File: ChangeLog — Documentation for mrjoy-bundler-audit (0.3.6)

Improve user experience when insecure sources -- but no insecure gem versions -- are found.

Integrate upstream changes from gut_vendored_db. This eliminates the internal copy of the database entirely and automatically downloads one if needed.
Fix several bugs in upstream branch, and make test cases more robust.
Include integration test results in coverage analysis.
Improve code coverage.
Improve Travis integration.

Fix development-mode code loading issue.
Update Travis config to include Ruby 2.1.0 and 2.1.1.
Improve test suite to 90+% code coverage.
Fix a couple Ruby 1.9-isms.
Freshen included vulnerability DB.
Incorporate upstream changes, including fix for Bundler-vendored Thor creating a conflict.

Fix for serious issue that would cause bundle-audit to ignore a locally installed cache of the vulnerability database in favor of its vendored version.
Simplified code according to ABC metric, getting CodeClimate results to 4.0.
Added SimpleCov to ensure reasonable test coverage.
Updated docs to explain differentiation of this fork vs. upstream.

Store the timestamp of when data/ruby-advisory-db was last updated in data/ruby-advisory-db.ts.
Use data/ruby-advisory-db.ts instead of the creation time of the dataruby-advisory-db directory, which is always the install time of the rubygem.

Added Bundler::Audit::Database.update! which uses git to download ruby-advisory-db to ~/.local/share/ruby-advisory-db.
Bundler::Audit::Database.path now returns the path to either ~/.local/share/ruby-advisory-db or the vendored copy, depending on which is more recent.

Integrate upstream changes from 0.2.0, with local changes from 0.1.4.
Make specs automatically refresh .gitignore'd Gemfile.lock in spec scenarios when the Gemfile has changed in a way that bundle install isn't happy about (e.g. version bump on a gem previously listed in the Gemfile.)

Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (~> 1.2.3).
Updated the ruby-advisory-db.
Added Bundler::Audit::Advisory#unaffected_versions.
Added Bundler::Audit::Advisory#unaffected?.
Added Bundler::Audit::Advisory#patched?.
Renamed Advisory#cve to Bundler::Audit::Advisory#id.

RVM compartmentalization for the project (only relevant to people hacking on it).
Adding Ruby 2.0.0 to Travis config.
Updated the ruby-advisory-db from ffce5a2 to ee2ff0b.
Update Advisory class to compensate for change in naming convention in ruby-advisory-db.
Make some tests less brittle, and get them passing again after the ruby-advisory-db update.
Add ability for individual spec files to be called individually.
Rename gem so this can be installed via Rubygems.

Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (~> 1.2.3).
Updated the ruby-advisory-db.
Added Bundler::Audit::Advisory#unaffected_versions.
Added Bundler::Audit::Advisory#unaffected?.
Added Bundler::Audit::Advisory#patched?.

If the advisory has no patched_versions, recommend removing or disabling the gem until a patch is made available.

Initial release:
- Checks for vulnerable versions of gems in Gemfile.lock.
- Prints advisory information.
- Does not require a network connection.