df4d1a5980ddb05e8cdb5c781ee72941ba4477fa71c101db6b03e089d0ffd2c8571803590467d8796841214d2fda6f9c40865ea7c16c58fcb89d632efd825cdc
6
+ metadata.gz: a63140b613dc6eb0f7fe618a4845db833524993c00ab6773699dbbd150fead81ff5f74fad283444d6d84d5aa07ef79f8cba7ab055ae3e81d720bcbeaee52f800
7
+ data.tar.gz: 00f898a6edefc7405e4e5d9a35b37c803b185b1e4e7edcbb76c8faf7eb9e93ef3e18660b1719b9db5b6d9961a4300dc1c3b017cd366bb195f6ea3e33b0f584bc
data/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # Changelog
2
2
 
3
+ ## [1.4.2] - 2026-05-22
4
+
5
+ ### Fixed
6
+
7
+ - Replaced an opaque `NoMethodError` on `nil.specs` with `StillActive::MissingLockfileError` and a clear "run `bundle lock` first" message when a Gemfile exists but no `Gemfile.lock` is reachable. Caught during the still_active-action self-test wiring.
8
+
9
+ ## [1.4.1] - 2026-05-22
10
+
11
+ ### Fixed
12
+
13
+ - `still_active --gems=X` (or any invocation that doesn't need a Gemfile) crashed with `Bundler::GemfileNotFound` when run from a directory without a Gemfile in the tree. `Config#initialize` eagerly called `Bundler.default_gemfile`. Now `gemfile_path` resolves lazily on first read and falls back to `./Gemfile` when none is reachable.
14
+
3
15
  ## [1.4.0] - 2026-05-22
4
16
 
5
17
  ### Added
data/README.md CHANGED
@@ -5,6 +5,7 @@
5
5
  `bundle outdated` tells you version drift. `bundler-audit` catches known CVEs. Neither tells you whether anyone is still working on the thing. `still_active` checks maintenance activity, version freshness, security scores, vulnerabilities, libyear drift, and archived repos for every gem in your Gemfile.
6
6
 
7
7
  [![Gem Version](https://badge.fury.io/rb/still_active.svg)](https://badge.fury.io/rb/still_active)
8
+ [![GitHub Action](https://img.shields.io/badge/Marketplace-still__active--action-2ea44f?logo=github)](https://github.com/marketplace/actions/still_active)
8
9
  ![Code Quality analysis](https://github.com/SeanLF/still_active/actions/workflows/codeql-analysis.yml/badge.svg)
9
10
  ![RSpec](https://github.com/SeanLF/still_active/actions/workflows/rspec.yml/badge.svg)
10
11
  ![Rubocop analysis](https://github.com/SeanLF/still_active/actions/workflows/rubocop-analysis.yml/badge.svg)
@@ -186,13 +187,15 @@ still_active --markdown
186
187
 
187
188
  Emit findings as SARIF 2.1.0 — they show up in the GitHub Security tab and as inline annotations on `Gemfile.lock` in pull requests.
188
189
 
190
+ > **See it live:** this repo audits itself on every push. Browse the live findings in the [Code Scanning Security tab](https://github.com/SeanLF/still_active/security/code-scanning?query=tool%3Astill_active+is%3Aopen) — currently 2× `SA005` (low OpenSSF Scorecard).
191
+
189
192
  ```bash
190
193
  still_active --sarif # writes still_active.sarif.json
191
194
  still_active --sarif=path/to/out.sarif.json
192
195
  still_active --sarif=- # stdout
193
196
  ```
194
197
 
195
- Wire it up in a workflow with `github/codeql-action/upload-sarif`:
198
+ **Easy mode** use the [`still_active-action`](https://github.com/SeanLF/still_active-action) wrapper:
196
199
 
197
200
  ```yaml
198
201
  permissions:
@@ -205,14 +208,25 @@ jobs:
205
208
  steps:
206
209
  - uses: actions/checkout@v4
207
210
  - uses: ruby/setup-ruby@v1
211
+ with: { ruby-version: '3.4' }
212
+ - uses: SeanLF/still_active-action@v0
208
213
  with:
209
- ruby-version: "3.4"
210
- bundler-cache: true
214
+ github-token: ${{ github.token }}
215
+ sarif: still_active.sarif.json
216
+ - uses: github/codeql-action/upload-sarif@v3
217
+ if: always()
218
+ with: { sarif_file: still_active.sarif.json }
219
+ ```
220
+
221
+ **Plain bundle exec** if you'd rather pin still_active in your Gemfile:
222
+
223
+ ```yaml
211
224
  - run: bundle exec still_active --sarif
225
+ env:
226
+ GITHUB_TOKEN: ${{ github.token }}
212
227
  - uses: github/codeql-action/upload-sarif@v3
213
228
  if: always()
214
- with:
215
- sarif_file: still_active.sarif.json
229
+ with: { sarif_file: still_active.sarif.json }
216
230
  ```
217
231
 
218
232
  Rule reference (SA001–SA007) and how to suppress: see [`docs/rules.md`](docs/rules.md).
data/bin/still_active CHANGED
@@ -3,7 +3,7 @@
3
3
 
4
4
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "../lib"))
5
5
 
6
- require "still_active/cli"
7
6
  require "still_active"
7
+ require "still_active/cli"
8
8
 
9
9
  StillActive::CLI.new.run(ARGV)
data/lib/helpers/bundler_helper.rb CHANGED
@@ -5,11 +5,16 @@ module StillActive
5
5
  extend self
6
6
 
7
7
  def gemfile_dependencies(gemfile_path: StillActive.config.gemfile_path)
8
- ::Bundler::SharedHelpers.set_env("BUNDLE_GEMFILE", File.expand_path(gemfile_path))
8
+ absolute_gemfile = File.expand_path(gemfile_path)
9
+ ::Bundler::SharedHelpers.set_env("BUNDLE_GEMFILE", absolute_gemfile)
9
10
  gemfile_gems = ::Bundler.definition.dependencies.map(&:name)
10
- Bundler
11
- .definition
12
- .locked_gems
11
+ locked_gems = ::Bundler.definition.locked_gems
12
+ if locked_gems.nil?
13
+ raise MissingLockfileError,
14
+ "no lockfile next to #{absolute_gemfile} — run `bundle lock` (or `bundle install`) first"
15
+ end
16
+
17
+ locked_gems
13
18
  .specs
14
19
  .select { |spec| gemfile_gems.include?(spec.name) }
15
20
  .uniq(&:name)
data/lib/still_active/cli.rb CHANGED
@@ -18,7 +18,12 @@ module StillActive
18
18
  def run(args)
19
19
  options = Options.new.parse!(args)
20
20
  unless options[:provided_gems]
21
- StillActive.config.gems = BundlerHelper.gemfile_dependencies
21
+ begin
22
+ StillActive.config.gems = BundlerHelper.gemfile_dependencies
23
+ rescue MissingLockfileError => e
24
+ $stderr.puts("error: #{e.message}")
25
+ exit(2)
26
+ end
22
27
  end
23
28
 
24
29
  result = if $stderr.tty?
data/lib/still_active/config.rb CHANGED
@@ -6,13 +6,12 @@ require "open3"
6
6
 
7
7
  module StillActive
8
8
  class Config
9
- attr_writer :github_oauth_token, :gitlab_token
9
+ attr_writer :github_oauth_token, :gitlab_token, :gemfile_path
10
10
  attr_accessor :baseline_path,
11
11
  :critical_warning_emoji,
12
12
  :fail_if_critical,
13
13
  :fail_if_warning,
14
14
  :futurist_emoji,
15
- :gemfile_path,
16
15
  :gems,
17
16
  :fail_if_outdated,
18
17
  :fail_if_vulnerable,
@@ -31,7 +30,7 @@ module StillActive
31
30
  @fail_if_outdated = nil
32
31
  @fail_if_vulnerable = nil
33
32
  @fail_if_warning = false
34
- @gemfile_path = Bundler.default_gemfile.to_s
33
+ @gemfile_path = nil
35
34
  @gems = []
36
35
  @ignored_gems = []
37
36
  @github_oauth_token = nil
@@ -66,6 +65,16 @@ module StillActive
66
65
  @gitlab_token ||= presence(ENV["GITLAB_TOKEN"]) || glab_cli_token
67
66
  end
68
67
 
68
+ # Lazy so that running with --gems=... (no Gemfile needed) doesn't crash
69
+ # when invoked from a directory without a Gemfile in the tree.
70
+ def gemfile_path
71
+ @gemfile_path ||= begin
72
+ Bundler.default_gemfile.to_s
73
+ rescue Bundler::GemfileNotFound
74
+ File.join(Dir.pwd, "Gemfile")
75
+ end
76
+ end
77
+
69
78
  private
70
79
 
71
80
  def gh_cli_token
data/lib/still_active/errors.rb ADDED
@@ -0,0 +1,6 @@
1
+ # frozen_string_literal: true
2
+
3
+ module StillActive
4
+ class Error < StandardError; end
5
+ class MissingLockfileError < Error; end
6
+ end
data/lib/still_active/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module StillActive
4
- VERSION = "1.4.0"
4
+ VERSION = "1.4.2"
5
5
  end
data/lib/still_active.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative "still_active/version"
4
+ require_relative "still_active/errors"
4
5
  require_relative "still_active/config"
5
6
  require_relative "still_active/cli"
6
7
 
@@ -9,8 +10,6 @@ require_relative "still_active/cli"
9
10
  require "faraday/retry"
10
11
 
11
12
  module StillActive
12
- class Error < StandardError; end
13
-
14
13
  class << self
15
14
  def config
16
15
  @config ||= Config.new
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: still_active
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Floyd
@@ -216,6 +216,7 @@ files:
216
216
  - lib/still_active/core_ext.rb
217
217
  - lib/still_active/deps_dev_client.rb
218
218
  - lib/still_active/diff.rb
219
+ - lib/still_active/errors.rb
219
220
  - lib/still_active/gitlab_client.rb
220
221
  - lib/still_active/options.rb
221
222
  - lib/still_active/repository.rb