Hello community,
here is the log from the commit of package rubygem-bundler-audit for openSUSE:Factory checked in at 2019-06-19 20:59:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-bundler-audit (Old)
and /work/SRC/openSUSE:Factory/.rubygem-bundler-audit.new.4811 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-bundler-audit"
Wed Jun 19 20:59:28 2019 rev:4 rq:705981 version:0.6.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-bundler-audit/rubygem-bundler-audit.changes 2017-09-26 21:13:43.440288442 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-bundler-audit.new.4811/rubygem-bundler-audit.changes 2019-06-19 20:59:29.514039751 +0200
@@ -1,0 +2,10 @@
+Sat Mar 2 15:07:09 UTC 2019 - Stephan Kulow
+
+- updated to version 0.6.1
+ see installed ChangeLog.md
+
+ ### 0.6.1 / 2019-01-17
+
+ * Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
+
+-------------------------------------------------------------------
Old:
----
bundler-audit-0.6.0.gem
New:
----
bundler-audit-0.6.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-bundler-audit.spec ++++++
--- /var/tmp/diff_new_pack.D3O06o/_old 2019-06-19 20:59:30.098040274 +0200
+++ /var/tmp/diff_new_pack.D3O06o/_new 2019-06-19 20:59:30.102040278 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-bundler-audit
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-bundler-audit
-Version: 0.6.0
+Version: 0.6.1
Release: 0
%define mod_name bundler-audit
%define mod_full_name %{mod_name}-%{version}
@@ -34,10 +34,10 @@
BuildRequires: ruby-macros >= 5
BuildRequires: update-alternatives
Url: https://github.com/rubysec/bundler-audit#readme
-Source: http://rubygems.org/gems/%{mod_full_name}.gem
+Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: Patch-level verification for Bundler
-License: GPL-3.0+
+License: GPL-3.0-or-later
Group: Development/Languages/Ruby
PreReq: update-alternatives
++++++ bundler-audit-0.6.0.gem -> bundler-audit-0.6.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2017-07-19 01:17:52.000000000 +0200
+++ new/.travis.yml 2019-01-18 05:19:35.000000000 +0100
@@ -1,8 +1,9 @@
language: ruby
rvm:
- - 2.1.8
- - 2.2.4
- - 2.3.0
+ - 2.3
+ - 2.4
+ - 2.5
+ - 2.6
- jruby
- rbx-3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ChangeLog.md new/ChangeLog.md
--- old/ChangeLog.md 2017-07-19 01:17:52.000000000 +0200
+++ new/ChangeLog.md 2019-01-18 05:19:35.000000000 +0100
@@ -1,3 +1,7 @@
+### 0.6.1 / 2019-01-17
+
+* Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
+
### 0.6.0 / 2017-07-18
* Added `--quiet` option to `check` and `update` commands (@jaredbeck).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile
--- old/Gemfile 2017-07-19 01:17:52.000000000 +0200
+++ new/Gemfile 2019-01-18 05:19:35.000000000 +0100
@@ -8,6 +8,6 @@
gem 'rubygems-tasks', '~> 0.2'
gem 'rspec', '~> 3.0'
- gem 'yard', '~> 0.8'
+ gem 'yard', '~> 0.9'
gem 'simplecov', '~> 0.7', :require => false
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2017-07-19 01:17:52.000000000 +0200
+++ new/README.md 2019-01-18 05:19:35.000000000 +0100
@@ -3,13 +3,13 @@
* [Homepage](https://github.com/rubysec/bundler-audit#readme)
* [Issues](https://github.com/rubysec/bundler-audit/issues)
* [Documentation](http://rubydoc.info/gems/bundler-audit/frames)
-* [Email](mailto:rubysec.mod3 at gmail.com)
+* [Email](mailto:postmodern.mod3 at gmail.com)
* [![Build Status](https://travis-ci.org/rubysec/bundler-audit.svg)](https://travis-ci.org/rubysec/bundler-audit)
* [![Code Climate](https://codeclimate.com/github/rubysec/bundler-audit.svg)](https://codeclimate.com/github/rubysec/bundler-audit)
## Description
-Patch-level verification for [Bundler][bundler].
+Patch-level verification for [bundler].
## Features
@@ -127,8 +127,8 @@
## Requirements
-* [Ruby] >= 1.9.3
-* [RubyGems] >= 1.8
+* [ruby] >= 1.9.3
+* [rubygems] >= 1.8
* [thor] ~> 0.18
* [bundler] ~> 1.2
@@ -139,12 +139,12 @@
## Contributing
1. Clone the repo
-1. `git submodule update --init` # To populate data dir.
+1. `git submodule update --init` # To populate data/ruby-advisory-db
1. `bundle exec rake`
## License
-Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
bundler-audit is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -159,8 +159,8 @@
You should have received a copy of the GNU General Public License
along with bundler-audit. If not, see http://www.gnu.org/licenses/.
-[Ruby]: https://ruby-lang.org
-[RubyGems]: https://rubygems.org
+[ruby]: https://ruby-lang.org
+[rubygems]: https://rubygems.org
[thor]: http://whatisthor.com/
[bundler]: https://github.com/carlhuda/bundler#readme
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemspec.yml new/gemspec.yml
--- old/gemspec.yml 2017-07-19 01:17:52.000000000 +0200
+++ new/gemspec.yml 2019-01-18 05:19:35.000000000 +0100
@@ -11,4 +11,4 @@
dependencies:
thor: ~> 0.18
- bundler: ~> 1.2
+ bundler: ">= 1.2.0, < 3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/advisory.rb new/lib/bundler/audit/advisory.rb
--- old/lib/bundler/audit/advisory.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit/advisory.rb 2019-01-18 05:19:35.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/cli.rb new/lib/bundler/audit/cli.rb
--- old/lib/bundler/audit/cli.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit/cli.rb 2019-01-18 05:19:35.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/database.rb new/lib/bundler/audit/database.rb
--- old/lib/bundler/audit/database.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit/database.rb 2019-01-18 05:19:35.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/scanner.rb new/lib/bundler/audit/scanner.rb
--- old/lib/bundler/audit/scanner.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit/scanner.rb 2019-01-18 05:19:35.000000000 +0100
@@ -36,11 +36,14 @@
# @param [String] root
# The path to the project root.
#
- def initialize(root=Dir.pwd)
+ # @param [String] gemfile_lock
+ # Alternative name for the `Gemfile.lock` file.
+ #
+ def initialize(root=Dir.pwd,gemfile_lock='Gemfile.lock')
@root = File.expand_path(root)
@database = Database.new
@lockfile = LockfileParser.new(
- File.read(File.join(@root,'Gemfile.lock'))
+ File.read(File.join(@root,gemfile_lock))
)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit/version.rb new/lib/bundler/audit/version.rb
--- old/lib/bundler/audit/version.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit/version.rb 2019-01-18 05:19:35.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -18,6 +18,6 @@
module Bundler
module Audit
# bundler-audit version
- VERSION = '0.6.0'
+ VERSION = '0.6.1'
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/bundler/audit.rb new/lib/bundler/audit.rb
--- old/lib/bundler/audit.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/lib/bundler/audit.rb 2019-01-18 05:19:35.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2013-2019 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2017-07-19 01:17:52.000000000 +0200
+++ new/metadata 2019-01-18 05:19:35.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: bundler-audit
version: !ruby/object:Gem::Version
- version: 0.6.0
+ version: 0.6.1
platform: ruby
authors:
- Postmodern
autorequire:
bindir: bin
cert_chain: []
-date: 2017-07-18 00:00:00.000000000 Z
+date: 2019-01-18 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: thor
@@ -28,16 +28,22 @@
name: bundler
requirement: !ruby/object:Gem::Requirement
requirements:
- - - "~>"
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: 1.2.0
+ - - "<"
- !ruby/object:Gem::Version
- version: '1.2'
+ version: '3'
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - - "~>"
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: 1.2.0
+ - - "<"
- !ruby/object:Gem::Version
- version: '1.2'
+ version: '3'
description: bundler-audit provides patch-level verification for Bundled apps.
email: postmodern.mod3@gmail.com
executables:
@@ -472,7 +478,7 @@
version: 1.8.0
requirements: []
rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.7.6
signing_key:
specification_version: 4
summary: Patch-level verification for Bundler
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/insecure_sources/Gemfile new/spec/bundle/insecure_sources/Gemfile
--- old/spec/bundle/insecure_sources/Gemfile 2017-07-19 01:17:52.000000000 +0200
+++ new/spec/bundle/insecure_sources/Gemfile 2019-01-18 05:19:35.000000000 +0100
@@ -1,39 +1,4 @@
source 'http://rubygems.org'
-gem 'rails', '3.2.12'
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
-gem 'sqlite3', platform: [:mri, :rbx]
-
-
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
- # gem 'sass-rails', '~> 3.2.3'
- # gem 'coffee-rails', '~> 3.2.1'
-
- # See https://github.com/sstephenson/execjs#readme for more supported runtimes
- # gem 'therubyracer', :platforms => :ruby
-
- # gem 'uglifier', '>= 1.0.3'
-end
-
-gem 'jquery-rails', :git => 'git://github.com/rails/jquery-rails.git',
- :tag => 'v2.2.1'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'
+gem 'rails'
+gem 'jquery-rails', git: 'git://github.com/rails/jquery-rails.git'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/secure/Gemfile new/spec/bundle/secure/Gemfile
--- old/spec/bundle/secure/Gemfile 2017-07-19 01:17:52.000000000 +0200
+++ new/spec/bundle/secure/Gemfile 2019-01-18 05:19:35.000000000 +0100
@@ -1,38 +1,3 @@
source 'https://rubygems.org'
-gem 'rails', '~> 4.2.7.1'
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
-gem 'sqlite3', platform: [:mri, :rbx]
-
-
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
- # gem 'sass-rails', '~> 3.2.3'
- # gem 'coffee-rails', '~> 3.2.1'
-
- # See https://github.com/sstephenson/execjs#readme for more supported runtimes
- # gem 'therubyracer', :platforms => :ruby
-
- # gem 'uglifier', '>= 1.0.3'
-end
-
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'
+gem 'rails', '~> 5.2'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/bundle/unpatched_gems/Gemfile new/spec/bundle/unpatched_gems/Gemfile
--- old/spec/bundle/unpatched_gems/Gemfile 2017-07-19 01:17:52.000000000 +0200
+++ new/spec/bundle/unpatched_gems/Gemfile 2019-01-18 05:19:35.000000000 +0100
@@ -1,38 +1,3 @@
source 'https://rubygems.org'
-gem 'rails', '3.2.10'
-
-# Bundle edge Rails instead:
-# gem 'rails', :git => 'git://github.com/rails/rails.git'
-
-gem 'sqlite3', platform: [:mri, :rbx]
-
-
-# Gems used only for assets and not required
-# in production environments by default.
-group :assets do
- # gem 'sass-rails', '~> 3.2.3'
- # gem 'coffee-rails', '~> 3.2.1'
-
- # See https://github.com/sstephenson/execjs#readme for more supported runtimes
- # gem 'therubyracer', :platforms => :ruby
-
- # gem 'uglifier', '>= 1.0.3'
-end
-
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
-# gem 'bcrypt-ruby', '~> 3.0.0'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
-# gem 'unicorn'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'
+gem 'activerecord', '4.2.7'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/integration_spec.rb new/spec/integration_spec.rb
--- old/spec/integration_spec.rb 2017-07-19 01:17:52.000000000 +0200
+++ new/spec/integration_spec.rb 2019-01-18 05:19:35.000000000 +0100
@@ -20,13 +20,13 @@
end
it "should print advisory information for the vulnerable gems" do
- advisory_pattern = /(Name: [^\n]+
-Version: \d+.\d+.\d+
+ advisory_pattern = %r{(Name: [^\n]+
+Version: \d+\.\d+\.\d+(\.\d+)?
Advisory: CVE-[0-9]{4}-[0-9]{4}
-Criticality: (High|Medium)
-URL: http:\/\/(direct|www\.)?osvdb.org\/show\/osvdb\/\d+
+Criticality: (High|Medium|Low|Unknown)
+URL: https?://(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#!?&//=]*)
Title: [^\n]*?
-Solution: upgrade to ((~>|=>) \d+.\d+.\d+, )*(~>|=>) \d+.\d+.\d+[\s\n]*?)+/
+Solution: upgrade to (~>|>=) \d+\.\d+\.\d+(\.\d+)?(, (~>|>=) \d+\.\d+\.\d+(\.\d+)?)*[\s\n]*?)}
expect(subject).to match(advisory_pattern)
expect(subject).to include("Vulnerabilities found!")