Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
130 lines (95 sloc) 4.3 KB

0.6.1 / 2019-01-17

  • Require bundler >= 1.2.0, < 3 to support bundler 2.0.

0.6.0 / 2017-07-18

  • Added --quiet option to check and update commands (@jaredbeck).
  • Added bin/bundler-audit which will be executed when bundle audit is ran (@vassilevsky).

0.5.0 / 2016-02-28

  • Added {Bundler::Audit::Task}.
  • Added {Bundler::Audit::Advisory#date}.
  • Added {Bundler::Audit::Advisory#cve_id}.
  • Added {Bundler::Audit::Advisory#osvdb_id}.
  • Allow insecure gem sources (http:// and git://), if they are hosted on a private network.

CLI

  • Added the --update option to bundle-audit check.
  • bundle-audit update now returns a non-zero exit status on error.
  • bundle-audit update only updates ~/.local/share/ruby-advisory-db, if it is a git repository.

0.4.0 / 2015-06-30

  • Require ruby >= 1.9.3 due to i18n gem deprecating < 1.9.3.
  • Added {Bundler::Audit::Advisory#osvdb}.
  • Resolve the IP addresses of gem sources and ignore intranet gem sources. (PR #90)
  • Use ISO8601 date format when querying the git timestamp of ruby-advisory-db. (PR #92)

CLI

  • Print the CVE or OSVDB id.
  • No longer print "Unpatched versions found!" when an insecure gem source is detected. (PR #84)

0.3.1 / 2014-04-20

  • Added thor ~> 0.18 as a dependency.
  • No longer rely on the vendored version of thor within bundler.
  • Store the timestamp of when data/ruby-advisory-db was last updated in data/ruby-advisory-db.ts.
  • Use data/ruby-advisory-db.ts instead of the creation time of the dataruby-advisory-db directory, which is always the install time of the rubygem.

0.3.0 / 2013-10-31

  • Added {Bundler::Audit::Database.update!} which uses git to download ruby-advisory-db to ~/.local/share/ruby-advisory-db.
  • {Bundler::Audit::Database.path} now returns the path to either ~/.local/share/ruby-advisory-db or the vendored copy, depending on which is more recent.

CLI

  • Added the bundle-audit update sub-command.

0.2.0 / 2013-03-05

  • Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (~> 1.2.3).
  • Updated the ruby-advisory-db.
  • Added {Bundler::Audit::Advisory#unaffected_versions}.
  • Added {Bundler::Audit::Advisory#unaffected?}.
  • Added {Bundler::Audit::Advisory#patched?}.
  • Renamed Advisory#cve to {Bundler::Audit::Advisory#id}.

0.1.2 / 2013-02-17

  • Require bundler ~> 1.2.
  • Vendor a full copy of the ruby-advisory-db.
  • Added {Bundler::Audit::Advisory#path} for debugging purposes.
  • Added {Bundler::Audit::Advisory#to_s} for debugging purposes.

CLI

  • Simply parse the Gemfile.lock instead of loading the bundle (@grosser).
  • Exit with non-zero status on failure (@grosser).

0.1.1 / 2013-02-12

  • Fixed a Ruby 1.8 syntax error.

Advisories

CLI

  • If the advisory has no patched_versions, recommend removing or disabling the gem until a patch is made available.

0.1.0 / 2013-02-11

  • Initial release:
    • Checks for vulnerable versions of gems in Gemfile.lock.
    • Prints advisory information.
    • Does not require a network connection.

Advisories

You can’t perform that action at this time.