Changed "upgrade to" to "update to" to match bundle update (closes #…

…394).
rubysec · Aug 15, 2024 · 3a5b620 · 3a5b620
1 parent ae4e6ee
commit 3a5b620
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -31,55 +31,55 @@ Audit a project's `Gemfile.lock`:
     Criticality: Medium
     URL: http://www.osvdb.org/show/osvdb/91452
     Title: XSS vulnerability in sanitize_css in Action Pack
-    Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
+    Solution: update to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
 
     Name: actionpack
     Version: 3.2.10
     Advisory: OSVDB-91454
     Criticality: Medium
     URL: http://osvdb.org/show/osvdb/91454
     Title: XSS Vulnerability in the `sanitize` helper of Ruby on Rails
-    Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
+    Solution: update to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
 
     Name: actionpack
     Version: 3.2.10
     Advisory: OSVDB-89026
     Criticality: High
     URL: http://osvdb.org/show/osvdb/89026
     Title: Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing Remote Code Execution
-    Solution: upgrade to ~> 2.3.15, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
+    Solution: update to ~> 2.3.15, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
 
     Name: activerecord
     Version: 3.2.10
     Advisory: OSVDB-91453
     Criticality: High
     URL: http://osvdb.org/show/osvdb/91453
     Title: Symbol DoS vulnerability in Active Record
-    Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
+    Solution: update to ~> 2.3.18, ~> 3.1.12, >= 3.2.13
 
     Name: activerecord
     Version: 3.2.10
     Advisory: OSVDB-90072
     Criticality: Medium
     URL: http://direct.osvdb.org/show/osvdb/90072
     Title: Ruby on Rails Active Record attr_protected Method Bypass
-    Solution: upgrade to ~> 2.3.17, ~> 3.1.11, >= 3.2.12
+    Solution: update to ~> 2.3.17, ~> 3.1.11, >= 3.2.12
 
     Name: activerecord
     Version: 3.2.10
     Advisory: OSVDB-89025
     Criticality: High
     URL: http://osvdb.org/show/osvdb/89025
     Title: Ruby on Rails Active Record JSON Parameter Parsing Query Bypass
-    Solution: upgrade to ~> 2.3.16, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
+    Solution: update to ~> 2.3.16, ~> 3.0.19, ~> 3.1.10, >= 3.2.11
 
     Name: activesupport
     Version: 3.2.10
     Advisory: OSVDB-91451
     Criticality: High
     URL: http://www.osvdb.org/show/osvdb/91451
     Title: XML Parsing Vulnerability affecting JRuby users
-    Solution: upgrade to ~> 3.1.12, >= 3.2.13
+    Solution: update to ~> 3.1.12, >= 3.2.13
 
     Unpatched versions found!
 

diff --git a/lib/bundler/audit/cli/formats/junit.rb b/lib/bundler/audit/cli/formats/junit.rb
@@ -101,7 +101,7 @@ def bundle_title(result)
 
           def advisory_solution(advisory)
             unless advisory.patched_versions.empty?
-              "upgrade to #{advisory.patched_versions.map { |v| "'#{v}'" }.join(', ')}"
+              "update to #{advisory.patched_versions.map { |v| "'#{v}'" }.join(', ')}"
             else
               "remove or disable this gem until a patch is available!"
             end

diff --git a/lib/bundler/audit/cli/formats/text.rb b/lib/bundler/audit/cli/formats/text.rb
@@ -104,7 +104,7 @@ def print_advisory(gem, advisory)
             end
 
             unless advisory.patched_versions.empty?
-              say "Solution: upgrade to ", :red
+              say "Solution: update to ", :red
               say advisory.patched_versions.map { |v| "'#{v}'" }.join(', ')
             else
               say "Solution: ", :red

diff --git a/spec/cli/formats/junit_spec.rb b/spec/cli/formats/junit_spec.rb
@@ -240,8 +240,8 @@
         end
 
         context "when Advisory#patched_versions is not empty" do
-          it 'must print "Solution: upgrade to ..."' do
-            expect(output).to include("Solution: upgrade to #{CGI.escapeHTML(advisory.patched_versions.map { |v| "'#{v}'" }.join(', '))}")
+          it 'must print "Solution: update to ..."' do
+            expect(output).to include("Solution: update to #{CGI.escapeHTML(advisory.patched_versions.map { |v| "'#{v}'" }.join(', '))}")
           end
         end
 

diff --git a/spec/cli/formats/text_spec.rb b/spec/cli/formats/text_spec.rb
@@ -229,8 +229,8 @@
         end
 
         context "when Advisory#patched_versions is not empty" do
-          it 'must print "Solution: upgrade to ..."' do
-            expect(output_lines).to include("Solution: upgrade to #{advisory.patched_versions.map { |v| "'#{v}'" }.join(', ')}")
+          it 'must print "Solution: update to ..."' do
+            expect(output_lines).to include("Solution: update to #{advisory.patched_versions.map { |v| "'#{v}'" }.join(', ')}")
           end
         end