Add pronto-bundler_audit as a vendored gem

Being a vendored gem allows me to test unreleased versions of
pronoto-bundler_audit.

Gemfile

@@ -8,6 +8,9 @@ gem 'rails', '~> 5.2.3'
 gem 'sqlite3'
 gem 'bootsnap', '>= 1.1.0', require: false
 
+gem 'pronto'
+gem 'pronto-bundler_audit', path: 'vendor/gems/pronto-bundler_audit-0.4.1'
+
 group :development do
   gem 'listen', '>= 3.0.5', '< 3.2'
 end

Gemfile.lock

@@ -1,3 +1,10 @@
+PATH
+  remote: vendor/gems/pronto-bundler_audit-0.4.1
+  specs:
+    pronto-bundler_audit (0.4.1)
+      bundler-audit (~> 0)
+      pronto (~> 0)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -42,16 +49,29 @@ GEM
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+    addressable (2.6.0)
+      public_suffix (>= 2.0.2, < 4.0)
     arel (9.0.0)
     bootsnap (1.4.4)
       msgpack (~> 1.0)
     builder (3.2.3)
+    bundler-audit (0.6.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 0.18)
     concurrent-ruby (1.1.5)
     crass (1.0.4)
     erubi (1.8.0)
+    faraday (0.15.4)
+      multipart-post (>= 1.2, < 3)
     ffi (1.11.1)
+    gitlab (4.12.0)
+      httparty (~> 0.14, >= 0.14.0)
+      terminal-table (~> 1.5, >= 1.5.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
+    httparty (0.17.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
     i18n (1.6.0)
       concurrent-ruby (~> 1.0)
     listen (3.1.5)
@@ -66,14 +86,29 @@ GEM
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
     method_source (0.9.2)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.0331)
     mimemagic (0.3.3)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     minitest (5.11.3)
     msgpack (1.3.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
     nio4r (2.4.0)
     nokogiri (1.10.3)
       mini_portile2 (~> 2.4.0)
+    octokit (4.14.0)
+      sawyer (~> 0.8.0, >= 0.5.3)
+    pronto (0.10.0)
+      gitlab (~> 4.0, >= 4.0.0)
+      httparty (>= 0.13.7)
+      octokit (~> 4.7, >= 4.7.0)
+      rainbow (>= 2.2, < 4.0)
+      rugged (~> 0.24, >= 0.23.0)
+      thor (~> 0.20.0)
+    public_suffix (3.1.1)
     rack (2.0.7)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -101,11 +136,16 @@ GEM
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
+    rainbow (3.0.0)
     rake (12.3.2)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     ruby_dep (1.5.0)
+    rugged (0.28.2)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -114,10 +154,13 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.1)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
     thor (0.20.3)
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
+    unicode-display_width (1.6.0)
     websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.4)
@@ -128,6 +171,8 @@ PLATFORMS
 DEPENDENCIES
   bootsnap (>= 1.1.0)
   listen (>= 3.0.5, < 3.2)
+  pronto
+  pronto-bundler_audit!
   rails (~> 5.2.3)
   sqlite3
 

vendor/gems/pronto-bundler_audit-0.4.1/.gitignore

@@ -0,0 +1,10 @@
+/*.gem
+/.bundle/
+/.DS_Store
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

vendor/gems/pronto-bundler_audit-0.4.1/.rubocop

@@ -0,0 +1,4 @@
+--display-cop-names
+--display-style-guide
+--extra-details
+--format=fuubar

vendor/gems/pronto-bundler_audit-0.4.1/.rubocop.yml

@@ -0,0 +1,159 @@
+AllCops:
+  UseCache: true
+  DisplayCopNames: true
+  DisplayStyleGuide: true
+  ExtraDetails: false
+  TargetRubyVersion: 2.5.3
+
+Layout/ClassStructure:
+  Enabled: true
+  Categories:
+    module_inclusion:
+      - extend
+      - include
+      - prepend
+    attributes:
+      - attr_accessor
+      - attr_reader
+      - attr_writer
+  ExpectedOrder:
+    - constants
+    - module_inclusion
+    - attributes
+    - public_class_methods
+    - initializer
+    - public_methods
+    - predicates
+    - protected_methods
+    - private_methods
+
+Layout/DotPosition:
+  EnforcedStyle: trailing
+
+Layout/EmptyLineAfterGuardClause:
+  Enabled: true
+
+Layout/EndOfLine:
+  EnforcedStyle: lf
+
+Layout/IndentFirstArgument:
+  EnforcedStyle: consistent_relative_to_receiver
+
+Layout/IndentFirstArrayElement:
+  EnforcedStyle: consistent
+
+Layout/IndentFirstHashElement:
+  EnforcedStyle: consistent
+
+Layout/MultilineAssignmentLayout:
+  Enabled: true
+
+Layout/MultilineMethodCallBraceLayout:
+  EnforcedStyle: same_line
+
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented_relative_to_receiver
+
+Layout/MultilineMethodDefinitionBraceLayout:
+  EnforcedStyle: same_line
+
+Layout/MultilineOperationIndentation:
+  Enabled: false # Waiting for e.g. `indented_relative_to_receiver`.
+
+Lint/AmbiguousOperator:
+  Enabled: false # Conflicts with other rules.
+
+Lint/AmbiguousRegexpLiteral:
+  Enabled: false # Conflicts with other rules.
+
+Lint/Void:
+  CheckForMethodsWithNoSideEffects: true
+
+Metrics/BlockLength:
+  ExcludedMethods:
+    - new
+    - describe # Tests
+    - context # Tests
+    - ips # Benchmarking
+
+Metrics/ClassLength:
+  Exclude:
+    - "test/**/*"
+    - "lib/object_inspector/formatters/templating_formatter.rb"
+
+Metrics/LineLength:
+  Max: 80
+  Exclude:
+    - "test/**/*"
+    - "object_inspector.gemspec"
+
+Naming/UncommunicativeMethodParamName:
+  AllowedNames:
+    - a
+    - b
+
+Style/Alias:
+  EnforcedStyle: prefer_alias_method
+
+Style/BlockDelimiters:
+  Enabled: false # Reconsider later.
+
+Style/ClassAndModuleChildren:
+  AutoCorrect: true
+  Exclude:
+    - "test/**/*"
+
+Style/CollectionMethods:
+  Enabled: true
+  PreferredMethods:
+    collect: map
+    collect!: map!
+    find_all: select
+    detect: detect
+    inject: inject
+
+Style/EmptyElse:
+  # It"s helpful to show intent by including a comment in an else block.
+  Enabled: false
+
+Style/EmptyMethod:
+  EnforcedStyle: expanded
+
+Style/ExpandPathArguments:
+  Exclude:
+    - "object_inspector.gemspec"
+
+Style/FormatString:
+  Enabled: false # % notation with an Array just reads better sometimes.
+
+Style/Lambda:
+  EnforcedStyle: literal
+
+Style/LambdaCall:
+  Enabled: false # Allow ServiceObject.(*). Only use on classes, not instances.
+
+Style/NumericPredicate:
+  Enabled: false # Trying to be welcoming to earlier versions of Ruby.
+  # AutoCorrect: true
+
+Style/RegexpLiteral:
+  EnforcedStyle: mixed
+
+Style/RescueStandardError:
+  EnforcedStyle: implicit
+
+Style/ReturnNil:
+  Enabled: true
+
+Style/StringMethods:
+  Enabled: true
+
+Style/SingleLineMethods:
+  Exclude:
+    - "test/**/*_test.rb"
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes

vendor/gems/pronto-bundler_audit-0.4.1/.travis.yml

@@ -0,0 +1,21 @@
+env:
+  global:
+    - CC_TEST_REPORTER_ID=d474e8b46e1c2bdae364c33263aa113e922381016a151052bff1ec8cb743da22
+sudo: false
+language: ruby
+rvm:
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+  - ruby-head
+notifications:
+  email: false
+before_install: gem install bundler -v 2.0.1
+cache: bundler
+before_script:
+  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+  - chmod +x ./cc-test-reporter
+  - ./cc-test-reporter before-build
+after_script:
+  - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT

vendor/gems/pronto-bundler_audit-0.4.1/CHANGELOG.md

@@ -0,0 +1,24 @@
+### Unreleased
+- Fix: `NoMethodError: undefined method `position' for nil:NilClass` in /gems/pronto-0.10.0/lib/pronto/formatter/github_pull_request_review_formatter.rb:20:in `line_number'.
+- [2](https://github.com/pdobb/pronto-bundler_audit/issues/2) Fix: `NoMethodError: undefined method `repo' for #<Pronto::BundlerAudit::GemfileLock::Scanner::Patch:...>`.
+
+### 0.4.0 - 2019-05-08
+- Remove patch-level processing... just always scan Gemfile.lock when this runner is invoked.
+
+### 0.3.0 - 2019-05-03
+- Internal rewrite into smaller objects with full test coverage
+- Switch to using the verbose advisory formatter by default
+
+### 0.2.1 - 2019-04-30
+- Fix handling of the Pronto::Git::Patches collection in Pronto::BundlerAudit#run
+- Ensure an Array is returned by Pronto::BundlerAudit#run, as expected by Pronto
+
+### 0.2.0 - 2019-04-30
+- Fix conditional for running Bundle Audit scans -- was always running even if there was nothing to run on in a given Pronto::Patches set
+
+### 0.1.1 - 2019-04-29
+- Add line number to Pronto::Message; fixes GitHub API usage error when attempting to add errors to PR comments
+- Add gem version requirements to gemspec
+
+### 0.1.0 - 2019-04-28
+- Initial release!

vendor/gems/pronto-bundler_audit-0.4.1/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in pronto-bundler_audit.gemspec
+gemspec