Issue #4064: update CPAN::Audit to version 20250109.001

The distro CPANSA::DB is now also needed.

YAML::Tiny is required by CPAN::Audit, but is not really used.
So we don't need to include it in OTOBO.

Kernel/System/Environment.pm

@@ -311,7 +311,13 @@ sub BundleModulesDeclarationGet {
         {
             'Module'          => 'CPAN::Audit',
             'Required'        => 1,
-            'VersionRequired' => '== 20240718.001',
+            'VersionRequired' => '== 20250109.001',
+        },
+        {
+            'Comment'         => 'database of adbisories used by CPAN::Audit',
+            'Module'          => 'CPANSA::DB',
+            'Required'        => 1,
+            'VersionRequired' => '== 20250109.001',
         },
         {
             'Comment'         => 'needed by CPAN::Audit',

Kernel/cpan-lib/CPAN/Audit.pm

@@ -12,9 +12,9 @@ use CPAN::Audit::Discover;
 use CPAN::Audit::Filter;
 use CPAN::Audit::Version;
 use CPAN::Audit::Query;
-use CPAN::Audit::DB;
+use CPANSA::DB;
 
-our $VERSION = '20240718.001';
+our $VERSION = '20250109.001';
 
 sub new {
 	my( $class, %params ) = @_;
@@ -26,7 +26,7 @@ sub new {
 
 	$self->_handle_exclude_file if $self->{exclude_file};
 
-	$self->{db}     //= CPAN::Audit::DB->db;
+	$self->{db} //= $self->_get_db(%args);
 
 	$self->{filter}   = CPAN::Audit::Filter->new( exclude => $args{exclude} );
 	$self->{query}    = CPAN::Audit::Query->new( db => $self->{db} );
@@ -35,6 +35,36 @@ sub new {
 	return $self;
 }
 
+sub _get_db {
+	my( $self, %params ) = @_;
+
+	if ( $params{'json_db'} ) {
+		my $data = do {
+			local $/;
+			open my($fh), '<:raw', $params{'json_db'}
+				or die "could not read file <$params{json_db}>\n";
+			<$fh>;
+		};
+		state $rc = require JSON;
+
+		my $decoded = eval { JSON::decode_json($data) };
+		die "could not decode JSON from <$params{json_db}>: @_\n" unless defined $decoded;
+		return $decoded;
+	}
+
+	my $rc = eval { require CPANSA::DB };
+	if ( $rc ) {
+		return CPANSA::DB->db;
+	}
+
+	$rc = eval { require CPAN::Audit::DB };
+	if ( $rc ) {
+		return CPAN::Audit::DB->db;
+	}
+
+	die "could not find a CPANSA database in CPANSA::DB or CPAN::Audit::DB\n";
+}
+
 sub _handle_exclude_file {
 	my( $self ) = @_;
 
@@ -166,7 +196,7 @@ sub command_installed {
 		  || $self->{db}->{module2dist}->{ $dep->{module} };
 		next unless $dist;
 
-		$dists->{ $dep->{dist} } = $dep->{version};
+		$dists->{ $dep->{dist} } = '==' . $dep->{version};
 	}
 
 	return;

Kernel/cpan-lib/CPAN/Audit/DB.pm.gpg

@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmaZT00ACgkQ+D+NXoeL
-YEG72hAAi97FhNHZrCCVzogOdCFuUaO8jyENlsuZIR+OQzQuOvRrm1kBAwjpMxJf
-rA9yXqii16PNgPuZpidY6Bm+rLcqf9/CTqxZueyg4DBE+9FFDDCNRKeOFht0I1+b
-+dAIjW8p3fIWt5l+/AI0rupGfvrfxwT8tpneqRfTt2WxlmIuvK+5f15Zi3DTFOhP
-lJrebKBoKWRUOs77Ap0uv6KXdLMSdmTSB4FeHhcwYuARUXuAbaBYTOyZx9YtfNs8
-Llf4QlBBMc1vVb6W+8u+RNZ5tI8C1sLZmQPheHpFJduF/TGiL4l30cZhvHoqzIqe
-0spBqD5H3GtwOEut0pKsuQaLnid0F8zWsW29htsG33aBMAegsYZYLtls517F9pha
-L3rFBLI6ixwTt2JmvLL3R2ou0I/hkZR2Uw3oH0+XD+eSGG8cEVOzFZ7o5QJFAFLo
-VBD+YFwQaJ66rjvatFgkE0Wty89QUKu/8cm/1vrD3asy6J7W1IN4fdcrmGwd8Dbh
-vZeV73mhzK9gQBbuJLQ0BLajb9VscogzebEBXj2wKTnY6EEzlzpSmeuAhqUVeeng
-Qw57JDX4eNEw/FlY6u7rR7ZNuBtfqnCchQ0GbpPg9nNG7H0bZEDfQ8KXgyL+Yo9d
-3iFeml/G85nDR2Rf4sstdX8ezzXRSAWuM3g2PNMbBCxAp1kThmk=
-=c/og
+iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmeAoUkACgkQ+D+NXoeL
+YEGCTw//RBM0sF0kl21/OmSIf8/hp7Zi5w7shqCEJjPgjY6+jvCziHzySHrUHoPE
+YWl5vayFiaUMsVMOkCe7J/BfUmtJSPdaRIWxWza6RWAkxjd9ik5HmcURsOyRMPYo
+x9GzlaqvRY5kUy3Pb3idfEFddz/RwVcmsTamoALZkE9nLOBNxfPqxfVmxAvfs/ha
+JsLSHPqc04oxQh5hiQpZ4UN/GBGrTbJt6in/0agE/uYpKK9hPZydvexFVnPtRGLB
+jvr4iIe+/dmUxYYjlEzlX8wWw6BtK10zfcN1o6o8huk8/YybZe93pQcX3u84ujyg
+KK+YQX8lNyHBIqboeqhDliNSANlnN5nMniGF3F5gD51wxtedKH/8JymCf/vSY5Pt
++E7REiq/KWicSTLqK+yf9RMLWekcetxJHbiQi6DWT4w/NU7S/N9dIgdEcTP8n1Km
+VR8gceidfhFO1fKAlaOInf4fYVD3/8zXLEynBrvQurC7YIO34tBdl6/Zp1fzlm9H
+IqOS+Mm5Z09zQrvu+z36LfSieUFanwGOkUaRxeb6rJxA79QDh8LG+dAp6Pn+55a4
+kgqxrMitz+oAER7qPYQ0dIdCS+xqPAXmhFSWuPM9xkHy6507chRQSkP66VZoZ60a
+tP/OzllslQUbrucOFJOqZ+vQkkYdR9c6VtiDkciqsIL8kbdxBE0=
+=eu8Q
 -----END PGP SIGNATURE-----

Kernel/cpan-lib/CPAN/Audit/Query.pm

@@ -5,6 +5,33 @@ use CPAN::Audit::Version;
 
 our $VERSION = "1.001";
 
+=encoding utf8
+
+=head1 NAME
+
+CPAN::Audit::Query - filter the database for advisories that interest you
+
+=head1 SYNOPSIS
+
+	use CPAN::Audit::Query;
+
+	my $query = CPAN::Audit::Query->new( db => ... );
+	my @advisories = $query->advisories_for( $dist_name, $version_range );
+
+=head1 DESCRIPTION
+
+=head2 Class methods
+
+=over 4
+
+=item * new(HASH)
+
+The only parameter is the hash reference from L<CPAN::Audit::DB> or
+L<CPANSA::DB>. With no C<db> parameter, it uses the empty hash, which
+means that you'll find no advisories.
+
+=cut
+
 sub new {
 	my($class, %params) = @_;
 	$params{db} ||= {};
@@ -13,8 +40,21 @@ sub new {
 	return $self;
 	}
 
+=back
+
+=head2 Instance methods
+
+=over 4
+
 =item * advisories_for( DISTNAME, VERSION_RANGE )
 
+Returns a list of advisories for DISTNAME in VERSION_RANGE.
+
+	my @advisories = $query->advisories_for( 'Business::ISBN', '1.23' );
+
+	my @advisories = $query->advisories_for( 'Business::ISBN', '>1.23,<2.45' );
+
+	my @advisories = $query->advisories_for( 'Business::ISBN', '<1.23' );
 
 =cut
 
@@ -54,7 +94,28 @@ sub advisories_for {
 
 sub _includes {
 	my( $range, $version ) = @_;
-	my $rc = CPAN::Audit::Version->in_range( $version, $range );
-	}
+	$range = [$range] unless ref $range;
+	my $rc = 0;
+	foreach my $r ( @$range ) {
+		no warnings 'uninitialized';
+	    $rc += CPAN::Audit::Version->in_range( $version, $r );
+		}
+	return $rc;
+}
+
+=back
+
+=head1 LICENSE
+
+Copyright (C) Viacheslav Tykhanovskyi.
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself.
+
+=head1 AUTHOR
+
+Viacheslav Tykhanovskyi E<lt>viacheslav.t@gmail.comE<gt>
+
+=cut
 
 1;

Kernel/cpan-lib/CPAN/Audit/Version.pm

@@ -3,7 +3,33 @@ use strict;
 use warnings;
 use version;
 
-our $VERSION = "1.001";
+our $VERSION = "1.002";
+
+=encoding utf8
+
+=head1 NAME
+
+CPAN::Audit::Version - the infrastructure to compare versions and version ranges
+
+=head1 SYNOPSIS
+
+	use CPAN::Audit::Version;
+
+	my $cav = CPAN::Audit::Version->new;
+
+	$cav->in_range( $version, $range );
+
+=head1 DESCRIPTION
+
+=head2 Class methods
+
+=over 4
+
+=item * new
+
+Create a new object. This ignores all arguments.
+
+=cut
 
 sub new {
 	my $class = shift;
@@ -14,6 +40,22 @@ sub new {
 	return $self;
 }
 
+=back
+
+=head2 Instance methods
+
+=over 4
+
+=item * affected_versions( ARRAY_REF, RANGE )
+
+Given an array reference of versions, return a list of all of the
+versions in ARRAY_REF that are in RANGE. This is really a filter
+on ARRAY_REF using the values for which C<in_range> returns true.
+
+	my @matching = $cav->affected_versions( \@versions, $range );
+
+=cut
+
 BEGIN {
 use version;
 my $ops = {
@@ -25,14 +67,46 @@ my $ops = {
 	'!=' => sub { $_[0] != 0 },
 	};
 
+sub affected_versions {
+	my( $self, $available_versions, $range ) = @_;
+
+	my @affected_versions;
+	foreach my $version (@$available_versions) {
+		if ( $self->in_range( $version, $range ) ) {
+			push @affected_versions, $version;
+		}
+	}
+
+	return @affected_versions;
+}
+
+=item * in_range( VERSION, RANGE )
+
+Returns true if VERSION is contained in RANGE, and false otherwise.
+VERSION is any sort of Perl, such as C<1.23> or C<1.2.3>. The RANGE
+is a comma-separated list of range specifications using the comparators
+C<< < >>, C<< <= >>, C<< == >>, C<< > >>, C<< >= >>, or C<< != >>. For
+example, C<< >=1.23,<1.45 >>, C<< ==1.23 >>, or C<< >1.23 >>.
+
+	my $version = 5.67;
+	my $range = '>=5,<6'; # so, all the versions in 5.x
+
+	if( $cav->in_range( $version, $range ) ) {
+		say "$version is within $range";
+		}
+	else {
+		say "$version is not within $range";
+	}
+
+=cut
+
 sub in_range {
 	my( $self, $version, $range ) = @_;
 	my( @original ) = ($version, $range);
 	return unless defined $version && defined $range;
-	my @ands = split /\s*,\s*/, $range;
-
 	return unless defined( $version = eval { version->parse($version) } );
 
+	my @ands = split /\s*,\s*/, $range;
 	my $result = 1;
 
 	foreach my $and (@ands) {
@@ -53,17 +127,20 @@ sub in_range {
 	}
 }
 
-sub affected_versions {
-	my( $self, $available_versions, $range ) = @_;
+=back
 
-	my @affected_versions;
-	foreach my $version (@$available_versions) {
-		if ( $self->in_range( $version, $range ) ) {
-			push @affected_versions, $version;
-		}
-	}
+=head1 LICENSE
+
+Copyright (C) Viacheslav Tykhanovskyi.
+
+This library is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself.
+
+=head1 AUTHOR
+
+Viacheslav Tykhanovskyi E<lt>viacheslav.t@gmail.comE<gt>
+
+=cut
 
-	return @affected_versions;
-}
 
 1;