217 lines
8.1 KiB
Plaintext
217 lines
8.1 KiB
Plaintext
|
-------------------------------------------------------------------
|
||
|
|
Mon Nov 4 16:22:27 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
|
||
|
|
|
||
|
|
- New upstream release 0.9.2, see bundled ChangeLog.md
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Thu Aug 4 13:00:44 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
||
|
|
|
||
|
|
updated to version 0.9.1
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.9.1 / 2022-05-19
|
||
|
|
|
||
|
|
#### CLI
|
||
|
|
|
||
|
|
* Improve the readability of the suggested gem versions to upgrade to
|
||
|
|
(pull #331).
|
||
|
|
|
||
|
|
#### Rake Task
|
||
|
|
|
||
|
|
* Fixed a regression introduced in 0.9.0 where the `bundler:audit` rake task
|
||
|
|
was not exiting with an error status code if vulnerabilities were found.
|
||
|
|
Now when the `bundler-audit` command fails, the rake task will also exit with
|
||
|
|
the `bundler-audit` command's error code.
|
||
|
|
* If the `bundler-audit` command could not be found for some reason raise the
|
||
|
|
{Bundler::Audit::Task::CommandNotFound} exception.
|
||
|
|
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Tue Jan 25 06:43:14 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
||
|
|
|
||
|
|
updated to version 0.9.0.1
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.9.0.1 / 2021-08-31
|
||
|
|
|
||
|
|
* Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6.
|
||
|
|
(issue #319)
|
||
|
|
|
||
|
|
### 0.9.0 / 2021-08-31
|
||
|
|
|
||
|
|
* Load advisory metadata using `YAML.safe_load`. (issue #302)
|
||
|
|
* Explicitly permit the `Date` class for Psych >= 4.0.0 and Ruby >= 3.1.0.
|
||
|
|
* Added {Bundler::Audit::Advisory#to_h}. (pull #310)
|
||
|
|
* Added {Bundler::Audit::Database#commit_id}.
|
||
|
|
|
||
|
|
#### CLI
|
||
|
|
|
||
|
|
* Added the `--config` option. (pull #306)
|
||
|
|
* Added the `junit` output format (ex: `--format junit`). (pull #314)
|
||
|
|
* Add missing output for CVSSv3 criticality information. (pull #302)
|
||
|
|
* Include criticality information in the JSON output as well. (pull #310)
|
||
|
|
* `bundle-audit stats` now prints the commit ID of the ruby-advisory-db.
|
||
|
|
* Fixed a deprecation warning from Thor. (issue #317)
|
||
|
|
|
||
|
|
#### Rake Task
|
||
|
|
|
||
|
|
* Add the `bundle:audit:update` task for updating the [ruby-advisory-db].
|
||
|
|
(pull #296)
|
||
|
|
* Aliased `bundle:audit` to `bundle:audit:check`.
|
||
|
|
* Aliased `bundler:audit:*` to `bundle:audit:*`.
|
||
|
|
* Rake tasks now execute `bundle-audit` command as a subprocess to ensure
|
||
|
|
isolation.
|
||
|
|
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Thu Jun 24 17:07:51 UTC 2021 - Stephan Kulow <coolo@suse.com>
|
||
|
|
|
||
|
|
updated to version 0.8.0
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.8.0 / 2021-03-10
|
||
|
|
|
||
|
|
* No longer vendor [ruby-advisory-db].
|
||
|
|
* Added {Bundler::Audit::Configuration}.
|
||
|
|
* Supports loading YAML configuration data from a `.bundler-audit.yml` file.
|
||
|
|
* Added {Bundler::Audit::Results}.
|
||
|
|
* Added {Bundler::Audit::Report}.
|
||
|
|
* Added {Bundler::Audit::CLI::Formats}.
|
||
|
|
* Added {Bundler::Audit::CLI::Formats::Text}.
|
||
|
|
* Added {Bundler::Audit::CLI::Formats::JSON}.
|
||
|
|
* Added {Bundler::Audit::Database::DEFAULT_PATH}.
|
||
|
|
* Added {Bundler::Audit::Database.exists?}.
|
||
|
|
* Added {Bundler::Audit::Database#git?}.
|
||
|
|
* Added {Bundler::Audit::Database#update!}.
|
||
|
|
* Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed}
|
||
|
|
exception, if the `git pull` command fails.
|
||
|
|
* Added {Bundler::Audit::Database#last_updated_at}.
|
||
|
|
* Added {Bundler::Audit::Scanner#report}.
|
||
|
|
* {Bundler::Audit::Database::USER_PATH} is now `Gem.user_home` aware.
|
||
|
|
* `Gem.user_home` will try to infer `HOME`, even if it is not set.
|
||
|
|
* {Bundler::Audit::Database#download} will now raise a
|
||
|
|
{Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the
|
||
|
|
`git clone` command fails.
|
||
|
|
* {Bundler::Audit::Scanner#initialize}:
|
||
|
|
* Now accepts an additional `database` and `config_dot_file` arguments.
|
||
|
|
* Will now raise a `Bundler::GemfileLockNotFound` exception,
|
||
|
|
if the given `Gemfile.lock` file cannot be found.
|
||
|
|
* {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a
|
||
|
|
`127.0.0.0/8` or `::1/128` IP address.
|
||
|
|
* {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in
|
||
|
|
{Bundler::Audit::Configuration#ignore}, which is loaded from the
|
||
|
|
`.bundler-audit.yml` file.
|
||
|
|
* Deprecated {Bundler::Audit::Database.update!} in favor of
|
||
|
|
{Bundler::Audit::Database#update! #update!}.
|
||
|
|
* Removed `Bundler::Audit::Database::VENDORED_PATH`.
|
||
|
|
* Removed `Bundler::Audit::Database::VENDORED_TIMESTAMP`.
|
||
|
|
|
||
|
|
#### CLI
|
||
|
|
|
||
|
|
* Require [thor] ~> 1.0.
|
||
|
|
* Added `bundler-audit stats`.
|
||
|
|
* Added `bundler-audit download`.
|
||
|
|
* `bundler-audit check`:
|
||
|
|
* Now accepts a optional `DIR` argument for the project directory.
|
||
|
|
* `bundler-audit check` will now print an explicit error message and exit,
|
||
|
|
if the given `DIR` does not exist.
|
||
|
|
* Will now auto-download [ruby-advisory-db] to ensure the latest advisory
|
||
|
|
information is used on first run.
|
||
|
|
* Now supports a `--database` option for specifying a path
|
||
|
|
to an alternative [ruby-advisory-db] copy.
|
||
|
|
* Now supports a `--gemfile-lock` option for specifying a
|
||
|
|
custom `Gemfile.lock` file within the project directory.
|
||
|
|
* Now supports a `--format` option for specifying the
|
||
|
|
desired format. `text` and `json` are supported, but other custom formats
|
||
|
|
can be loaded. See {Bundler::Audit::CLI::Formats}.
|
||
|
|
* Now supports a `--output` option for writing the report output to a file.
|
||
|
|
* Prints both CVE and GHSA IDs.
|
||
|
|
* Print all error messages to stderr.
|
||
|
|
* No longer print number of advisories in `bundler-audit version`.
|
||
|
|
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Fri Sep 25 13:43:31 UTC 2020 - Stephan Kulow <coolo@suse.com>
|
||
|
|
|
||
|
|
updated to version 0.7.0.1
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.7.0.1 / 2020-06-12
|
||
|
|
|
||
|
|
* Forgot to populate `data/ruby-advisory-db`.
|
||
|
|
|
||
|
|
### 0.7.0 / 2020-06-12
|
||
|
|
|
||
|
|
* Require [thor] >= 0.18, < 2.
|
||
|
|
* Added {Bundler::Audit::Advisory#ghsa} (@rschultheis).
|
||
|
|
* Added {Bundler::Audit::Advisory#cvss_v3} (@ahamlin-nr).
|
||
|
|
* Added {Bundler::Audit::Advisory#identifiers} (@rschultheis).
|
||
|
|
* Updated {Bundler::Audit::Advisory#criticality} ranges (@reedloden).
|
||
|
|
* Avoid rebasing the ruby-advisory-db when updating (@nicknovitski).
|
||
|
|
* Fixed issue with Bundler 2.x where source URIs are no longer parsed as
|
||
|
|
`URI::HTTP` objects, but as `Bundler::URI::HTTP` objects. (@milgner)
|
||
|
|
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Sat Mar 2 15:07:09 UTC 2019 - Stephan Kulow <coolo@suse.com>
|
||
|
|
|
||
|
|
- updated to version 0.6.1
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.6.1 / 2019-01-17
|
||
|
|
|
||
|
|
* Require bundler `>= 1.2.0, < 3` to support [bundler] 2.0.
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Thu Aug 3 19:06:21 UTC 2017 - coolo@suse.com
|
||
|
|
|
||
|
|
- updated to version 0.6.0
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Mon Feb 29 05:32:46 UTC 2016 - coolo@suse.com
|
||
|
|
|
||
|
|
- updated to version 0.5.0
|
||
|
|
see installed ChangeLog.md
|
||
|
|
|
||
|
|
### 0.5.0 / 2015-02-28
|
||
|
|
|
||
|
|
* Added {Bundler::Audit::Task}.
|
||
|
|
* Added {Bundler::Audit::Advisory#date}.
|
||
|
|
* Added {Bundler::Audit::Advisory#cve_id}.
|
||
|
|
* Added {Bundler::Audit::Advisory#osvdb_id}.
|
||
|
|
* Allow insecure gem sources (`http://` and `git://`), if they are hosted on a
|
||
|
|
private network.
|
||
|
|
|
||
|
|
#### CLI
|
||
|
|
|
||
|
|
* Added the `--update` option to `bundle-audit check`.
|
||
|
|
* `bundle-audit update` now returns a non-zero exit status on error.
|
||
|
|
* `bundle-audit update` only updates `~/.local/share/ruby-advisory-db`, if it is a git
|
||
|
|
repository.
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Thu Aug 20 12:38:14 UTC 2015 - astieger@suse.com
|
||
|
|
|
||
|
|
- update to 0.4.0:
|
||
|
|
* Require ruby >= 1.9.3 due to i18n gem deprecating < 1.9.3.
|
||
|
|
* Added {Bundler::Audit::Advisory#osvdb}.
|
||
|
|
* Resolve the IP addresses of gem sources and ignore intranet
|
||
|
|
gem sources.
|
||
|
|
* Use ISO8601 date format when querying the git timestamp of
|
||
|
|
ruby-advisory-db.
|
||
|
|
* Print the CVE or OSVDB id.
|
||
|
|
* No longer print "Unpatched versions found!" when an insecure
|
||
|
|
gem source is detected.
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Mon Jun 29 10:24:00 UTC 2015 - coolo@suse.com
|
||
|
|
|
||
|
|
- adapt to proper gem packaging
|
||
|
|
|
||
|
|
-------------------------------------------------------------------
|
||
|
|
Tue May 19 09:46:29 UTC 2015 - astieger@suse.com
|
||
|
|
|
||
|
|
- initial package
|
||
|
|
|