### mrjoy-0.3.5 / 2014-04-16 * Improve user experience when no vulnerability DB has been downloaded. * Slight improvement to code coverage. ### mrjoy-0.3.4 / 2014-04-16 * Integrate upstream changes from `gut_vendored_db`. This eliminates the internal copy of the database entirely and automatically downloads one if needed. * Fix several bugs in upstream branch, and make test cases more robust. * Include integration test results in coverage analysis. * Improve code coverage. * Improve Travis integration. ### mrjoy-0.3.3 / 2014-04-15 * Fix development-mode code loading issue. * Update Travis config to include Ruby 2.1.0 and 2.1.1. * Improve test suite to 90+% code coverage. * Fix a couple Ruby 1.9-isms. * Freshen included vulnerability DB. * Incorporate upstream changes, including fix for Bundler-vendored Thor creating a conflict. ### mrjoy-0.3.2 / 2013-11-04 * Fix for [serious issue](https://github.com/rubysec/bundler-audit/issues/48) that would cause bundle-audit to ignore a locally installed cache of the vulnerability database in favor of its vendored version. * Simplified code according to ABC metric, getting CodeClimate results to 4.0. * Added SimpleCov to ensure reasonable test coverage. * Updated docs to explain differentiation of this fork vs. upstream. ### mrjoy-0.3.1 / 2013-11-04 * Integrated upstream 0.3.0 changes. * Refresh built-in dataset. * Make regression test more resilient and more bulletproof. * Integrate grosser's mechanism for [DRYing up tests a bit](https://github.com/grosser/bundler-audit/commit/8568f936fe86eb92c95d63ef3c0a33bffd3aeee9). ### 0.3.1 / 2013-12-03 * Store the timestamp of when `data/ruby-advisory-db` was last updated in `data/ruby-advisory-db.ts`. * Use `data/ruby-advisory-db.ts` instead of the creation time of the `dataruby-advisory-db` directory, which is always the install time of the rubygem. ### 0.3.0 / 2013-10-31 * Added {Bundler::Audit::Database.update!} which uses `git` to download [ruby-advisory-db] to `~/.local/share/ruby-advisory-db`. * {Bundler::Audit::Database.path} now returns the path to either `~/.local/share/ruby-advisory-db` or the vendored copy, depending on which is more recent. #### CLI * Added the `bundle-audit update` sub-command. ### mrjoy-0.2.1 / 2013-09-13 * Integrate upstream changes from 0.2.0, with local changes from 0.1.4. * Make specs automatically refresh `.gitignore`'d `Gemfile.lock` in spec scenarios when the Gemfile has changed in a way that `bundle install` isn't happy about (e.g. version bump on a gem previously listed in the `Gemfile`.) ### 0.2.0 / 2013-03-05 * Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (`~> 1.2.3`). * Updated the [ruby-advisory-db]. * Added {Bundler::Audit::Advisory#unaffected_versions}. * Added {Bundler::Audit::Advisory#unaffected?}. * Added {Bundler::Audit::Advisory#patched?}. * Renamed `Advisory#cve` to {Bundler::Audit::Advisory#id}. ### mrjoy-0.1.4 / 2013-08-15 * RVM compartmentalization for the project (only relevant to people hacking on it). * Adding Ruby 2.0.0 to Travis config. * Updated the [ruby-advisory-db] from [ffce5a2](https://github.com/rubysec/ruby-advisory-db/commit/ffce5a27f239191e22bd47bb62c5a3121952b8d0) to [ee2ff0b](https://github.com/rubysec/ruby-advisory-db/commit/ee2ff0b6c971d0eb295595dc1cd48a777d8829bb). * Update `Advisory` class to compensate for change in naming convention in [ruby-advisory-db]. * Make some tests less brittle, and get them passing again after the [ruby-advisory-db] update. * Add ability for individual spec files to be called individually. * Rename gem so this can be installed via Rubygems. ### mrjoy-0.1.3 / 2013-03-05 * Require RubyGems >= 1.8.0. Prior versions of RubyGems could not correctly parse approximate version requirements (`~> 1.2.3`). * Updated the [ruby-advisory-db]. * Added {Bundler::Audit::Advisory#unaffected_versions}. * Added {Bundler::Audit::Advisory#unaffected?}. * Added {Bundler::Audit::Advisory#patched?}. ### 0.1.2 / 2013-02-17 * Require [bundler] ~> 1.2. * Vendor a full copy of the [ruby-advisory-db]. * Added {Bundler::Audit::Advisory#path} for debugging purposes. * Added {Bundler::Audit::Advisory#to_s} for debugging purposes. #### CLI * Simply parse the `Gemfile.lock` instead of loading the bundle (@grosser). * Exit with non-zero status on failure (@grosser). ### 0.1.1 / 2013-02-12 * Fixed a Ruby 1.8 syntax error. ### Advisories * Imported advisories from the [Ruby Advisory DB][ruby-advisory-db]. * [CVE-2011-0739](http://www.osvdb.org/show/osvdb/70667) * [CVE-2012-2139](http://www.osvdb.org/show/osvdb/81631) * [CVE-2012-2140](http://www.osvdb.org/show/osvdb/81632) * [CVE-2012-267](http://osvdb.org/83077) * [CVE-2012-1098](http://osvdb.org/79726) * [CVE-2012-1099](http://www.osvdb.org/show/osvdb/79727) * [CVE-2012-2660](http://www.osvdb.org/show/osvdb/82610) * [CVE-2012-2661](http://www.osvdb.org/show/osvdb/82403) * [CVE-2012-3424](http://www.osvdb.org/show/osvdb/84243) * [CVE-2012-3463](http://osvdb.org/84515) * [CVE-2012-3464](http://www.osvdb.org/show/osvdb/84516) * [CVE-2012-3465](http://www.osvdb.org/show/osvdb/84513) ### CLI * If the advisory has no `patched_versions`, recommend removing or disabling the gem until a patch is made available. ### 0.1.0 / 2013-02-11 * Initial release: * Checks for vulnerable versions of gems in `Gemfile.lock`. * Prints advisory information. * Does not require a network connection. #### Advisories * [CVE-2013-0269](http://direct.osvdb.org/show/osvdb/90074) * [CVE-2013-0263](http://osvdb.org/show/osvdb/89939) * [CVE-2013-0155](http://osvdb.org/show/osvdb/89025) * [CVE-2013-0156](http://osvdb.org/show/osvdb/89026) * [CVE-2013-0276](http://direct.osvdb.org/show/osvdb/90072) * [CVE-2013-0277](http://direct.osvdb.org/show/osvdb/90073) * [CVE-2013-0333](http://osvdb.org/show/osvdb/89594) [bundler]: http://gembundler.com/ [ruby-advisory-db]: https://github.com/rubysec/ruby-advisory-db#readme