phoedos/pmd
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,011 Commits 16 Branches 123 Tags 510 MiB
Commit Graph

48 Commits

Author SHA1 Message Date
Andreas Dangel
aa6851e2d2
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/49
Fixes https://github.com/pmd/pmd/security/dependabot/50
 2024-02-15 20:31:17 +01:00
Andreas Dangel
a558fd17eb
[ci] Use bundler 2.4.22, which is still compatible with ruby 2.7 2023-12-16 13:03:32 +01:00
Andreas Dangel
1c8c5cf434
Bump pmdtester from 1.5.4 to 1.5.5 2023-11-16 10:27:54 +01:00
Andreas Dangel
94d374acaa
Update gems 
* Bump commonmarker from 0.23.9 to 0.23.10
** Fixes https://github.com/pmd/pmd/security/dependabot/43
** Fixes https://github.com/advisories/GHSA-7vh7-fw88-wj87
* Bump activesupport from 7.0.5 to 7.0.8
** Fixes https://github.com/pmd/pmd/security/dependabot/45
** Fixes CVE-2023-38037
** Fixes https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
* Bump addressable from 2.8.4 to 2.8.5
* Bump danger from 9.2.0 to 9.3.2
* Bump execjs from 2.8.1 to 2.9.1
* Bump faraday from 2.7.5 to 2.7.11
* Bump ffi from 1.15.5 to 1.16.2
* Bump i18n from 1.13.0 to 1.14.1
* Bump mini_portile2 from 2.8.2 to 2.8.4
* Bump minitest from 5.18.0 to 5.20.0
* Bump nokogiri from 1.15.2 to 1.15.4
* Bump octokit from 5.6.1 to 6.1.1
* Bump public_suffix from 5.0.1 to 5.0.3
* Bump racc from 1.6.2 to 1.7.1
* Bump rexml from 3.2.5 to 3.2.6
* Bump rouge from 4.1.1 to 4.1.3
* Bump rufus-schedule from 3.8.2 to 3.9.1
 2023-09-28 12:17:26 +02:00
Andreas Dangel
f147c76577
Update gems - use pmdtester 1.5.4 2023-05-28 09:04:46 +02:00
Andreas Dangel
ae766de203
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/38
Fixes https://github.com/pmd/pmd/security/dependabot/39
Fixes https://github.com/pmd/pmd/security/dependabot/40
 2023-04-28 10:28:17 +02:00
Andreas Dangel
11e2a8687e
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/37
Fixes CVE-2023-28120
Fixes https://github.com/advisories/GHSA-pj73-v5mw-pm9j
 2023-03-17 10:40:15 +01:00
Andreas Dangel
c3b1317a77
Update gems 2023-02-02 09:37:17 +01:00
Andreas Dangel
9d92528587
Update bundler 2023-01-25 08:56:17 +01:00
Andreas Dangel
6b2f1be14e
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/35
Fixes CVE-2023-22796
Fixes https://github.com/advisories/GHSA-j6gc-792m-qgm2

Fixes https://github.com/pmd/pmd/security/dependabot/36
Fixes https://github.com/advisories/GHSA-636f-xm5j-pj9m
 2023-01-25 08:48:34 +01:00
Andreas Dangel
89b947bec5
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/34
Fixes CVE-2022-46648
Fixes https://github.com/advisories/GHSA-pfpr-3463-c6jh
 2023-01-10 12:21:27 +01:00
Andreas Dangel
9f5bd42d43
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/31
Fixes CVE-2022-23476
Fixes https://github.com/advisories/GHSA-qv4q-mr5r-qprj
 2022-12-08 11:41:02 +01:00
Andreas Dangel
edcfe21131
Update pmdtester and other gems 2022-11-25 15:15:10 +01:00
Andreas Dangel
f54ca8b364
Update gems 2022-10-20 15:53:51 +02:00
Andreas Dangel
241e1e140a
Bump pmdtester from 1.5.1 to 1.5.2 2022-10-20 15:53:32 +02:00
Andreas Dangel
0dcff72455
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/26
Fixes https://github.com/advisories/GHSA-4qw4-jpp4-8gvp
 2022-09-24 17:52:56 +02:00
Andreas Dangel
4308aafe92
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/22
TZInfo relative path traversal vulnerability allows loading of arbitrary files
CVE-2022-31163
https://github.com/advisories/GHSA-5cm2-9h8c-rvfx
 2022-07-22 14:14:12 +02:00
Andreas Dangel
dc512e8a04
[ci] Update gems 
- update pmdtester from 1.5.0 to 1.5.1
- update nokogiri from 1.13.5 to 1.13.6
- update activesupport from 6.0.4.8 to 6.0.5
 2022-05-12 17:33:54 +02:00
Andreas Dangel
d3880443f7
[ci] Update gems 
- update pmtester from 1.4.1 to 1.5.0
- update nokogiri from 1.13.4 to 1.13.5
 2022-05-06 15:05:20 +02:00
Andreas Dangel
4eb2471939
Update gems 
Fixes Command injection in ruby-git
(https://github.com/pmd/pmd/security/dependabot/21)
 2022-04-29 12:01:29 +02:00
Andreas Dangel
d09a48ad5f
Update regression-tester and other gems 
pmd-tester 1.4.1
nokogiri 1.13.4

Fixes the following security alerts:
- Out-of-bounds Write in zlib affects Nokogiri
- XML Injection in Xerces Java affects Nokogiri
- Inefficient Regular Expression Complexity in Nokogiri
- Denial of Service (DoS) in Nokogiri on JRuby
 2022-04-12 12:17:01 +02:00
Andreas Dangel
0081e61cfd
Update pmdtester to 1.4.0 2022-03-24 16:46:42 +01:00
Andreas Dangel
b1f85585d4
Revert "REVERT ME - Use pmtester from pmd/pmd-regression-tester#103" 
This reverts commit 67928910df25574ec41821b60d352e5f32bfe971.
 2022-03-24 16:18:51 +01:00
Andreas Dangel
67928910df
REVERT ME - Use pmtester from pmd/pmd-regression-tester#103 
And also make a change in core to run it
 2022-03-18 15:51:15 +01:00
Andreas Dangel
c421e7e646
Update gems 
Fixes https://github.com/pmd/pmd/security/dependabot/12
 2022-03-10 10:58:16 +01:00
Andreas Dangel
691887af00
Update gems (nokogiri and others) 
Fixes https://github.com/pmd/pmd/security/dependabot/11
Fixes https://github.com/pmd/pmd/security/dependabot/10
 2022-02-26 10:39:00 +01:00
Andreas Dangel
ffe8893a3d
Update pmdtester from 1.2.0 to 1.3.0 2021-12-20 19:02:28 +01:00
Andreas Dangel
740968461a
Bump danger from 5.16.1 to 8.4.0 2021-10-15 22:37:23 +02:00
Andreas Dangel
c9077e19ea
Update gems 
Fixes https://github.com/advisories/GHSA-2rr5-8q37-2w7h
 2021-09-30 15:48:48 +02:00
Andreas Dangel
4a519be2d9
Update gems 
Fixes CVE-2021-32740
Regular Expression Denial of Service in Addressable templates
https://github.com/advisories/GHSA-jxhc-q857-3j6g
 2021-07-15 10:43:38 +02:00
Andreas Dangel
d79c2d1a0f
[ci] Bump pmd-regression-tester from 1.1.2 to 1.2.0 2021-06-20 18:43:17 +02:00
Andreas Dangel
0dab8818af
Update gems 2021-05-20 14:26:47 +02:00
Andreas Dangel
c2955e3aa9 Update gems 
Fixes CVE-2021-28965
https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
 2021-05-06 10:12:13 +02:00
Andreas Dangel
9937aed5dc Update gems, use pmdtester 1.1.2 2021-04-23 11:51:52 +02:00
Andreas Dangel
bbec003287 Update gems 2021-04-01 12:01:18 +02:00
Andreas Dangel
9158c9f439 [ci] Update pmdtester to 1.1.1, disable debug 2021-01-16 10:12:32 +01:00
Andreas Dangel
5ed003c686 Update gems 
CVE-2020-26247
https://github.com/advisories/GHSA-vr8q-g5c7-m54m
 2021-01-07 15:28:06 +01:00
Andreas Dangel
5fffaa90f5 [ci] Update pmdtester to 1.1.0 2020-12-05 15:09:11 +01:00
Andreas Dangel
ff030d1d2d [ci] Update regression tester 
* Remove workaround for pre-downloading baseline
  and add baseline-download-url option
* Remove unnecessary travis_wait
* Add error-recovery flag
 2020-11-25 11:26:16 +01:00
Andreas Dangel
cac03fdb29 [ci] Switch back to pmd/pmd-regression-tester@master 2020-10-28 16:17:11 +01:00
Andreas Dangel
ff6e5278f3 [ci] Update pmd-tester, use auxclasspath 
This will test pmd/pmd-regression-tester#72

checkstyle:
Add exclude patterns for checkstyle: after compilation,
testresources appear now under target/test-classes
and they don't need to be analyzed again.
Also exclude generated-sources.
 2020-10-28 11:49:57 +01:00
Andreas Dangel
6277717dcf Update gems 
Fixes CVE-2020-14001 (kramdown)
 2020-08-13 09:48:07 +02:00
Andreas Dangel
58d92add5f Update gems 2020-07-31 14:08:28 +02:00
Andreas Dangel
bb97b693f2 Update pmd-regression-tester 1.0.1 2020-07-08 20:29:26 +02:00
Andreas Dangel
53c581b69a Update pmd-regression-tester 2020-07-06 21:44:47 +02:00
Andreas Dangel
bc4a1d67eb Update gems 2020-05-29 09:27:58 +02:00
Andreas Dangel
805d06a690 Update gems 2020-04-25 11:45:13 +02:00
Andreas Dangel
6c4b6b1649 fix:[ci] Danger is failing builds 
Add Gemfile.lock to pin down the current versions

fixes #2040
 2019-09-29 21:24:34 +02:00