commit rubygem-bundler-audit for openSUSE:Factory

Hello community, here is the log from the commit of package rubygem-bundler-audit for openSUSE:Factory checked in at 2019-06-19 20:59:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-bundler-audit (Old) and /work/SRC/openSUSE:Factory/.rubygem-bundler-audit.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-bundler-audit" Wed Jun 19 20:59:28 2019 rev:4 rq:705981 version:0.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-bundler-audit/rubygem-bundler-audit.changes 2017-09-26 21:13:43.440288442 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-bundler-audit.new.4811/rubygem-bundler-audit.changes 2019-06-19 20:59:29.514039751 +0200 @@ -1,0 +2,10 @@ +Sat Mar 2 15:07:09 UTC 2019 - Stephan Kulow + +- updated to version 0.6.1 + see installed ChangeLog.md + + ### 0.6.1 / 2019-01-17 + + * Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0. + +------------------------------------------------------------------- Old: ---- bundler-audit-0.6.0.gem New: ---- bundler-audit-0.6.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-bundler-audit.spec ++++++ --- /var/tmp/diff_new_pack.D3O06o/_old 2019-06-19 20:59:30.098040274 +0200 +++ /var/tmp/diff_new_pack.D3O06o/_new 2019-06-19 20:59:30.102040278 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-bundler-audit # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-bundler-audit -Version: 0.6.0 +Version: 0.6.1 Release: 0 %define mod_name bundler-audit %define mod_full_name %{mod_name}-%{version} @@ -34,10 +34,10 @@ BuildRequires: ruby-macros >= 5 BuildRequires: update-alternatives Url: https://github.com/rubysec/bundler-audit#readme -Source: http://rubygems.org/gems/%{mod_full_name}.gem +Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml Summary: Patch-level verification for Bundler -License: GPL-3.0+ +License: GPL-3.0-or-later Group: Development/Languages/Ruby PreReq: update-alternatives ++++++ bundler-audit-0.6.0.gem -> bundler-audit-0.6.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.travis.yml new/.travis.yml --- old/.travis.yml 2017-07-19 01:17:52.000000000 +0200 +++ new/.travis.yml 2019-01-18 05:19:35.000000000 +0100 @@ -1,8 +1,9 @@ language: ruby rvm: - - 2.1.8 - - 2.2.4 - - 2.3.0 + - 2.3 + - 2.4 + - 2.5 + - 2.6 - jruby - rbx-3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ChangeLog.md new/ChangeLog.md --- old/ChangeLog.md 2017-07-19 01:17:52.000000000 +0200 +++ new/ChangeLog.md 2019-01-18 05:19:35.000000000 +0100 @@ -1,3 +1,7 @@ +### 0.6.1 / 2019-01-17 + +* Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0. + ### 0.6.0 / 2017-07-18 * Added `--quiet` option to `check` and `update` commands (@jaredbeck). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2017-07-19 01:17:52.000000000 +0200 +++ new/Gemfile 2019-01-18 05:19:35.000000000 +0100 @@ -8,6 +8,6 @@ gem 'rubygems-tasks', '~> 0.2' gem 'rspec', '~> 3.0' - gem 'yard', '~> 0.8' + gem 'yard', '~> 0.9' gem 'simplecov', '~> 0.7', :require => false end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2017-07-19 01:17:52.000000000 +0200 +++ new/README.md 2019-01-18 05:19:35.000000000 +0100 @@ -3,13 +3,13 @@ * [Homepage](https://github.com/rubysec/bundler-audit#readme) * [Issues](https://github.com/rubysec/bundler-audit/issues) * [Documentation](http://rubydoc.info/gems/bundler-audit/frames) -* [Email](mailto:rubysec.mod3 at gmail.com) +* [Email](mailto:postmodern.mod3 at gmail.com) * [](https://travis-ci.org/rubysec/bundler-audit) * [](https://codeclimate.com/github/rubysec/bundler-audit) ## Description -Patch-level verification for [Bundler][bundler]. +Patch-level verification for [bundler]. ## Features @@ -127,8 +127,8 @@ ## Requirements -* [Ruby] >= 1.9.3 -* [RubyGems] >= 1.8 +* [ruby] >= 1.9.3 +* [rubygems] >= 1.8 * [thor] ~> 0.18 * [bundler] ~> 1.2 @@ -139,12 +139,12 @@ ## Contributing 1. Clone the repo -1. `git submodule update --init` # To populate data dir. +1. `git submodule update --init` # To populate data/ruby-advisory-db 1. `bundle exec rake` ## License -Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) bundler-audit is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -159,8 +159,8 @@ You should have received a copy of the GNU General Public License along with bundler-audit. If not, see http://www.gnu.org/licenses/. -[Ruby]: https://ruby-lang.org -[RubyGems]: https://rubygems.org +[ruby]: https://ruby-lang.org +[rubygems]: https://rubygems.org [thor]: http://whatisthor.com/ [bundler]: https://github.com/carlhuda/bundler#readme Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemspec.yml new/gemspec.yml --- old/gemspec.yml 2017-07-19 01:17:52.000000000 +0200 +++ new/gemspec.yml 2019-01-18 05:19:35.000000000 +0100 @@ -11,4 +11,4 @@ dependencies: thor: ~> 0.18 - bundler: ~> 1.2 + bundler: ">= 1.2.0, < 3" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/advisory.rb new/lib/bundler/audit/advisory.rb --- old/lib/bundler/audit/advisory.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit/advisory.rb 2019-01-18 05:19:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) # # bundler-audit is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/cli.rb new/lib/bundler/audit/cli.rb --- old/lib/bundler/audit/cli.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit/cli.rb 2019-01-18 05:19:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) # # bundler-audit is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/database.rb new/lib/bundler/audit/database.rb --- old/lib/bundler/audit/database.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit/database.rb 2019-01-18 05:19:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) # # bundler-audit is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/scanner.rb new/lib/bundler/audit/scanner.rb --- old/lib/bundler/audit/scanner.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit/scanner.rb 2019-01-18 05:19:35.000000000 +0100 @@ -36,11 +36,14 @@ # @param [String] root # The path to the project root. # - def initialize(root=Dir.pwd) + # @param [String] gemfile_lock + # Alternative name for the `Gemfile.lock` file. + # + def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock') @root = File.expand_path(root) @database = Database.new @lockfile = LockfileParser.new( - File.read(File.join(@root,'Gemfile.lock')) + File.read(File.join(@root,gemfile_lock)) ) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/version.rb new/lib/bundler/audit/version.rb --- old/lib/bundler/audit/version.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit/version.rb 2019-01-18 05:19:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) # # bundler-audit is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,6 +18,6 @@ module Bundler module Audit # bundler-audit version - VERSION = '0.6.0' + VERSION = '0.6.1' end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit.rb new/lib/bundler/audit.rb --- old/lib/bundler/audit.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/lib/bundler/audit.rb 2019-01-18 05:19:35.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com) +# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com) # # bundler-audit is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2017-07-19 01:17:52.000000000 +0200 +++ new/metadata 2019-01-18 05:19:35.000000000 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: bundler-audit version: !ruby/object:Gem::Version - version: 0.6.0 + version: 0.6.1 platform: ruby authors: - Postmodern autorequire: bindir: bin cert_chain: [] -date: 2017-07-18 00:00:00.000000000 Z +date: 2019-01-18 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: thor @@ -28,16 +28,22 @@ name: bundler requirement: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" + - !ruby/object:Gem::Version + version: 1.2.0 + - - "<" - !ruby/object:Gem::Version - version: '1.2' + version: '3' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - - "~>" + - - ">=" + - !ruby/object:Gem::Version + version: 1.2.0 + - - "<" - !ruby/object:Gem::Version - version: '1.2' + version: '3' description: bundler-audit provides patch-level verification for Bundled apps. email: postmodern.mod3@gmail.com executables: @@ -472,7 +478,7 @@ version: 1.8.0 requirements: [] rubyforge_project: -rubygems_version: 2.5.2 +rubygems_version: 2.7.6 signing_key: specification_version: 4 summary: Patch-level verification for Bundler diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/insecure_sources/Gemfile new/spec/bundle/insecure_sources/Gemfile --- old/spec/bundle/insecure_sources/Gemfile 2017-07-19 01:17:52.000000000 +0200 +++ new/spec/bundle/insecure_sources/Gemfile 2019-01-18 05:19:35.000000000 +0100 @@ -1,39 +1,4 @@ source 'http://rubygems.org' -gem 'rails', '3.2.12' - -# Bundle edge Rails instead: -# gem 'rails', :git => 'git://github.com/rails/rails.git' - -gem 'sqlite3', platform: [:mri, :rbx] - - -# Gems used only for assets and not required -# in production environments by default. -group :assets do - # gem 'sass-rails', '~> 3.2.3' - # gem 'coffee-rails', '~> 3.2.1' - - # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby - - # gem 'uglifier', '>= 1.0.3' -end - -gem 'jquery-rails', :git => 'git://github.com/rails/jquery-rails.git', - :tag => 'v2.2.1' - -# To use ActiveModel has_secure_password -# gem 'bcrypt-ruby', '~> 3.0.0' - -# To use Jbuilder templates for JSON -# gem 'jbuilder' - -# Use unicorn as the app server -# gem 'unicorn' - -# Deploy with Capistrano -# gem 'capistrano' - -# To use debugger -# gem 'debugger' +gem 'rails' +gem 'jquery-rails', git: 'git://github.com/rails/jquery-rails.git' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/secure/Gemfile new/spec/bundle/secure/Gemfile --- old/spec/bundle/secure/Gemfile 2017-07-19 01:17:52.000000000 +0200 +++ new/spec/bundle/secure/Gemfile 2019-01-18 05:19:35.000000000 +0100 @@ -1,38 +1,3 @@ source 'https://rubygems.org' -gem 'rails', '~> 4.2.7.1' - -# Bundle edge Rails instead: -# gem 'rails', :git => 'git://github.com/rails/rails.git' - -gem 'sqlite3', platform: [:mri, :rbx] - - -# Gems used only for assets and not required -# in production environments by default. -group :assets do - # gem 'sass-rails', '~> 3.2.3' - # gem 'coffee-rails', '~> 3.2.1' - - # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby - - # gem 'uglifier', '>= 1.0.3' -end - -gem 'jquery-rails' - -# To use ActiveModel has_secure_password -# gem 'bcrypt-ruby', '~> 3.0.0' - -# To use Jbuilder templates for JSON -# gem 'jbuilder' - -# Use unicorn as the app server -# gem 'unicorn' - -# Deploy with Capistrano -# gem 'capistrano' - -# To use debugger -# gem 'debugger' +gem 'rails', '~> 5.2' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/unpatched_gems/Gemfile new/spec/bundle/unpatched_gems/Gemfile --- old/spec/bundle/unpatched_gems/Gemfile 2017-07-19 01:17:52.000000000 +0200 +++ new/spec/bundle/unpatched_gems/Gemfile 2019-01-18 05:19:35.000000000 +0100 @@ -1,38 +1,3 @@ source 'https://rubygems.org' -gem 'rails', '3.2.10' - -# Bundle edge Rails instead: -# gem 'rails', :git => 'git://github.com/rails/rails.git' - -gem 'sqlite3', platform: [:mri, :rbx] - - -# Gems used only for assets and not required -# in production environments by default. -group :assets do - # gem 'sass-rails', '~> 3.2.3' - # gem 'coffee-rails', '~> 3.2.1' - - # See https://github.com/sstephenson/execjs#readme for more supported runtimes - # gem 'therubyracer', :platforms => :ruby - - # gem 'uglifier', '>= 1.0.3' -end - -gem 'jquery-rails' - -# To use ActiveModel has_secure_password -# gem 'bcrypt-ruby', '~> 3.0.0' - -# To use Jbuilder templates for JSON -# gem 'jbuilder' - -# Use unicorn as the app server -# gem 'unicorn' - -# Deploy with Capistrano -# gem 'capistrano' - -# To use debugger -# gem 'debugger' +gem 'activerecord', '4.2.7' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration_spec.rb new/spec/integration_spec.rb --- old/spec/integration_spec.rb 2017-07-19 01:17:52.000000000 +0200 +++ new/spec/integration_spec.rb 2019-01-18 05:19:35.000000000 +0100 @@ -20,13 +20,13 @@ end it "should print advisory information for the vulnerable gems" do - advisory_pattern = /(Name: [^\n]+ -Version: \d+.\d+.\d+ + advisory_pattern = %r{(Name: [^\n]+ +Version: \d+\.\d+\.\d+(\.\d+)? Advisory: CVE-[0-9]{4}-[0-9]{4} -Criticality: (High|Medium) -URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+ +Criticality: (High|Medium|Low|Unknown) +URL: https?://(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#!?&//=]*) Title: [^\n]*? -Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/ +Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+)?)*[\s\n]*?)} expect(subject).to match(advisory_pattern) expect(subject).to include("Vulnerabilities found!")