0.3.0 / 2013-10-31
- Added Bundler::Audit::Database.update! which uses
git
to download ruby-advisory-db to~/.local/share/ruby-advisory-db
. - Bundler::Audit::Database.path now returns the path to either
~/.local/share/ruby-advisory-db
or the vendored copy, depending on which is more recent.
CLI
- Added the
bundle-audit update
sub-command.
0.2.0 / 2013-03-05
- Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly
parse approximate version requirements (
~> 1.2.3
). - Updated the ruby-advisory-db.
- Added Bundler::Audit::Advisory#unaffected_versions.
- Added Bundler::Audit::Advisory#unaffected?.
- Added Bundler::Audit::Advisory#patched?.
- Renamed
Advisory#cve
to Bundler::Audit::Advisory#id.
0.1.2 / 2013-02-17
- Require bundler ~> 1.2.
- Vendor a full copy of the ruby-advisory-db.
- Added Bundler::Audit::Advisory#path for debugging purposes.
- Added Bundler::Audit::Advisory#to_s for debugging purposes.
CLI
- Simply parse the
Gemfile.lock
instead of loading the bundle (@grosser). - Exit with non-zero status on failure (@grosser).
0.1.1 / 2013-02-12
- Fixed a Ruby 1.8 syntax error.
Advisories
- Imported advisories from the Ruby Advisory DB.
CLI
- If the advisory has no
patched_versions
, recommend removing or disabling the gem until a patch is made available.
0.1.0 / 2013-02-11
- Initial release:
- Checks for vulnerable versions of gems in
Gemfile.lock
. - Prints advisory information.
- Does not require a network connection.
- Checks for vulnerable versions of gems in