Merge pull request #4 from civisanalytics/update_dependencies

Updating dependencies
civisanalytics · Sep 15, 2016 · ea70854 · ea70854
2 parents db1f4f8 + 0bdb6d8
commit ea70854
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 28 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -11,3 +11,9 @@ Style/Documentation:
 Style/FileName:
   Exclude:
     - 'exe/ruby-audit'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Style/NumericPredicate:
+  Enabled: false
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.3.0
+2.3.1
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,9 @@
 language: ruby
 cache: bundler
+rvm:
+  - 2.1.10
+  - 2.2.5
+  - 2.3.1
 branches:
   only:
     - master
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,18 +1,34 @@
 # Change Log
 
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+
 ## Unreleased
 
-### Changes
+### Added
+
+* Added a matrix build of 2.1, 2.2, and 2.3 to Travis
+
+### Changed
 
 * Added a [Code of Conduct](CODE_OF_CONDUCT.md)
+* Bumped the bundler-audit version to 0.5
+* Bumped the RSpec version for development to 3.5
+* Bumped the Rake version for development to 11.2
+* Bumped the RuboCop version for development to 0.42
+* Bumped the Ruby version for development to 2.3.1
 
-## 1.0.1 (2016-02-03)
+## [1.0.1] - 2016-02-03
 
-### Bugs Fixed
+### Fixed
 
 * [#1](https://github.com/civisanalytics/ruby_audit/pull/1)
   removing unreliable last-update check
 
 ## 1.0.0 (2016-02-03)
 
 * Initial Release
+
+[Unreleased]: https://github.com/civisanalytics/ruby_audit/compare/v1.1.0...HEAD
+[1.0.1]: https://github.com/civisanalytics/ruby_audit/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/civisanalytics/ruby_audit/commit/7535b70412641c888c80d99514b27ba254fb8316
diff --git a/lib/ruby_audit/scanner.rb b/lib/ruby_audit/scanner.rb
@@ -23,11 +23,11 @@ def scan(options = {}, &block)
     end
 
     def scan_ruby(options = {}, &block)
-      if RUBY_PATCHLEVEL < 0
-        version = ruby_version
-      else
-        version = "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
-      end
+      version = if RUBY_PATCHLEVEL < 0
+                  ruby_version
+                else
+                  "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
+                end
       specs = [Version.new(RUBY_ENGINE, version)]
       scan_inner(specs, 'ruby', options, &block)
     end
@@ -43,8 +43,8 @@ def ruby_version
       # .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
       # 2.2.0preview1 -> 2.2.0.preview.1).
       `ruby --version`.split[1]
-        .gsub(/(\d)([a-z]+)/, '\1.\2')
-        .gsub(/([a-z]+)(\d)/, '\1.\2')
+                      .gsub(/(\d)([a-z]+)/, '\1.\2')
+                      .gsub(/([a-z]+)(\d)/, '\1.\2')
     end
 
     def rubygems_version
@@ -59,22 +59,12 @@ def scan_inner(specs, type, options = {})
 
       specs.each do |spec|
         @database.send("check_#{type}".to_sym, spec) do |advisory|
-          unless ignore.include?(cve_id(advisory)) ||
-                 ignore.include?(osvdb_id(advisory))
+          unless ignore.include?(advisory.cve_id) ||
+                 ignore.include?(advisory.osvdb_id)
             yield UnpatchedGem.new(spec, advisory)
           end
         end
       end
     end
-
-    # Workaround for advisory.cve_id, present in master but not 0.4.0.
-    def cve_id(advisory)
-      "CVE-#{advisory.cve}" if advisory.cve
-    end
-
-    # Workaround for advisory.osvdb_id, present in master but not 0.4.0.
-    def osvdb_id(advisory)
-      "OSVDB-#{advisory.osvdb}" if advisory.osvdb
-    end
   end
 end
diff --git a/lib/ruby_audit/version.rb b/lib/ruby_audit/version.rb
@@ -1,3 +1,3 @@
 module RubyAudit
-  VERSION = '1.0.1'
+  VERSION = '1.0.1'.freeze
 end
diff --git a/ruby_audit.gemspec b/ruby_audit.gemspec
@@ -23,11 +23,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'bundler-audit', '~> 0.4.0'
+  spec.add_dependency 'bundler-audit', '~> 0.5.0'
   spec.add_development_dependency 'bundler', '~> 1.11'
   spec.add_development_dependency 'pry', '~> 0.10.3'
-  spec.add_development_dependency 'rake', '~> 10.5'
-  spec.add_development_dependency 'rspec', '~> 3.4'
-  spec.add_development_dependency 'rubocop', '~> 0.35.0'
+  spec.add_development_dependency 'rake', '~> 11.2'
+  spec.add_development_dependency 'rspec', '~> 3.5'
+  spec.add_development_dependency 'rubocop', '~> 0.42.0'
   spec.add_development_dependency 'timecop', '~> 0.8.0'
 end