No option to use `-v` AND a list

[chrismo]

which was the intent of the flag - but currently am wanting to feed it -v AND rails since none of the security vulns show up with rails, but always with dependent gems, but dependent gems (in Rails apps) are usually NOT in the Gemfile.

Only workaround is to add a custom vuln .yml for rails itself in a custom advisory dir