bundler-audit v0.8.0 Release Notes
Release Date: 2021-03-10 // about 3 years ago-
- ๐ No longer vendor [ruby-advisory-db].
- โ Added {Bundler::Audit::Configuration}.
- Supports loading YAML configuration data from a
.bundler-audit.yml
file.
- Supports loading YAML configuration data from a
- โ Added {Bundler::Audit::Results}.
- โ Added {Bundler::Audit::Report}.
- โ Added {Bundler::Audit::CLI::Formats}.
- โ Added {Bundler::Audit::CLI::Formats::Text}.
- โ Added {Bundler::Audit::CLI::Formats::JSON}.
- โ Added {Bundler::Audit::Database::DEFAULT_PATH}.
- โ Added {Bundler::Audit::Database.exists?}.
- โ Added {Bundler::Audit::Database#git?}.
- โ Added {Bundler::Audit::Database#update!}.
- Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed}
exception, if the
git pull
command fails.
- Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed}
exception, if the
- โก๏ธ Added {Bundler::Audit::Database#last_updated_at}.
- โ Added {Bundler::Audit::Scanner#report}.
- {Bundler::Audit::Database::USER_PATH} is now
Gem.user_home
aware.Gem.user_home
will try to inferHOME
, even if it is not set.
- {Bundler::Audit::Database#download} will now raise a
{Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the
git clone
command fails. - {Bundler::Audit::Scanner#initialize}:
- Now accepts an additional
database
andconfig_dot_file
arguments. - Will now raise a
Bundler::GemfileLockNotFound
exception, if the givenGemfile.lock
file cannot be found.
- Now accepts an additional
- {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a
127.0.0.0/8
or::1/128
IP address. - {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in
{Bundler::Audit::Configuration#ignore}, which is loaded from the
.bundler-audit.yml
file. - โก๏ธ Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}.
- โ Removed
Bundler::Audit::Database::VENDORED_PATH
. - โ Removed
Bundler::Audit::Database::VENDORED_TIMESTAMP
.
CLI
- Require [thor] ~> 1.0.
- โ Added
bundler-audit stats
. - โ Added
bundler-audit download
. bundler-audit check
:- Now accepts a optional
DIR
argument for the project directory. bundler-audit check
will now print an explicit error message and exit, if the givenDIR
does not exist.- Will now auto-download [ruby-advisory-db] to ensure the latest advisory information is used on first run.
- Now supports a
--database
option for specifying a path to an alternative [ruby-advisory-db] copy. - Now supports a
--gemfile-lock
option for specifying a customGemfile.lock
file within the project directory. - Now supports a
--format
option for specifying the desired format.text
andjson
are supported, but other custom formats can be loaded. See {Bundler::Audit::CLI::Formats}. - Now supports a
--output
option for writing the report output to a file. - Prints both CVE and GHSA IDs.
- Now accepts a optional
- ๐จ Print all error messages to stderr.
- ๐จ No longer print number of advisories in
bundler-audit version
.