Skip to content

Update bundler-audit requirement from ~> 0.6.0 to ~> 0.7.0 #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot-preview wants to merge 1 commit into from
Closed

Update bundler-audit requirement from ~> 0.6.0 to ~> 0.7.0 #36

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link

@dependabot-preview dependabot-preview bot commented Jun 15, 2020

Updates the requirements on bundler-audit to permit the latest version.

Changelog

Sourced from bundler-audit's changelog.

0.7.0.1 / 2020-06-12

  • Forgot to populate data/ruby-advisory-db.

0.7.0 / 2020-06-12

  • Require [thor] >= 0.18, < 2.
  • Added {Bundler::Audit::Advisory#ghsa} (@rschultheis).
  • Added {Bundler::Audit::Advisory#cvss_v3} (@ahamlin-nr).
  • Added {Bundler::Audit::Advisory#identifiers} (@rschultheis).
  • Updated {Bundler::Audit::Advisory#criticality} ranges (@reedloden).
  • Avoid rebasing the ruby-advisory-db when updating (@nicknovitski).
  • Fixed issue with Bundler 2.x where source URIs are no longer parsed as URI::HTTP objects, but as Bundler::URI::HTTP objects. (@milgner)

0.6.1 / 2019-01-17

  • Require bundler >= 1.2.0, < 3 to support [bundler] 2.0.

0.6.0 / 2017-07-18

  • Added --quiet option to check and update commands (@jaredbeck).
  • Added bin/bundler-audit which will be executed when bundle audit is ran (@vassilevsky).

0.5.0 / 2016-02-28

  • Added {Bundler::Audit::Task}.
  • Added {Bundler::Audit::Advisory#date}.
  • Added {Bundler::Audit::Advisory#cve_id}.
  • Added {Bundler::Audit::Advisory#osvdb_id}.
  • Allow insecure gem sources (http:// and git://), if they are hosted on a private network.

CLI

  • Added the --update option to bundle-audit check.
  • bundle-audit update now returns a non-zero exit status on error.
  • bundle-audit update only updates ~/.local/share/ruby-advisory-db, if it is a git repository.

0.4.0 / 2015-06-30

  • Require ruby >= 1.9.3 due to i18n gem deprecating < 1.9.3.
  • Added {Bundler::Audit::Advisory#osvdb}.
  • Resolve the IP addresses of gem sources and ignore intranet gem sources. (PR #90)
  • Use ISO8601 date format when querying the git timestamp of ruby-advisory-db. (PR #92)
... (truncated)
Commits
  • a627af4 Updated ChangeLog for the bundler-audit 0.7.0.1 hotfix.
  • 2774eea Version bump to 0.7.0.1 to for the data/ruby-advisory-db hotfix.
  • 757b7d4 Version bump to 0.7.1.
  • 752b385 Add a directory task to populate data/ruby-advisory-db.
  • 4220f07 Updated ruby-advisory-db
  • 056630b Fix my name in the ChangeLog
  • cb3d60d Updated the ChangeLog for 0.7.0.
  • 8bdaa99 Added @since tags to new methods.
  • 91418da Version bump to 0.7.0 due to minor new features.
  • 16cf781 Fix the documentation of the :quiet option for Database.update!.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Update bundler-audit requirement from ~> 0.6.0 to ~> 0.7.0
0ea168e 
Updates the requirements on [bundler-audit](https://github.com/postmodern/bundler-audit) to permit the latest version.
- [Release notes](https://github.com/postmodern/bundler-audit/releases)
- [Changelog](https://github.com/rubysec/bundler-audit/blob/master/ChangeLog.md)
- [Commits](rubysec/bundler-audit@v0.6.0...v0.7.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jun 15, 2020
@dependabot-preview
Copy link
Author

dependabot-preview bot commented Mar 11, 2021

Superseded by #53.

@dependabot-preview dependabot-preview bot deleted the dependabot/bundler/bundler-audit-tw-0.7.0 branch March 11, 2021 05:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants