Skip to content
GitLab

Bump bundler-audit from 0.7.0.1 to 0.8.0

Merged Administrator requested to merge dependabot/bundler/bundler-audit-0.8.0 into master

Created by: dependabot-preview[bot]

Bumps bundler-audit from 0.7.0.1 to 0.8.0.

Changelog

Sourced from bundler-audit's changelog.

0.8.0 / 2021-03-10

  • No longer vendor [ruby-advisory-db].
  • Added {Bundler::Audit::Configuration}.
    • Supports loading YAML configuration data from a .bundler-audit.yml file.
  • Added {Bundler::Audit::Results}.
  • Added {Bundler::Audit::Report}.
  • Added {Bundler::Audit::CLI::Formats}.
  • Added {Bundler::Audit::CLI::Formats::Text}.
  • Added {Bundler::Audit::CLI::Formats::JSON}.
  • Added {Bundler::Audit::Database::DEFAULT_PATH}.
  • Added {Bundler::Audit::Database.exists?}.
  • Added {Bundler::Audit::Database#git?}.
  • Added {Bundler::Audit::Database#update!}.
    • Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed} exception, if the git pull command fails.
  • Added {Bundler::Audit::Database#last_updated_at}.
  • Added {Bundler::Audit::Scanner#report}.
  • {Bundler::Audit::Database::USER_PATH} is now Gem.user_home aware.
    • Gem.user_home will try to infer HOME, even if it is not set.
  • {Bundler::Audit::Database#download} will now raise a {Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the git clone command fails.
  • {Bundler::Audit::Scanner#initialize}:
    • Now accepts an additional database and config_dot_file arguments.
    • Will now raise a Bundler::GemfileLockNotFound exception, if the given Gemfile.lock file cannot be found.
  • {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a 127.0.0.0/8 or ::1/128 IP address.
  • {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in {Bundler::Audit::Configuration#ignore}, which is loaded from the .bundler-audit.yml file.
  • Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}.
  • Removed Bundler::Audit::Database::VENDORED_PATH.
  • Removed Bundler::Audit::Database::VENDORED_TIMESTAMP.

CLI

  • Require [thor] ~> 1.0.
  • Added bundler-audit stats.
  • Added bundler-audit download.
  • bundler-audit check:
    • Now accepts a optional DIR argument for the project directory.
      • bundler-audit check will now print an explicit error message and exit, if the given DIR does not exist.
    • Will now auto-download [ruby-advisory-db] to ensure the latest advisory information is used on first run.
    • Now supports a --database option for specifying a path to an alternative [ruby-advisory-db] copy.

... (truncated)

Commits
  • 9def635 Bump the copyright year to 2021.
  • 6c57938 Version bump to 0.8.0.
  • 5a2915e Require ruby >= 2.0.0.
  • aa69fc8 Remove my email from the README.
  • c24eb67 Replace the Travis-CI badge with a GitHub Actions badge.
  • 94fdb8a Bump the prospective 0.8.0 release date.
  • 316205b Moved the Thor::Shell::Basic extension into bundler/audit/cli/.
  • c360a9f Always refer to the bundler-audit command.
  • c40252b Remove grosser per his request.
  • 63f6a6b Enable the GitHub Sponsors button
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)