search

rubysec / bundler-audit

Patch-level verification for Bundler
GNU General Public License v3.0
2.68k stars 229 forks source link

`Bundler::Audit::Task` does not fail when vulnerabilities are found #345

Closed postmodern closed 2 years ago

postmodern commented 2 years ago

Description

The Bundler::Audit::Task does not fail if vulnerabilities are found. Add exit $?.exitstatus || 1 to mimic how the rspec rake task works.

Steps To Reproduce

Steps to reproduce the bug:

  1. bundle exec rake bundler:audit
  2. echo $?

Expected Behavior

Exits with 1 when vulnerabilities are found.

Actual Behavior

Always exits with 0.

postmodern commented 2 years ago

Fixed build in 0b2a28cca36ca8e02a31d9d007f7df02cc380189.

postmodern commented 2 years ago

Also tested locally with a known vulnerable bundle. Now exits with status code 1.

postmodern commented 2 years ago

bundler-audit 0.9.1 has been released. See the ChangeLog for a short summary of the bug.