bundler-audit v0.9.0 Release Notes

Release Date: 2021-08-31 // over 1 year ago
    • ๐Ÿ“‡ Load advisory metadata using YAML.safe_load. (issue #302)
      • Explicitly permit the Date class for Psych >= 4.0.0 and Ruby >= 3.1.0.
    • โž• Added {Bundler::Audit::Advisory#to_h}. (pull #310)
    • โž• Added {Bundler::Audit::Database#commit_id}.


    • โž• Added the --config option. (pull #306)
    • โž• Added the junit output format (ex: --format junit). (pull #314)
    • โž• Add missing output for CVSSv3 criticality information. (pull #302)
      • Include criticality information in the JSON output as well. (pull #310)
    • ๐Ÿ–จ bundle-audit stats now prints the commit ID of the ruby-advisory-db.
    • ๐Ÿ›  Fixed a deprecation warning from Thor. (issue #317)

    Rake Task

    • โž• Add the bundle:audit:update task for updating the [ruby-advisory-db]. (pull #296)
    • Aliased bundle:audit to bundle:audit:check.
    • Aliased bundler:audit:* to bundle:audit:*.
    • Rake tasks now execute bundle-audit command as a subprocess to ensure isolation.