postmodern/bundler-audit (bundler-audit)
### [`v0.9.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#091--2022-05-19)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.9.0.1...v0.9.1)
- Opt into rubygems.org MFA requirement.
##### CLI
- Improve the readability of the suggested gem versions to upgrade to
(pull [#331](https://togithub.com/postmodern/bundler-audit/issues/331)).
##### Rake Task
- Fixed a regression introduced in 0.9.0 where the `bundler:audit` rake task
was not exiting with an error status code if vulnerabilities were found.
Now when the `bundler-audit` command fails, the rake task will also exit with
the `bundler-audit` command's error code.
- If the `bundler-audit` command could not be found for some reason raise the
{Bundler::Audit::Task::CommandNotFound} exception.
### [`v0.9.0.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0901--2021-08-31)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.9.0...v0.9.0.1)
- Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6.
(issue [#319](https://togithub.com/postmodern/bundler-audit/issues/319))
- Although, Ruby 2.5 and prior have all reached [End-of-Life] and
are no longer receiving security updates. It is strongly advised that you
should upgrade to a currently supported version of Ruby.
[End-of-Life]: https://www.ruby-lang.org/en/downloads/branches/
### [`v0.9.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0901--2021-08-31)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.8.0...v0.9.0)
- Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6.
(issue [#319](https://togithub.com/postmodern/bundler-audit/issues/319))
- Although, Ruby 2.5 and prior have all reached [End-of-Life] and
are no longer receiving security updates. It is strongly advised that you
should upgrade to a currently supported version of Ruby.
[End-of-Life]: https://www.ruby-lang.org/en/downloads/branches/
### [`v0.8.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#080--2021-03-10)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.7.0.1...v0.8.0)
- No longer vendor \[ruby-advisory-db].
- Added {Bundler::Audit::Configuration}.
- Supports loading YAML configuration data from a `.bundler-audit.yml` file.
- Added {Bundler::Audit::Results}.
- Added {Bundler::Audit::Report}.
- Added {Bundler::Audit::CLI::Formats}.
- Added {Bundler::Audit::CLI::Formats::Text}.
- Added {Bundler::Audit::CLI::Formats::JSON}.
- Added {Bundler::Audit::Database::DEFAULT_PATH}.
- Added {Bundler::Audit::Database.exists?}.
- Added {Bundler::Audit::Database#git?}.
- Added {Bundler::Audit::Database#update!}.
- Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed}
exception, if the `git pull` command fails.
- Added {Bundler::Audit::Database#last_updated_at}.
- Added {Bundler::Audit::Scanner#report}.
- {Bundler::Audit::Database::USER_PATH} is now `Gem.user_home` aware.
- `Gem.user_home` will try to infer `HOME`, even if it is not set.
- {Bundler::Audit::Database#download} will now raise a
{Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the
`git clone` command fails.
- {Bundler::Audit::Scanner#initialize}:
- Now accepts an additional `database` and `config_dot_file` arguments.
- Will now raise a `Bundler::GemfileLockNotFound` exception,
if the given `Gemfile.lock` file cannot be found.
- {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a
`127.0.0.0/8` or `::1/128` IP address.
- {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in
{Bundler::Audit::Configuration#ignore}, which is loaded from the
`.bundler-audit.yml` file.
- Deprecated {Bundler::Audit::Database.update!} in favor of
{Bundler::Audit::Database#update! #update!}.
- Removed `Bundler::Audit::Database::VENDORED_PATH`.
- Removed `Bundler::Audit::Database::VENDORED_TIMESTAMP`.
##### CLI
- Require \[thor] ~> 1.0.
- Added `bundler-audit stats`.
- Added `bundler-audit download`.
- `bundler-audit check`:
- Now accepts a optional `DIR` argument for the project directory.
- `bundler-audit check` will now print an explicit error message and exit,
if the given `DIR` does not exist.
- Will now auto-download \[ruby-advisory-db] to ensure the latest advisory
information is used on first run.
- Now supports a `--database` option for specifying a path
to an alternative \[ruby-advisory-db] copy.
- Now supports a `--gemfile-lock` option for specifying a
custom `Gemfile.lock` file within the project directory.
- Now supports a `--format` option for specifying the
desired format. `text` and `json` are supported, but other custom formats
can be loaded. See {Bundler::Audit::CLI::Formats}.
- Now supports a `--output` option for writing the report output to a file.
- Prints both CVE and GHSA IDs.
- Print all error messages to stderr.
- No longer print number of advisories in `bundler-audit version`.
### [`v0.7.0.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0701--2020-06-12)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.7.0...v0.7.0.1)
- Forgot to populate `data/ruby-advisory-db`.
### [`v0.7.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0701--2020-06-12)
[Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.6.1...v0.7.0)
- Forgot to populate `data/ruby-advisory-db`.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.6.1->0.9.1Release Notes
postmodern/bundler-audit (bundler-audit)
### [`v0.9.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#091--2022-05-19) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.9.0.1...v0.9.1) - Opt into rubygems.org MFA requirement. ##### CLI - Improve the readability of the suggested gem versions to upgrade to (pull [#331](https://togithub.com/postmodern/bundler-audit/issues/331)). ##### Rake Task - Fixed a regression introduced in 0.9.0 where the `bundler:audit` rake task was not exiting with an error status code if vulnerabilities were found. Now when the `bundler-audit` command fails, the rake task will also exit with the `bundler-audit` command's error code. - If the `bundler-audit` command could not be found for some reason raise the {Bundler::Audit::Task::CommandNotFound} exception. ### [`v0.9.0.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0901--2021-08-31) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.9.0...v0.9.0.1) - Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6. (issue [#319](https://togithub.com/postmodern/bundler-audit/issues/319)) - Although, Ruby 2.5 and prior have all reached [End-of-Life] and are no longer receiving security updates. It is strongly advised that you should upgrade to a currently supported version of Ruby. [End-of-Life]: https://www.ruby-lang.org/en/downloads/branches/ ### [`v0.9.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0901--2021-08-31) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.8.0...v0.9.0) - Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6. (issue [#319](https://togithub.com/postmodern/bundler-audit/issues/319)) - Although, Ruby 2.5 and prior have all reached [End-of-Life] and are no longer receiving security updates. It is strongly advised that you should upgrade to a currently supported version of Ruby. [End-of-Life]: https://www.ruby-lang.org/en/downloads/branches/ ### [`v0.8.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#080--2021-03-10) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.7.0.1...v0.8.0) - No longer vendor \[ruby-advisory-db]. - Added {Bundler::Audit::Configuration}. - Supports loading YAML configuration data from a `.bundler-audit.yml` file. - Added {Bundler::Audit::Results}. - Added {Bundler::Audit::Report}. - Added {Bundler::Audit::CLI::Formats}. - Added {Bundler::Audit::CLI::Formats::Text}. - Added {Bundler::Audit::CLI::Formats::JSON}. - Added {Bundler::Audit::Database::DEFAULT_PATH}. - Added {Bundler::Audit::Database.exists?}. - Added {Bundler::Audit::Database#git?}. - Added {Bundler::Audit::Database#update!}. - Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed} exception, if the `git pull` command fails. - Added {Bundler::Audit::Database#last_updated_at}. - Added {Bundler::Audit::Scanner#report}. - {Bundler::Audit::Database::USER_PATH} is now `Gem.user_home` aware. - `Gem.user_home` will try to infer `HOME`, even if it is not set. - {Bundler::Audit::Database#download} will now raise a {Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the `git clone` command fails. - {Bundler::Audit::Scanner#initialize}: - Now accepts an additional `database` and `config_dot_file` arguments. - Will now raise a `Bundler::GemfileLockNotFound` exception, if the given `Gemfile.lock` file cannot be found. - {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a `127.0.0.0/8` or `::1/128` IP address. - {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in {Bundler::Audit::Configuration#ignore}, which is loaded from the `.bundler-audit.yml` file. - Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}. - Removed `Bundler::Audit::Database::VENDORED_PATH`. - Removed `Bundler::Audit::Database::VENDORED_TIMESTAMP`. ##### CLI - Require \[thor] ~> 1.0. - Added `bundler-audit stats`. - Added `bundler-audit download`. - `bundler-audit check`: - Now accepts a optional `DIR` argument for the project directory. - `bundler-audit check` will now print an explicit error message and exit, if the given `DIR` does not exist. - Will now auto-download \[ruby-advisory-db] to ensure the latest advisory information is used on first run. - Now supports a `--database` option for specifying a path to an alternative \[ruby-advisory-db] copy. - Now supports a `--gemfile-lock` option for specifying a custom `Gemfile.lock` file within the project directory. - Now supports a `--format` option for specifying the desired format. `text` and `json` are supported, but other custom formats can be loaded. See {Bundler::Audit::CLI::Formats}. - Now supports a `--output` option for writing the report output to a file. - Prints both CVE and GHSA IDs. - Print all error messages to stderr. - No longer print number of advisories in `bundler-audit version`. ### [`v0.7.0.1`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0701--2020-06-12) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.7.0...v0.7.0.1) - Forgot to populate `data/ruby-advisory-db`. ### [`v0.7.0`](https://togithub.com/postmodern/bundler-audit/blob/HEAD/ChangeLog.md#0701--2020-06-12) [Compare Source](https://togithub.com/postmodern/bundler-audit/compare/v0.6.1...v0.7.0) - Forgot to populate `data/ruby-advisory-db`.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.