0.6.2 / 2020-01-21¶ ↑
-
Re-release as bundler-audit-ng
-
Adding github securety advisory
-
No longer
--no-rebase
when updating the DB -
Documentation update on usage
0.6.1 / 2019-01-17¶ ↑
-
Require bundler
>= 1.2.0, < 3
to support bundler 2.0.
0.6.0 / 2017-07-18¶ ↑
-
Added
--quiet
option tocheck
andupdate
commands (@jaredbeck). -
Added
bin/bundler-audit
which will be executed whenbundle audit
is ran (@vassilevsky).
0.5.0 / 2016-02-28¶ ↑
-
Added {Bundler::Audit::Task}.
-
Added {Bundler::Audit::Advisory#date}.
-
Added {Bundler::Audit::Advisory#cve_id}.
-
Added {Bundler::Audit::Advisory#osvdb_id}.
-
Allow insecure gem sources (
http://
andgit://
), if they are hosted on a private network.
CLI¶ ↑
-
Added the
--update
option tobundle-audit check
. -
bundle-audit update
now returns a non-zero exit status on error. -
bundle-audit update
only updates~/.local/share/ruby-advisory-db
, if it is a git repository.
0.4.0 / 2015-06-30¶ ↑
-
Require ruby >= 1.9.3 due to i18n gem deprecating < 1.9.3.
-
Added {Bundler::Audit::Advisory#osvdb}.
-
Resolve the IP addresses of gem sources and ignore intranet gem sources. (PR #90)
-
Use ISO8601 date format when querying the git timestamp of ruby-advisory-db. (PR #92)
CLI¶ ↑
-
Print the CVE or OSVDB id.
-
No longer print “Unpatched versions found!” when an insecure gem source is detected. (PR #84)
0.3.1 / 2014-04-20¶ ↑
-
Added thor ~> 0.18 as a dependency.
-
No longer rely on the vendored version of thor within bundler.
-
Store the timestamp of when
data/ruby-advisory-db
was last updated indata/ruby-advisory-db.ts
. -
Use
data/ruby-advisory-db.ts
instead of the creation time of thedataruby-advisory-db
directory, which is always the install time of the rubygem.
0.3.0 / 2013-10-31¶ ↑
-
Added {Bundler::Audit::Database.update!} which uses
git
to download {ruby-advisory-db}[https://github.com/rubysec/ruby-advisory-db#readme] to~/.local/share/ruby-advisory-db
. -
{Bundler::Audit::Database.path} now returns the path to either
~/.local/share/ruby-advisory-db
or the vendored copy, depending on which is more recent.
CLI¶ ↑
-
Added the
bundle-audit update
sub-command.
0.2.0 / 2013-03-05¶ ↑
-
Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (
~> 1.2.3
). -
Updated the ruby-advisory-db.
-
Added {Bundler::Audit::Advisory#unaffected_versions}.
-
Added {Bundler::Audit::Advisory#unaffected?}.
-
Added {Bundler::Audit::Advisory#patched?}.
-
Renamed
Advisory#cve
to {Bundler::Audit::Advisory#id}.
0.1.2 / 2013-02-17¶ ↑
-
Require bundler ~> 1.2.
-
Vendor a full copy of the ruby-advisory-db.
-
Added {Bundler::Audit::Advisory#path} for debugging purposes.
-
Added {Bundler::Audit::Advisory#to_s} for debugging purposes.
CLI¶ ↑
-
Simply parse the
Gemfile.lock
instead of loading the bundle (@grosser). -
Exit with non-zero status on failure (@grosser).
0.1.1 / 2013-02-12¶ ↑
-
Fixed a Ruby 1.8 syntax error.
Advisories¶ ↑
-
Imported advisories from the Ruby Advisory DB.
CLI¶ ↑
-
If the advisory has no
patched_versions
, recommend removing or disabling the gem until a patch is made available.
0.1.0 / 2013-02-11¶ ↑
-
Initial release:
-
Checks for vulnerable versions of gems in
Gemfile.lock
. -
Prints advisory information.
-
Does not require a network connection.