From 182a95dbdd3c7756887fd252eb22f6d7d8fcd251 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 10:27:01 +0530 Subject: [PATCH 1/7] initial commit --- .github/workflows/build-test-lint.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build-test-lint.yml b/.github/workflows/build-test-lint.yml index 4f528db7..7b6d1fd5 100644 --- a/.github/workflows/build-test-lint.yml +++ b/.github/workflows/build-test-lint.yml @@ -24,6 +24,14 @@ jobs: run: bundle install working-directory: xero-ruby + - name: Check Outdated Packages + run: bundle outdated + working-directory: xero-ruby + + - name: Check Vulnerable Packages + run: bundle audit + working-directory: xero-ruby + - name: Compile Build run: find . -name "*.rb" | xargs -n 1 ruby -c > /dev/null 2>&1 || exit 1 working-directory: xero-ruby From 35f14f1db8dd388a0cad9d0acedadc3565f85a71 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 10:28:23 +0530 Subject: [PATCH 2/7] made outdated check to pass --- .github/workflows/build-test-lint.yml | 2 +- .github/workflows/test.yml | 17 ----------------- 2 files changed, 1 insertion(+), 18 deletions(-) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/build-test-lint.yml b/.github/workflows/build-test-lint.yml index 7b6d1fd5..308d60ff 100644 --- a/.github/workflows/build-test-lint.yml +++ b/.github/workflows/build-test-lint.yml @@ -25,7 +25,7 @@ jobs: working-directory: xero-ruby - name: Check Outdated Packages - run: bundle outdated + run: bundle outdated || true working-directory: xero-ruby - name: Check Vulnerable Packages diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 59675493..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: test-hook - -on: [push] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: '3.0.0' - - name: Build and run tests - run: | - gem install bundler - bundle install From 6c1cf7a9695f1bbfc317c014fa57c9fb83c2de75 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 10:31:12 +0530 Subject: [PATCH 3/7] add bundle audit for checking the vulnerabilities --- Gemfile | 1 + Gemfile.lock | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index f4dbe484..18be3680 100644 --- a/Gemfile +++ b/Gemfile @@ -6,4 +6,5 @@ group :development, :test do gem 'rake', '~> 12.3.3' gem 'pry-byebug' gem 'rubocop', '~> 0.70' + gem 'bundler-audit' end diff --git a/Gemfile.lock b/Gemfile.lock index cc699f1d..82b6e877 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - xero-ruby (9.1.0) + xero-ruby (9.3.0) faraday (>= 2.0, < 3.0) json (~> 2.1, >= 2.1.0) json-jwt (~> 1.16, >= 1.16.3) @@ -24,6 +24,9 @@ GEM base64 (0.2.0) bigdecimal (3.1.8) bindata (2.5.0) + bundler-audit (0.9.2) + bundler (>= 1.2.0, < 3) + thor (~> 1.0) byebug (11.1.3) coderay (1.1.3) concurrent-ruby (1.3.3) @@ -95,6 +98,7 @@ GEM parser (>= 3.3.1.0) ruby-progressbar (1.13.0) strscan (3.1.0) + thor (1.3.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (1.8.0) @@ -105,6 +109,7 @@ PLATFORMS ruby DEPENDENCIES + bundler-audit pry-byebug rake (~> 12.3.3) rspec (~> 3.6, >= 3.6.0) From 84260646e4a3bdbd00d3d02e9f52c076809f0986 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 10:32:58 +0530 Subject: [PATCH 4/7] fix vulnerable package --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 82b6e877..c21fd6cf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -70,7 +70,7 @@ GEM rainbow (3.1.1) rake (12.3.3) regexp_parser (2.9.2) - rexml (3.3.4) + rexml (3.3.8) strscan rspec (3.13.0) rspec-core (~> 3.13.0) From 3aa25634de9c1fe04437fe8ed2772aef3bf0fe79 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 10:58:10 +0530 Subject: [PATCH 5/7] update existing packages using bundle update --- Gemfile.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c21fd6cf..67ca70e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,16 +9,17 @@ PATH GEM remote: https://rubygems.org/ specs: - activesupport (7.1.3.4) + activesupport (7.2.1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) aes_key_wrap (1.1.0) ast (2.4.2) base64 (0.2.0) @@ -29,18 +30,19 @@ GEM thor (~> 1.0) byebug (11.1.3) coderay (1.1.3) - concurrent-ruby (1.3.3) + concurrent-ruby (1.3.4) connection_pool (2.4.1) diff-lcs (1.5.1) drb (2.2.1) - faraday (2.10.1) - faraday-net_http (>= 2.0, < 3.2) + faraday (2.12.0) + faraday-net_http (>= 2.0, < 3.4) + json logger faraday-follow_redirects (0.3.0) faraday (>= 1, < 3) - faraday-net_http (3.1.1) + faraday-net_http (3.3.0) net-http - i18n (1.14.5) + i18n (1.14.6) concurrent-ruby (~> 1.0) json (2.7.2) json-jwt (1.16.6) @@ -50,14 +52,13 @@ GEM bindata faraday (~> 2.0) faraday-follow_redirects - logger (1.6.0) + logger (1.6.1) method_source (1.1.0) - minitest (5.24.1) - mutex_m (0.2.0) + minitest (5.25.1) net-http (0.4.1) uri - parallel (1.25.1) - parser (3.3.4.0) + parallel (1.26.3) + parser (3.3.5.0) ast (~> 2.4.1) racc pry (0.14.2) @@ -71,17 +72,16 @@ GEM rake (12.3.3) regexp_parser (2.9.2) rexml (3.3.8) - strscan rspec (3.13.0) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) - rspec-core (3.13.0) + rspec-core (3.13.1) rspec-support (~> 3.13.0) - rspec-expectations (3.13.1) + rspec-expectations (3.13.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-mocks (3.13.1) + rspec-mocks (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) @@ -94,15 +94,15 @@ GEM rubocop-ast (>= 0.6.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 2.0) - rubocop-ast (1.31.3) + rubocop-ast (1.32.3) parser (>= 3.3.1.0) ruby-progressbar (1.13.0) - strscan (3.1.0) + securerandom (0.3.1) thor (1.3.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unicode-display_width (1.8.0) - uri (0.13.0) + uri (0.13.1) PLATFORMS arm64-darwin-23 From 02a51f3d7523b696f3591cac5ba7965bc093251e Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 11:01:01 +0530 Subject: [PATCH 6/7] fix outdated packages from gemspec --- Gemfile | 4 ++-- Gemfile.lock | 23 ++++++++++++----------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index 18be3680..38b44272 100644 --- a/Gemfile +++ b/Gemfile @@ -3,8 +3,8 @@ source 'https://rubygems.org' gemspec group :development, :test do - gem 'rake', '~> 12.3.3' + gem 'rake', '~> 13.2.1' gem 'pry-byebug' - gem 'rubocop', '~> 0.70' + gem 'rubocop', '~> 1.66.1' gem 'bundler-audit' end diff --git a/Gemfile.lock b/Gemfile.lock index 67ca70e7..cc23fbce 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -52,6 +52,7 @@ GEM bindata faraday (~> 2.0) faraday-follow_redirects + language_server-protocol (3.17.0.3) logger (1.6.1) method_source (1.1.0) minitest (5.25.1) @@ -69,9 +70,8 @@ GEM pry (>= 0.13, < 0.15) racc (1.8.1) rainbow (3.1.1) - rake (12.3.3) + rake (13.2.1) regexp_parser (2.9.2) - rexml (3.3.8) rspec (3.13.0) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) @@ -85,15 +85,16 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) - rubocop (0.93.1) + rubocop (1.66.1) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 2.7.1.5) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) - regexp_parser (>= 1.8) - rexml - rubocop-ast (>= 0.6.0) + regexp_parser (>= 2.4, < 3.0) + rubocop-ast (>= 1.32.2, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 2.0) + unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.32.3) parser (>= 3.3.1.0) ruby-progressbar (1.13.0) @@ -101,7 +102,7 @@ GEM thor (1.3.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unicode-display_width (1.8.0) + unicode-display_width (2.6.0) uri (0.13.1) PLATFORMS @@ -111,9 +112,9 @@ PLATFORMS DEPENDENCIES bundler-audit pry-byebug - rake (~> 12.3.3) + rake (~> 13.2.1) rspec (~> 3.6, >= 3.6.0) - rubocop (~> 0.70) + rubocop (~> 1.66.1) xero-ruby! BUNDLED WITH From 56e6b7ec66c7148143d19da97c2f6620107bae23 Mon Sep 17 00:00:00 2001 From: vigneshk-tw Date: Tue, 8 Oct 2024 11:24:48 +0530 Subject: [PATCH 7/7] reordered build steps --- .github/workflows/build-test-lint.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-lint.yml b/.github/workflows/build-test-lint.yml index 308d60ff..ba0c856c 100644 --- a/.github/workflows/build-test-lint.yml +++ b/.github/workflows/build-test-lint.yml @@ -24,14 +24,14 @@ jobs: run: bundle install working-directory: xero-ruby - - name: Check Outdated Packages - run: bundle outdated || true - working-directory: xero-ruby - - name: Check Vulnerable Packages run: bundle audit working-directory: xero-ruby + - name: Check Outdated Packages + run: bundle outdated || true + working-directory: xero-ruby + - name: Compile Build run: find . -name "*.rb" | xargs -n 1 ruby -c > /dev/null 2>&1 || exit 1 working-directory: xero-ruby