'component-description' rule fails securitySchemas component although description is provided

[yashwason]

Issue description and how to reproduce

Note: This issue occurs only when a $ref is used.

Provided the below local OpenAPI spec

openapi: 3.1.0
info:
    title: DemoService
    version: 0.0.1
    description: Dummy description

servers:
    - url: http://example.com
      description: Demo server

security: 
  - Bearer: []

components:
    securitySchemes:
        Bearer:
            description: Bearer authentication using JWT
            $ref: https://remote-oas.com/auth.yaml#/components/securitySchemes/Bearer

And referencing a remote spec (via the $ref above) as follows:

openapi: 3.1.0
info:
    title: Authentication-related Snippets
    version: 0.0.1
    description: OpenAPI snippets related to API authentication

components:
    securitySchemes:
        Bearer:
            description: Bearer authentication using JWT
            type: http
            scheme: bearer
            bearerFormat: JWT

The issue arises during linting with Vacuum, resulting in the following error:

Component `Bearer` of type `securitySchemes` is missing a description

It's important to note that the linting process passes when the $ref is replaced with a complete schema.

Expected behavior

Vacuum should correctly interpret and validate the provided description when a $ref is used, ensuring successful linting without errors.

[LasneF]

according to https://spec.openapis.org/oas/latest.html#oauth-flow-object the $ref is not supposed to work here ,

usually if $ref is supported it is mentionned in the spec like this

https://spec.openapis.org/oas/latest.html#callback-object

so from my point of view the syntax you are using is not 100 % correct , even if we understand it

[yashwason]

I totally missed that; not mentioned in the Bearer authentication section. Thanks for pointing me in the right direction.