yavdb 0.5.1 → 0.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f7756e8fbc8d584989454331f21dfb6767c55b09
-  data.tar.gz: 9ae89dfb16c7dca2cea1c21b51ab104e5a8cefe5
+SHA256:
+  metadata.gz: b419ba080c5a258be853b91c5e5c63bff95dc18ee4f5920432929aa3bb3f2e67
+  data.tar.gz: c195785e1b26437d64273659b48bf4266f92f6960886927f47e77228a1165b99
 SHA512:
-  metadata.gz: 6dc03d4d46b62f2f0daacb3a7a1fad2d7bd12c2ef7b3c916e00f86401085709ad0a3952c910b508f53fef8fdbca09cc73955064fb40499ac03e8340f8b8de007
-  data.tar.gz: 96a2687468ebf390ff5ba3236a66973adccdd4ffb245ec7a1f9b7e105082dec3466cb50dbb203435ddfe2fabb839a906aa71f4e817e4106de1017c0a462ae572
+  metadata.gz: 55288f2a25f94f9e8a514f95c5bb66b69b3d24968378a82894bab62525b16c9978efda200c84d1c3b36281b9872a7fa7d878eec2b185734497dc4a73936721d8
+  data.tar.gz: 9efbf7161bc446f64ed3334a51a56125e78fb8b112b477d6860bfbe151d93055a7cb6c02bee479057d10b2862b4398cf04755fe23dc83a87ef4b8c684c22ac47

data/.circleci/config.yml

@@ -4,7 +4,7 @@ jobs:
   build-lint-test:
     working_directory: ~/yavdb
     docker:
-    - image: circleci/ruby:2.3.7
+    - image: circleci/ruby:2.5.5
     steps:
     - checkout
 
@@ -27,6 +27,7 @@ jobs:
       type: shell
       command: |
         sudo gem update --system
+        gem install bundler
         bundle install --path /tmp/vendor/bundle
 
     - name: Save bundler cache

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,32 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. Windows, Linux, Mac]
+ - Ruby Version [e.g. 2.5.5]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.rubocop.yml

@@ -1,3 +1,9 @@
+inherit_from: .rubocop_todo.yml
+
+require:
+  - rubocop-performance
+  - rubocop-rspec
+
 AllCops:
   # Include common Ruby source files.
   Include:
@@ -57,7 +63,7 @@ AllCops:
   DefaultFormatter: progress
   UseCache: false
   DisplayCopNames: false
-  TargetRubyVersion: 2.3.7
+  TargetRubyVersion: 2.5.5
 
 Gemspec/OrderedDependencies:
   Enabled: true
@@ -94,18 +100,18 @@ Layout/EmptyLinesAroundModuleBody:
 Layout/ExtraSpacing:
   Enabled: true
 
-Layout/FirstParameterIndentation:
+Layout/FirstArgumentIndentation:
   Enabled: true
   EnforcedStyle: consistent
   IndentationWidth: 2
 
-Layout/IndentArray:
+Layout/FirstArrayElementIndentation:
   Enabled: true
 
-Layout/IndentAssignment:
+Layout/AssignmentIndentation:
   Enabled: true
 
-Layout/IndentHash:
+Layout/FirstHashElementIndentation:
   Enabled: true
 
 Layout/MultilineHashBraceLayout:
@@ -122,7 +128,7 @@ Layout/MultilineOperationIndentation:
 Layout/SpaceAfterComma:
   Enabled: true
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   Enabled: true
   EnforcedStyle: with_fixed_indentation
 
@@ -155,7 +161,7 @@ Lint/UselessAccessModifier:
 Lint/UselessAssignment:
   Enabled: true
 
-Lint/HandleExceptions:
+Lint/SuppressedException:
   Enabled: true
   Exclude:
   - "lib/yavdb/sources/snyk_io.rb"
@@ -168,7 +174,7 @@ Metrics/BlockLength:
   Enabled: true
   Max: 51
   Exclude:
-  - "spec/snyk_io_spec.rb"
+  - "spec/**/*"
 
 Metrics/ClassLength:
   Enabled: false
@@ -202,6 +208,14 @@ Metrics/ParameterLists:
 Performance/RedundantBlockCall:
   Enabled: true
 
+RSpec/ExampleLength:
+  Enabled: true
+  Max: 15
+
+RSpec/MultipleExpectations:
+  Enabled: true
+  Max: 14
+
 Security/MarshalLoad:
   Enabled: true
   Exclude:
@@ -324,10 +338,10 @@ Style/TrailingCommaInHashLiteral:
   Enabled: true
   EnforcedStyleForMultiline: no_comma
 
-Style/UnneededInterpolation:
+Style/RedundantInterpolation:
   Enabled: true
 
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
 
 Style/WhileUntilDo:

data/.rubocop_todo.yml

@@ -0,0 +1,13 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2019-10-09 19:40:20 +0300 using RuboCop version 0.75.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Configuration parameters: Max.
+RSpec/ExampleLength:
+  Exclude:
+    - 'spec/crawler_spec.rb'

data/.ruby-version

@@ -1 +1 @@
-2.3.7
+2.5.5

data/CONTRIBUTING.md

@@ -0,0 +1,60 @@
+## How to contribute to yavdb
+
+### Main rules
+
+* Before you open a ticket or send a pull request, [search](https://github.com/rtfpessoa/yavdb/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
+
+* If you're proposing a new feature, make sure you create an issue to let other contributors know what you are working on.
+
+* Before sending a pull request make sure your code is tested.
+
+* Before sending a pull request for a feature, be sure to run tests.
+
+* Use the same coding style as the rest of the codebase.
+
+* Use `git rebase` (not `git merge`) to sync your work from time to time with the master branch.
+
+* After creating your pull request make sure the build is passing on [CircleCI](https://circleci.com/gh/rtfpessoa/yavdb)
+and that [Codacy](https://www.codacy.com/app/rtfpessoa/yavdb) is also confident in the code quality.
+
+### Commit Style
+
+Writing good commit logs is important. A commit log should describe what changed and why.
+Follow these guidelines when writing one:
+
+1. The first line should be 50 characters or less and contain a short
+   description of the change prefixed with the name of the changed
+   subsystem (e.g. "net: add localAddress and localPort to Socket").
+2. Keep the second line blank.
+3. Wrap all other lines at 72 columns.
+
+A good commit log can look something like this:
+
+```
+subsystem: explaining the commit in one line
+
+Body of commit message is a few lines of text, explaining things
+in more detail, possibly giving some background about the issue
+being fixed, etc. etc.
+
+The body of the commit message can be several paragraphs, and
+please do proper word-wrap and keep columns shorter than about
+72 characters or so. That way `git log` will show things
+nicely even when it is indented.
+```
+
+### Developer's Certificate of Origin 1.0
+
+By making a contribution to this project, I certify that:
+
+* (a) The contribution was created in whole or in part by me and I
+  have the right to submit it under the open source license indicated
+  in the file; or
+* (b) The contribution is based upon previous work that, to the best
+  of my knowledge, is covered under an appropriate open source license
+  and I have the right under that license to submit that work with
+  modifications, whether created in whole or in part by me, under the
+  same open source license (unless I am permitted to submit under a
+  different license), as indicated in the file; or
+* (c) The contribution was provided directly to me by some other
+  person who certified (a), (b) or (c) and I have not modified it.

data/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    yavdb (0.5.1)
-      execjs (~> 2.7.0)
-      json (~> 2.1)
-      kramdown (~> 1.17)
-      oga (~> 2.15)
+    yavdb (0.5.6)
+      execjs (~> 2.7)
+      json (~> 2.2)
+      kramdown (~> 2.1)
+      oga (>= 2.15, < 4.0)
       semantic_interval (~> 0.1)
       therubyracer (~> 0.12)
       thor (~> 0.20)
@@ -16,81 +16,121 @@ GEM
   specs:
     ansi (1.5.0)
     ast (2.4.0)
+    bibliothecary (6.8.5)
+      commander
+      deb_control
+      librariesio-gem-parser
+      ox (>= 2.8.1)
+      sdl4r
+      strings
+      strings-ansi
+      toml-rb (~> 1.0)
+      typhoeus
     citrus (3.0.2)
-    codacy-coverage (2.1.0)
+    codacy-coverage (2.2.0)
       simplecov
+    colorize (0.8.1)
+    commander (4.4.7)
+      highline (~> 2.0.0)
+    deb_control (0.0.1)
+    dependency_spy (0.6.0)
+      bibliothecary (~> 6.6)
+      colorize (= 0.8.1)
+      semantic_range (~> 2.2)
+      thor (~> 0.20)
+      yavdb (~> 0.5)
     diff-lcs (1.3)
-    docile (1.3.1)
+    docile (1.3.2)
+    ethon (0.12.0)
+      ffi (>= 1.3.0)
     execjs (2.7.0)
-    jaro_winkler (1.5.2)
-    json (2.1.0)
-    kramdown (1.17.0)
-    libv8 (3.16.14.19-x86_64-linux)
-    oga (2.15)
+    ffi (1.11.3)
+    highline (2.0.3)
+    jaro_winkler (1.5.4)
+    json (2.3.0)
+    kramdown (2.2.1)
+      rexml
+    librariesio-gem-parser (1.0.0)
+    libv8 (3.16.14.19)
+    oga (3.2)
       ast
       ruby-ll (~> 2.1)
-    parallel (1.13.0)
-    parser (2.6.0.0)
+    ox (2.12.0)
+    parallel (1.19.1)
+    parser (2.7.0.2)
       ast (~> 2.4.0)
-    powerpack (0.1.2)
     rainbow (3.0.0)
-    rake (12.3.2)
+    rake (13.0.1)
     ref (2.0.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    rexml (3.2.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
-    rubocop (0.64.0)
+    rubocop (0.79.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      powerpack (~> 0.1)
+      parser (>= 2.7.0.1)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.4.0)
-    rubocop-rspec (1.32.0)
-      rubocop (>= 0.60.0)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    rubocop-performance (1.5.2)
+      rubocop (>= 0.71.0)
+    rubocop-rspec (1.37.1)
+      rubocop (>= 0.68.1)
     ruby-ll (2.1.2)
       ansi
       ast
-    ruby-progressbar (1.10.0)
+    ruby-progressbar (1.10.1)
+    sdl4r (0.9.11)
     semantic_interval (0.1.0)
-    simplecov (0.16.1)
+    semantic_range (2.2.1)
+    simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
+    strings (0.1.8)
+      strings-ansi (~> 0.1)
+      unicode-display_width (~> 1.5)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.2.0)
     therubyracer (0.12.3)
       libv8 (~> 3.16.14.15)
       ref
     thor (0.20.3)
     toml-rb (1.1.2)
       citrus (~> 3.0, > 3.0)
-    unicode-display_width (1.4.1)
+    typhoeus (1.3.1)
+      ethon (>= 0.9.0)
+    unicode-display_width (1.6.0)
+    unicode_utils (1.4.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   codacy-coverage
-  rake (~> 12.3)
+  dependency_spy
+  rake (~> 13.0)
   rspec (~> 3.8)
   rspec_junit_formatter (~> 0.4)
-  rubocop (~> 0.59)
-  rubocop-rspec (~> 1.29)
+  rubocop (~> 0.75)
+  rubocop-performance (~> 1.5.0)
+  rubocop-rspec (~> 1.36)
   simplecov
   yavdb!
 
 BUNDLED WITH
-   1.17.3
+   2.1.2

data/lib/yavdb/constants.rb

@@ -17,7 +17,7 @@
 module YAVDB
   module Constants
 
-    DEBUG = ENV['debug'].freeze
+    DEBUG = ENV['debug']
 
     YAVDB_DB_URL    = 'https://github.com/rtfpessoa/yavdb.git'
     YAVDB_DB_BRANCH = 'database'

data/lib/yavdb/crawler.rb

@@ -14,7 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-Dir[File.expand_path('sources/*.rb', __dir__)].each do |file|
+Dir[File.expand_path('sources/*.rb', __dir__)].sort.each do |file|
   require file
 end
 

data/lib/yavdb/database.rb

@@ -43,7 +43,6 @@ module YAVDB
         vulns
           .group_by(&:package_manager)
           .map do |package_manager, vunerabilities_by_pm|
-
           puts "#{package_manager}: #{vunerabilities_by_pm.length}"
 
           vunerabilities_by_pm =

data/lib/yavdb/sources/npmjs.rb

@@ -40,13 +40,13 @@ module YAVDB
           def fetch_packages_recursive(page_number)
             page = get_page_html(get_page_url(page_number), false, 'npmjs/feed')
 
-            script_tag = page.css('script').find { |script| script.text.include?('window.__context__') }.text
-            context = ExecJS.compile("var window = {};\n#{script_tag.force_encoding('utf-8')};")
+            script_tag    = page.css('script').find { |script| script.text.include?('window.__context__') }.text
+            context       = ExecJS.compile("var window = {};\n#{script_tag.force_encoding('utf-8')};")
             advisory_data = context.exec('return window.__context__.context.advisoriesData')
 
             packages = advisory_data['objects']
 
-            next_url = advisory_data['urls']['next']
+            next_url      = advisory_data['urls']['next']
             next_packages = if next_url && !next_url&.include?("page=#{page_number}")
                               fetch_packages_recursive(page_number + 1)
                             else
@@ -62,7 +62,7 @@ module YAVDB
 
           def create(package)
             published_date = Date.strptime(package['created'], '%s')
-            updated_date = Date.strptime(package['updated'], '%s')
+            updated_date   = Date.strptime(package['updated'], '%s')
 
             cves = package['cves'] || []
 
@@ -103,18 +103,18 @@ module YAVDB
           end
 
           def get_page_url(page)
-            "#{API_URL}/advisories?page=#{page}&perPage=300&order=-id"
+            "#{API_URL}/advisories?page=#{page}&perPage=100&order=-id"
           end
 
           def parse_severity(severity)
             case severity
-              when 'low' then
+              when 'low'
                 'low'
-              when 'moderate' then
+              when 'moderate'
                 'medium'
-              when 'high' then
+              when 'high'
                 'high'
-              when 'critical' then
+              when 'critical'
                 'high'
               else
                 'high'

data/lib/yavdb/sources/ruby_advisory.rb

@@ -107,9 +107,9 @@ module YAVDB
 
           def severity_level(cvss_score)
             case cvss_score
-              when 0.0..3.3 then
+              when 0.0..3.3
                 'low'
-              when 3.3..6.6 then
+              when 3.3..6.6
                 'medium'
               else
                 'high'

data/lib/yavdb/sources/rustsec.rb

@@ -25,7 +25,7 @@ module YAVDB
     module RustSec
       class Client
 
-        REPOSITORY_URL = 'https://github.com/RustSec/advisory-db'.freeze
+        REPOSITORY_URL  = 'https://github.com/RustSec/advisory-db'.freeze
         PACKAGE_MANAGER = 'cargo'.freeze
 
         def self.advisories
@@ -44,19 +44,21 @@ module YAVDB
           private
 
           def create(advisory_hash)
-            date = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
-            severity = 'high' # since no value is provided will use highest
-            cve = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') }
+            date       = Date.strptime(advisory_hash['date'].to_s, '%Y-%m-%d')
+            severity   = 'high' # since no value is provided will use highest
+            cve        = advisory_hash['aliases']&.select { |a| a.start_with?('CVE') }
             references = advisory_hash['url'] && [advisory_hash['url']]
 
             vuln_id = "rustsec:cargo:#{advisory_hash['package']}:#{advisory_hash['id']}"
 
+            vulnerable_versions = (['*'] if (advisory_hash['unaffected_versions'].nil? || advisory_hash['unaffected_versions'].empty?) && (advisory_hash['patched_versions'].nil? || advisory_hash['patched_versions'].empty?))
+
             YAVDB::Advisory.new(
               vuln_id,
               advisory_hash['title'],
               advisory_hash['description'],
               advisory_hash['package'],
-              nil,
+              vulnerable_versions,
               advisory_hash['unaffected_versions'],
               advisory_hash['patched_versions'],
               severity,

data/lib/yavdb/sources/snyk_io.rb

@@ -47,7 +47,7 @@ module YAVDB
           urls.map do |advisory_url|
             advisory_page = get_page_html(advisory_url, true, 'snyk.io/advisories')
             create(advisory_url, advisory_page)
-          end
+          end.reject(&:nil?)
         end
 
         class << self
@@ -66,7 +66,7 @@ module YAVDB
             page_vuln_urls = snykio
                                .css('table tbody tr td span a')
                                .map { |anchor| anchor.get('href') }
-                               .map { |link| link if link =~ %r{\/vuln\/.+} }.compact
+                               .map { |link| link if %r{\/vuln\/.+}.match?(link) }.compact
 
             next_urls = if page_vuln_urls.any?
                           next_url = snykio.css('a.pagination__next')
@@ -92,15 +92,16 @@ module YAVDB
             severity = advisory_page.css('span.label__text').text.gsub(%r{(.*?) severity}, '\1')
 
             package_manager = advisory_page.css('.breadcrumbs__list-item')[1].text.gsub(%r{\s+}, '').downcase
-            package_manager = PACKAGE_MANAGER_ALIAS[package_manager] || raise("Could not find alias for package manager #{package_manager}")
+            package_manager = PACKAGE_MANAGER_ALIAS[package_manager] || return
 
             title = utf8(advisory_page.css('h1.header__title span.header__title__text').text)
 
             affected_package = advisory_page.css('.custom-package-name').text
             affected_package = advisory_page.css('.header__lede .breadcrumbs__list-item__link').text if affected_package.empty?
 
-            vulnerable_versions = advisory_page.css('.custom-affected-versions').text.strip
-            vulnerable_versions = if vulnerable_versions.empty? || vulnerable_versions == 'ALL'
+            vulnerable_versions = (advisory_page.css('.custom-affected-versions') ||
+              advisory_page.css('.header__lede strong').drop(1).first).text.strip
+            vulnerable_versions = if vulnerable_versions.empty? || vulnerable_versions == 'ALL' || vulnerable_versions == '(,)'
                                     ['*']
                                   elsif ['maven', 'nuget', 'pypi'].include?(package_manager)
                                     [vulnerable_versions]
@@ -168,30 +169,22 @@ module YAVDB
               body   = section[:body]
 
               case header.text
-                when 'Overview' then
+                when %r{^(Overview|Details)$} then
                   overview_str = body
                                    .map(&:to_xml)
+                                   .map { |e| e.force_encoding('UTF-8') }
                                    .join("\n")
-                                   .force_encoding('UTF-8')
                   begin
-                    data[:description] += '\n' if data[:description]
-                    data[:description] = '' unless data[:description]
+                    if data[:description]
+                      data[:description] += '\n'
+                    else
+                      data[:description] = ''
+                    end
+
                     data[:description] += utf8(Kramdown::Document.new(overview_str, :html_to_native => true).to_kramdown)
                   rescue StandardError
                     # ignore
                   end
-                when 'Details' then
-                  details_str = body
-                                  .map(&:to_xml)
-                                  .join("\n")
-                                  .force_encoding('UTF-8')
-                  begin
-                    data[:description] += '\n' if data[:description]
-                    data[:description] = '' unless data[:description]
-                    data[:description] += utf8(Kramdown::Document.new(details_str, :html_to_native => true).to_kramdown)
-                  rescue StandardError
-                    # ignore
-                  end
                 when 'References' then
                   references = []
                   if body.any?
@@ -211,19 +204,19 @@ module YAVDB
 
             advisory_page.css('.l-col .card .card__content dl > *').each_slice(2).to_a.map do |key, value|
               case key.text
-                when 'Credit' then
+                when 'Credit'
                   data[:credit] = utf8(value.text.split(',').map { |str| str.strip.sub(%r{-\s*}, '') }.reject(&:empty?))
-                when 'CVE' then
+                when 'CVE'
                   data[:cve] = value.css('a').map { |a| a.text.strip.split(',') }.flatten.map(&:strip).reject(&:empty?)
-                when 'CWE' then
+                when 'CWE'
                   data[:cwe] = value.css('a').map { |a| a.text.strip.split(',') }.flatten.map(&:strip).reject(&:empty?)
-                when 'Snyk ID' then
+                when 'Snyk ID'
                   data[:id] = value.text.strip
-                when 'Disclosed' then
+                when 'Disclosed'
                   data[:disclosed_date] = value.text.strip
-                when 'Published' then
+                when 'Published'
                   data[:published_date] = value.text.strip
-                when 'Last modified' then
+                when 'Last modified'
                   data[:last_modified_date] = value.text.strip
               end
             end

data/lib/yavdb/sources/victims.rb

@@ -95,9 +95,9 @@ module YAVDB
 
           def severity(cvss_score)
             case cvss_score
-              when 0.0..3.3 then
+              when 0.0..3.3
                 'low'
-              when 3.3..6.6 then
+              when 3.3..6.6
                 'medium'
               else
                 'high'

data/lib/yavdb/utils/http.rb

@@ -45,15 +45,15 @@ module YAVDB
           begin
             response = Net::HTTP.get_response(url)
             case response
-              when Net::HTTPNotFound then
+              when Net::HTTPNotFound
                 raise ArgumentError, 'page not found'
-              when Net::HTTPTooManyRequests then
+              when Net::HTTPTooManyRequests
                 raise ArgumentError, 'too many requests'
               else
                 response.body.lines
             end
-          rescue StandardError => exception
-            raise exception if retries.zero?
+          rescue StandardError => e
+            raise e if retries.zero?
 
             puts "Going to retry #{url}"
             retries -= 1

data/lib/yavdb/version.rb

@@ -16,6 +16,6 @@
 
 module YAVDB
 
-  VERSION = '0.5.1'
+  VERSION = '0.5.6'
 
 end

data/yavdb.gemspec

@@ -21,24 +21,26 @@ Gem::Specification.new do |spec|
   spec.executables = ['yavdb', 'vulndb', 'vulnerabilitydb']
   spec.require_paths = ['lib']
 
-  spec.required_ruby_version = '>= 2.3.7'
+  spec.required_ruby_version = '>= 2.5.5'
 
   # Development
   spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rake', ['~> 12.3']
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', ['~> 3.8']
   spec.add_development_dependency 'rspec_junit_formatter', ['~> 0.4']
   spec.add_development_dependency 'simplecov'
 
   # Linters
-  spec.add_development_dependency 'rubocop', ['~> 0.59']
-  spec.add_development_dependency 'rubocop-rspec', ['~> 1.29']
+  spec.add_development_dependency 'dependency_spy'
+  spec.add_development_dependency 'rubocop', ['~> 0.75']
+  spec.add_development_dependency 'rubocop-performance', ['~> 1.5.0']
+  spec.add_development_dependency 'rubocop-rspec', ['~> 1.36']
 
   # Runtime
-  spec.add_runtime_dependency 'execjs', ['~> 2.7.0']
-  spec.add_runtime_dependency 'json', ['~> 2.1']
-  spec.add_runtime_dependency 'kramdown', ['~> 1.17']
-  spec.add_runtime_dependency 'oga', ['~> 2.15']
+  spec.add_runtime_dependency 'execjs', ['~> 2.7']
+  spec.add_runtime_dependency 'json', ['~> 2.2']
+  spec.add_runtime_dependency 'kramdown', ['~> 2.1']
+  spec.add_runtime_dependency 'oga', '>= 2.15', '< 4.0'
   spec.add_runtime_dependency 'semantic_interval', ['~> 0.1']
   spec.add_runtime_dependency 'therubyracer', ['~> 0.12']
   spec.add_runtime_dependency 'thor', ['~> 0.20']

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yavdb
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.6
 platform: ruby
 authors:
 - Rodrigo Fernandes
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-04 00:00:00.000000000 Z
+date: 2020-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codacy-coverage
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -80,90 +80,124 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: dependency_spy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.59'
+        version: '0.75'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.75'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.5.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.59'
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.29'
+        version: '1.36'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.29'
+        version: '1.36'
 - !ruby/object:Gem::Dependency
   name: execjs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: kramdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: oga
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.15'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.15'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: semantic_interval
   requirement: !ruby/object:Gem::Requirement
@@ -232,11 +266,15 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/ISSUE_TEMPLATE/bug_report.md"
+- ".github/ISSUE_TEMPLATE/feature_request.md"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".rubocop_todo.yml"
 - ".ruby-version"
 - CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -280,7 +318,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.7
+      version: 2.5.5
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -288,7 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: The Free and Open Source vulnerability database.