mrjoy-0.3.7 / 2014-06-26¶ ↑
-
Integrated upstream 0.3.1 changes, excluding changes related to the vendored DB, as this fork doesn’t use a vendored DB.
-
Slightly more thorough purge of Ruby 1.8 support.
0.3.1 / 2014-04-20¶ ↑
-
Added thor ~> 0.18 as a dependency.
-
No longer rely on the vendored version of thor within bundler.
-
Store the timestamp of when
data/ruby-advisory-db
was last updated indata/ruby-advisory-db.ts
. -
Use
data/ruby-advisory-db.ts
instead of the creation time of thedataruby-advisory-db
directory, which is always the install time of the rubygem.
mrjoy-0.3.6 / 2014-04-16¶ ↑
-
Improve user experience when insecure sources – but no insecure gem versions – are found.
mrjoy-0.3.5 / 2014-04-16¶ ↑
-
Improve user experience when no vulnerability DB has been downloaded.
-
Slight improvement to code coverage.
mrjoy-0.3.4 / 2014-04-16¶ ↑
-
Integrate upstream changes from
gut_vendored_db
. This eliminates the internal copy of the database entirely and automatically downloads one if needed. -
Fix several bugs in upstream branch, and make test cases more robust.
-
Include integration test results in coverage analysis.
-
Improve code coverage.
-
Improve Travis integration.
mrjoy-0.3.3 / 2014-04-15¶ ↑
-
Fix development-mode code loading issue.
-
Update Travis config to include Ruby 2.1.0 and 2.1.1.
-
Improve test suite to 90+% code coverage.
-
Fix a couple Ruby 1.9-isms.
-
Freshen included vulnerability DB.
-
Incorporate upstream changes, including fix for Bundler-vendored Thor creating a conflict.
mrjoy-0.3.2 / 2013-11-04¶ ↑
-
Fix for serious issue that would cause bundle-audit to ignore a locally installed cache of the vulnerability database in favor of its vendored version.
-
Simplified code according to ABC metric, getting CodeClimate results to 4.0.
-
Added SimpleCov to ensure reasonable test coverage.
-
Updated docs to explain differentiation of this fork vs. upstream.
mrjoy-0.3.1 / 2013-11-04¶ ↑
-
Integrated upstream 0.3.0 changes.
-
Refresh built-in dataset.
-
Make regression test more resilient and more bulletproof.
-
Integrate grosser’s mechanism for DRYing up tests a bit.
0.3.0 / 2013-10-31¶ ↑
-
Added {Bundler::Audit::Database.update!} which uses
git
to download {ruby-advisory-db}[https://github.com/rubysec/ruby-advisory-db#readme] to~/.local/share/ruby-advisory-db
. -
{Bundler::Audit::Database.path} now returns the path to either
~/.local/share/ruby-advisory-db
or the vendored copy, depending on which is more recent.
CLI¶ ↑
-
Added the
bundle-audit update
sub-command.
mrjoy-0.2.1 / 2013-09-13¶ ↑
-
Integrate upstream changes from 0.2.0, with local changes from 0.1.4.
-
Make specs automatically refresh
.gitignore
‘dGemfile.lock
in spec scenarios when the Gemfile has changed in a way thatbundle install
isn’t happy about (e.g. version bump on a gem previously listed in theGemfile
.)
0.2.0 / 2013-03-05¶ ↑
-
Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (
~> 1.2.3
). -
Updated the ruby-advisory-db.
-
Added {Bundler::Audit::Advisory#unaffected_versions}.
-
Added {Bundler::Audit::Advisory#unaffected?}.
-
Added {Bundler::Audit::Advisory#patched?}.
-
Renamed
Advisory#cve
to {Bundler::Audit::Advisory#id}.
mrjoy-0.1.4 / 2013-08-15¶ ↑
-
RVM compartmentalization for the project (only relevant to people hacking on it).
-
Adding Ruby 2.0.0 to Travis config.
-
Updated the ruby-advisory-db from ffce5a2 to ee2ff0b.
-
Update
Advisory
class to compensate for change in naming convention in ruby-advisory-db. -
Make some tests less brittle, and get them passing again after the ruby-advisory-db update.
-
Add ability for individual spec files to be called individually.
-
Rename gem so this can be installed via Rubygems.
mrjoy-0.1.3 / 2013-03-05¶ ↑
-
Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (
~> 1.2.3
). -
Updated the ruby-advisory-db.
-
Added {Bundler::Audit::Advisory#unaffected_versions}.
-
Added {Bundler::Audit::Advisory#unaffected?}.
-
Added {Bundler::Audit::Advisory#patched?}.
0.1.2 / 2013-02-17¶ ↑
-
Require bundler ~> 1.2.
-
Vendor a full copy of the ruby-advisory-db.
-
Added {Bundler::Audit::Advisory#path} for debugging purposes.
-
Added {Bundler::Audit::Advisory#to_s} for debugging purposes.
CLI¶ ↑
-
Simply parse the
Gemfile.lock
instead of loading the bundle (@grosser). -
Exit with non-zero status on failure (@grosser).
0.1.1 / 2013-02-12¶ ↑
-
Fixed a Ruby 1.8 syntax error.
Advisories¶ ↑
-
Imported advisories from the Ruby Advisory DB.
CLI¶ ↑
-
If the advisory has no
patched_versions
, recommend removing or disabling the gem until a patch is made available.
0.1.0 / 2013-02-11¶ ↑
-
Initial release:
-
Checks for vulnerable versions of gems in
Gemfile.lock
. -
Prints advisory information.
-
Does not require a network connection.