mrjoy-0.3.6 / 2014-04-16
- Improve user experience when insecure sources -- but no insecure gem
versions -- are found.
mrjoy-0.3.5 / 2014-04-16
- Improve user experience when no vulnerability DB has been downloaded.
- Slight improvement to code coverage.
mrjoy-0.3.4 / 2014-04-16
- Integrate upstream changes from
gut_vendored_db
. This eliminates the
internal copy of the database entirely and automatically downloads one if
needed.
- Fix several bugs in upstream branch, and make test cases more robust.
- Include integration test results in coverage analysis.
- Improve code coverage.
- Improve Travis integration.
mrjoy-0.3.3 / 2014-04-15
- Fix development-mode code loading issue.
- Update Travis config to include Ruby 2.1.0 and 2.1.1.
- Improve test suite to 90+% code coverage.
- Fix a couple Ruby 1.9-isms.
- Freshen included vulnerability DB.
- Incorporate upstream changes, including fix for Bundler-vendored Thor
creating a conflict.
mrjoy-0.3.2 / 2013-11-04
- Fix for serious issue
that would cause bundle-audit to ignore a locally installed cache of the
vulnerability database in favor of its vendored version.
- Simplified code according to ABC metric, getting CodeClimate results to 4.0.
- Added SimpleCov to ensure reasonable test coverage.
- Updated docs to explain differentiation of this fork vs. upstream.
mrjoy-0.3.1 / 2013-11-04
- Integrated upstream 0.3.0 changes.
- Refresh built-in dataset.
- Make regression test more resilient and more bulletproof.
- Integrate grosser's mechanism for DRYing up tests a bit.
0.3.1 / 2013-12-03
- Store the timestamp of when
data/ruby-advisory-db
was last updated in
data/ruby-advisory-db.ts
.
- Use
data/ruby-advisory-db.ts
instead of the creation time of the
dataruby-advisory-db
directory, which is always the install time
of the rubygem.
0.3.0 / 2013-10-31
CLI
- Added the
bundle-audit update
sub-command.
mrjoy-0.2.1 / 2013-09-13
- Integrate upstream changes from 0.2.0, with local changes from 0.1.4.
- Make specs automatically refresh
.gitignore
'd Gemfile.lock
in spec
scenarios when the Gemfile has changed in a way that bundle install
isn't
happy about (e.g. version bump on a gem previously listed in the Gemfile
.)
0.2.0 / 2013-03-05
mrjoy-0.1.4 / 2013-08-15
- RVM compartmentalization for the project (only relevant to people hacking on
it).
- Adding Ruby 2.0.0 to Travis config.
- Updated the ruby-advisory-db from ffce5a2
to ee2ff0b.
- Update
Advisory
class to compensate for change in naming convention in
ruby-advisory-db.
- Make some tests less brittle, and get them passing again after the
ruby-advisory-db update.
- Add ability for individual spec files to be called individually.
- Rename gem so this can be installed via Rubygems.
mrjoy-0.1.3 / 2013-03-05
0.1.2 / 2013-02-17
CLI
- Simply parse the
Gemfile.lock
instead of loading the bundle (@grosser).
- Exit with non-zero status on failure (@grosser).
0.1.1 / 2013-02-12
- Fixed a Ruby 1.8 syntax error.
Advisories
CLI
- If the advisory has no
patched_versions
, recommend removing or disabling
the gem until a patch is made available.
0.1.0 / 2013-02-11
- Initial release:
- Checks for vulnerable versions of gems in
Gemfile.lock
.
- Prints advisory information.
- Does not require a network connection.
Advisories