bundler-audit v0.9.1 Release Notes
Release Date: 2022-05-19 // almost 2 years ago-
- ๐ Opt into rubygems.org MFA requirement.
CLI
- ๐ Improve the readability of the suggested gem versions to upgrade to (pull #331).
Rake Task
- ๐ Fixed a regression introduced in 0.9.0 where the
bundler:audit
rake task was not exiting with an error status code if vulnerabilities were found. Now when thebundler-audit
command fails, the rake task will also exit with thebundler-audit
command's error code. - If the
bundler-audit
command could not be found for some reason raise the {Bundler::Audit::Task::CommandNotFound} exception.
Previous changes from v0.9.0
-
- ๐ Load advisory metadata using
YAML.safe_load
. (issue #302)- Explicitly permit the
Date
class for Psych >= 4.0.0 and Ruby >= 3.1.0.
- Explicitly permit the
- โ Added {Bundler::Audit::Advisory#to_h}. (pull #310)
- โ Added {Bundler::Audit::Database#commit_id}.
CLI
- โ Added the
--config
option. (pull #306) - โ Added the
junit
output format (ex:--format junit
). (pull #314) - โ Add missing output for CVSSv3 criticality information. (pull #302)
- Include criticality information in the JSON output as well. (pull #310)
- ๐จ
bundle-audit stats
now prints the commit ID of the ruby-advisory-db. - ๐ Fixed a deprecation warning from Thor. (issue #317)
Rake Task
- โ Add the
bundle:audit:update
task for updating the [ruby-advisory-db]. (pull #296) - Aliased
bundle:audit
tobundle:audit:check
. - Aliased
bundler:audit:*
tobundle:audit:*
. - Rake tasks now execute
bundle-audit
command as a subprocess to ensure isolation.
- ๐ Load advisory metadata using