-
Why is bundler_audit rake task at the root of the project????
-
split from https://github.com/coala/coala-bears/issues/1410
-
-
Looking at `#initialize` now, it seems that it should accept the scanner options (`:ignore`) and store those as instance variables. The `#scan` method would then accept the path to the `Gemfile.lock`.…
-
Running [bundler-audit](https://github.com/rubysec/bundler-audit) on a Gemfile having
```
source 'http://eu.yarp.io'
```
results in:
```
Vulnerabilities found:
> [#] Insecure source URI found: http…
-
Because of the Dir.chdir in lib/bundler/audit/database.rb, the gem itself is not threadsafe
I believe that this should do the trick:
``` ruby
module Bundler
module Audit
# Represents the direc…
-
### The problem
Sometimes we are aware that a transitive dependency has a CVE. A `bundle update somegem` will update that gem in the lockfile temporarily, but it may slip back down later. We want t…
-
Using https://github.com/rubysec/bundler-audit following the generation of a `Gemfile.lock` within the CircleCI build process would provide a more verbose process for undertaking security audits for c…
-
Hello
Is there a fix available (or planned) for [CVE-2024-7106](https://github.com/advisories/GHSA-wqw3-p83g-r24v)?
> A vulnerability classified as problematic was found in Spina CMS 2.18.0. Aff…
-
While I was trying to install `audited` in my project, I came up with this error:
```
$ rails generate audited:install
Could not find generator 'audited:install'
```
Already tried `spring stop` b…