bundler-audit
bundler-audit copied to clipboard
rubysec
Patch-level verification for Bundler
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.9 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 0.3.58 to 0.3.61. Release notes Sourced from tzinfo's releases. v0.3.61 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require from...
Bumps [activerecord](https://github.com/rails/rails) from 3.2.10 to 5.2.8.1. Release notes Sourced from activerecord's releases. 5.2.8 Active Support Fix tag helper regression. Eileen Uchitelle Active Model No changes. Active Record No changes. Action...
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.4. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.3.0 to 1.4.3. Release notes Sourced from rails-html-sanitizer's releases. 1.4.3 / 2022-06-09 Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. Prevent the combination of select...
# Why? When utilizing bundler-audit on CI, it can be helpful to filter criticality to find higher criticality gems. # What? * Adds filter (--filter or -f) command line argument...
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. Release notes Sourced from actions/checkout's releases. v3.0.0 Updated to the node16 runtime by default This requires a minimum Actions Runner version of v2.285.0 to...
I frequently use `bundler-audit` as a step in my CI/CD pipeline and will add an identifier to the `ignore` list to acknowledge that I know about the vulnerability but aren't...
Different errors should exit with different error codes besides `1` or `-1`.
## Description There seems to be a problem with updating ruby-advisory-db. ## Steps To Reproduce Run `bundle exec bundle-audit check --update` ## Expected Behavior It should do what it normally...
