bundler-audit v0.9.1 Release Notes

Release Date: 2022-05-19 // about 2 years ago
    • ๐Ÿ’Ž Opt into rubygems.org MFA requirement.
    • ๐Ÿ‘Œ Improve the readability of the suggested gem versions to upgrade to (pull #331).
    Rake Task
    • ๐Ÿ›  Fixed a regression introduced in 0.9.0 where the bundler:audit rake task was not exiting with an error status code if vulnerabilities were found. Now when the bundler-audit command fails, the rake task will also exit with the bundler-audit command's error code.
    • If the bundler-audit command could not be found for some reason raise the {Bundler::Audit::Task::CommandNotFound} exception.

Previous changes from v0.9.0

    • ๐Ÿ“‡ Load advisory metadata using YAML.safe_load. (issue #302)
      • Explicitly permit the Date class for Psych >= 4.0.0 and Ruby >= 3.1.0.
    • โž• Added {Bundler::Audit::Advisory#to_h}. (pull #310)
    • โž• Added {Bundler::Audit::Database#commit_id}.
    • โž• Added the --config option. (pull #306)
    • โž• Added the junit output format (ex: --format junit). (pull #314)
    • โž• Add missing output for CVSSv3 criticality information. (pull #302)
      • Include criticality information in the JSON output as well. (pull #310)
    • ๐Ÿ–จ bundle-audit stats now prints the commit ID of the ruby-advisory-db.
    • ๐Ÿ›  Fixed a deprecation warning from Thor. (issue #317)
    Rake Task
    • โž• Add the bundle:audit:update task for updating the [ruby-advisory-db]. (pull #296)
    • Aliased bundle:audit to bundle:audit:check.
    • Aliased bundler:audit:* to bundle:audit:*.
    • Rake tasks now execute bundle-audit command as a subprocess to ensure isolation.