search

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
https://inspec-tools.mitre.org/
Other
91 stars 30 forks source link

Git-version-bump gem breaks dependabot #144

Closed rbclark closed 2 years ago

rbclark commented 4 years ago

Currently it is not possible to setup dependabot to automatically create PR's for security vulnerabilities in our gems, due to our use of git-version bump. The following lines

https://github.com/mitre/inspec_tools/blob/dea500e4a854449a556ff523ccff147f4a416b73/inspec_tools.gemspec#L6-L10

Cause the following error on dependabot.

updater | INFO <job_30467734> Starting job processing

updater | INFO <job_30467734> Starting update job for mitre/inspec_tools

updater | ERROR <job_30467734> Unexpected node type rescue

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-bundler-0.117.7/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb:306:in `replace_constant'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-bundler-0.117.7/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb:104:in `replace_version_assignments'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/dependabot-bundler-0.117.7/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb:60:in `on_send'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/ast-2.4.0/lib/ast/processor/mixin.rb:259:in `process'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/ast-2.4.0/lib/ast/processor/mixin.rb:276:in `block in process_all'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/ast-2.4.0/lib/ast/processor/mixin.rb:275:in `map'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/ast-2.4.0/lib/ast/processor/mixin.rb:275:in `process_all'

updater | ERROR <job_30467734> /home/dependabot/dependabot-updater/vendor/ruby/2.6.0/gems/parser-2.7.1.1/lib/parser/ast/processor.rb:11:in `process_regular_node'

Looking through their repository, they don't seem horribly responsive to issues. If this is going to get fixed we will most likely have to fix it and submit a PR.

Bialogs commented 4 years ago

Actually it's this line: https://github.com/mitre/inspec_tools/blob/master/inspec_tools.gemspec#L14

camdenmoors commented 2 years ago

This is depreciated and will have no further updates