Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / rubysec/bundler-audit issues and pull requests

#397 - Remove Dir.chdir for thread-safety

Pull Request - State: open - Opened by lovro-bikic 20 days ago

#396 - Added gem metadata and corrected links in gemspec.yml

Pull Request - State: closed - Opened by kpumuk 2 months ago

#395 - Remove tests files and other config-related files from the gem packages

Pull Request - State: open - Opened by kpumuk 2 months ago - 2 comments

#394 - use the term `update` instead of `upgrade` to match bundle command

Issue - State: closed - Opened by olleicua 3 months ago - 1 comment
Labels: enhancement

#393 - bundler-audit open source License issue

Issue - State: closed - Opened by nareshcool97 3 months ago - 3 comments
Labels: chore

#391 - Fix licenses spec

Pull Request - State: closed - Opened by viktorianer 11 months ago

#390 - Add internal subnets configuration

Issue - State: closed - Opened by GolovkoStepan about 1 year ago - 3 comments
Labels: feature, needs-info

#389 - Filter on dependencies - exclude dev and test

Issue - State: open - Opened by so87 about 1 year ago - 3 comments
Labels: feature

#387 - git not installed

Issue - State: closed - Opened by chabgood over 1 year ago - 11 comments
Labels: bug

#386 - Run audit automatically on `bundle` or `bundle install` command

Issue - State: open - Opened by Urist-McUristurister over 1 year ago - 1 comment
Labels: feature

#385 - Bump nokogiri from 1.13.10 to 1.14.3 in /spec/bundle/insecure_sources

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#384 - Bump nokogiri from 1.13.10 to 1.14.3 in /spec/bundle/secure

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#383 - Bump rack from 2.2.6.3 to 2.2.6.4 in /spec/bundle/insecure_sources

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#382 - Bump rack from 2.2.6.3 to 2.2.6.4 in /spec/bundle/secure

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#381 - Make the `spec/fixtures/*/Gemfile.lock` files programmaticaly generated

Issue - State: open - Opened by postmodern over 1 year ago - 1 comment
Labels: specs, chore

#380 - Bump activerecord from 3.2.10 to 6.0.6.1 in /spec/bundle/unpatched_gems_with_dot_configuration

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies

#379 - Bump rack from 2.2.6.2 to 2.2.6.3 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#378 - Bump rack from 2.2.6.2 to 2.2.6.3 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 2 comments
Labels: dependencies

#377 - bundle-audit check --print-criticality=[level] AND --error-on-criticality=[level]

Issue - State: closed - Opened by Nowaker over 1 year ago - 6 comments
Labels: feature, discussion

#376 - Don't double build Dependabot PRs

Pull Request - State: open - Opened by nschonni almost 2 years ago

#375 - Bump rack from 2.2.4 to 2.2.6.2 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#374 - Bump globalid from 1.0.0 to 1.0.1 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#373 - Bump activerecord from 3.2.10 to 6.1.7.1 in /spec/bundle/unpatched_gems_with_dot_configuration

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago - 1 comment
Labels: dependencies

#372 - Bump rack from 2.2.3 to 2.2.6.2 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#371 - Bump activerecord from 3.2.10 to 6.1.7.1 in /spec/bundle/unpatched_gems

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago - 1 comment
Labels: dependencies

#370 - Add Ruby 3.2 to the test matrix

Pull Request - State: closed - Opened by misdoro almost 2 years ago

#369 - Bump rails-html-sanitizer from 1.3.0 to 1.4.4 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#368 - Bump loofah from 2.9.1 to 2.19.1 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#367 - Bump rails-html-sanitizer from 1.4.3 to 1.4.4 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#366 - Bump loofah from 2.18.0 to 2.19.1 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#364 - Bump nokogiri from 1.13.9 to 1.13.10 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#363 - Bump nokogiri from 1.13.9 to 1.13.10 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] almost 2 years ago
Labels: dependencies

#362 - This is not an issue with bundle-audit, but the Ruby enviroment itself:

Issue - State: closed - Opened by Cr1sPet about 2 years ago

#361 - No longer set `test_files` in the gemspec

Issue - State: open - Opened by postmodern about 2 years ago
Labels: chore

#360 - Bump tzinfo from 0.3.58 to 0.3.61 in /spec/bundle/unpatched_gems_with_dot_configuration

Pull Request - State: closed - Opened by dependabot[bot] about 2 years ago
Labels: dependencies

#359 - Bump activerecord from 3.2.10 to 5.2.8.1 in /spec/bundle/unpatched_gems_with_dot_configuration

Pull Request - State: closed - Opened by dependabot[bot] about 2 years ago - 1 comment
Labels: dependencies

#358 - Bump nokogiri from 1.13.6 to 1.13.9 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] about 2 years ago
Labels: dependencies

#357 - Bump nokogiri from 1.13.6 to 1.13.9 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] about 2 years ago
Labels: dependencies

#356 - Remove platform duplicates

Pull Request - State: open - Opened by ylecuyer about 2 years ago - 1 comment

#355 - Release 1.0

Issue - State: open - Opened by sandstrom about 2 years ago
Labels: feature

#354 - Bump tzinfo from 1.2.9 to 1.2.10 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#353 - Bump tzinfo from 0.3.58 to 0.3.61 in /spec/bundle/unpatched_gems

Pull Request - State: open - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#352 - Can no longer be called programatically

Issue - State: closed - Opened by nello over 2 years ago - 5 comments

#351 - Bump activerecord from 3.2.10 to 5.2.8.1 in /spec/bundle/unpatched_gems

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#350 - Bump rack from 2.2.3 to 2.2.4 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#349 - Bump rack from 2.2.3 to 2.2.4 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#348 - Bump rails-html-sanitizer from 1.3.0 to 1.4.3 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#347 - Bump rails-html-sanitizer from 1.0.4 to 1.4.3 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#346 - Bump actions/checkout from 2 to 3

Pull Request - State: open - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, github_actions

#345 - `Bundler::Audit::Task` does not fail when vulnerabilities are found

Issue - State: closed - Opened by postmodern over 2 years ago - 3 comments
Labels: bug

#344 - Bump nokogiri from 1.12.5 to 1.13.6 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#343 - Bump nokogiri from 1.13.3 to 1.13.6 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#342 - fix: don't include test files in gem pkg

Pull Request - State: closed - Opened by NickLaMuro over 2 years ago - 3 comments

#341 - Fixes --gemfile-lock example in readme.md

Pull Request - State: closed - Opened by kjeldahl over 2 years ago

#339 - Add option to fail if ignored identifiers weren't seen

Pull Request - State: open - Opened by bschmeck over 2 years ago

#338 - Add different exit codes for different errors

Issue - State: open - Opened by postmodern over 2 years ago
Labels: feature

#337 - Add an ISSUES template for new features

Issue - State: closed - Opened by postmodern over 2 years ago
Labels: chore

#336 - Bump nokogiri from 1.13.3 to 1.13.4 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#335 - Bump nokogiri from 1.12.5 to 1.13.4 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#334 - Bump nokogiri from 1.12.5 to 1.13.4 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 1 comment
Labels: dependencies

#333 - Can't update ruby-advisory-db

Issue - State: open - Opened by dssjoblom over 2 years ago - 8 comments
Labels: bug, needs-info

#332 - Status codes for different status messages

Issue - State: closed - Opened by udaykadaboina over 2 years ago - 10 comments

#331 - Wrap suggested patched versions in quotes

Pull Request - State: closed - Opened by andriusm over 2 years ago

#330 - Bump nokogiri from 1.12.5 to 1.13.3 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago - 2 comments
Labels: dependencies

#329 - Bump nokogiri from 1.12.5 to 1.13.3 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies

#328 - Incorrectly flagged vulnerabilities with 4-digit version numbers

Issue - State: open - Opened by tilo almost 3 years ago - 1 comment
Labels: bug, needs-info, cannot-repro

#327 - Use a less ambiguous separator for the version update suggestions

Pull Request - State: closed - Opened by andriusm almost 3 years ago - 2 comments

#326 - Add missing specs for `Scanner#initialize`

Issue - State: open - Opened by postmodern almost 3 years ago
Labels: specs, help-wanted

#325 - gems.rb and gems.locked

Issue - State: open - Opened by svoop almost 3 years ago - 7 comments
Labels: enhancement, feature

#324 - Bump activerecord from 3.2.10 to 3.2.22.1 in /spec/bundle/unpatched_gems_with_dot_configuration

Pull Request - State: closed - Opened by dependabot[bot] almost 3 years ago - 1 comment
Labels: dependencies

#323 - Add Ruby 3.1 to CI

Pull Request - State: closed - Opened by petergoldstein almost 3 years ago - 2 comments

#322 - Unknown format: json

Issue - State: closed - Opened by berney almost 3 years ago - 1 comment
Labels: bug

#321 - Bump nokogiri from 1.11.6 to 1.12.5 in /spec/bundle/insecure_sources

Pull Request - State: closed - Opened by dependabot[bot] about 3 years ago
Labels: dependencies

#320 - Bump nokogiri from 1.11.6 to 1.12.5 in /spec/bundle/secure

Pull Request - State: closed - Opened by dependabot[bot] about 3 years ago
Labels: dependencies

#319 - 0.9.0 fails on Ruby 2.5

Issue - State: closed - Opened by vassilevsky about 3 years ago - 6 comments
Labels: bug

#318 - Release 0.9.0

Issue - State: closed - Opened by postmodern about 3 years ago - 1 comment

#317 - Deprecation warning emitted from Thor

Issue - State: closed - Opened by lopopolo over 3 years ago - 1 comment
Labels: bug

#316 - Ignoring insecure dependecy without an Advisory

Issue - State: closed - Opened by gadimbaylisahil over 3 years ago - 2 comments

#315 - fix: require CGI lib explicitly

Pull Request - State: closed - Opened by paulRbr over 3 years ago

#314 - format: adding a Junit presenter format inspired by #206

Pull Request - State: closed - Opened by paulRbr over 3 years ago - 3 comments

#313 - Fix typo in readme

Pull Request - State: closed - Opened by BClark88 over 3 years ago

#312 - bundler audit confuse loofah gem version 2.10.0 with 2.1

Issue - State: closed - Opened by ksenia-sudarikova over 3 years ago - 5 comments
Labels: needs-info

#311 - Error when an ignored CVE is missing

Issue - State: open - Opened by G-Rath over 3 years ago - 2 comments

#310 - Add criticality level in JSON format

Pull Request - State: closed - Opened by rslhdyt over 3 years ago - 3 comments

#309 - Add a Security Policy

Issue - State: open - Opened by postmodern over 3 years ago - 1 comment
Labels: documentation

#308 - Criticality information on json output

Issue - State: closed - Opened by rslhdyt over 3 years ago - 2 comments
Labels: enhancement, json

#306 - Support config path

Pull Request - State: closed - Opened by G-Rath over 3 years ago

#303 - Support specifying path to config file

Issue - State: closed - Opened by G-Rath over 3 years ago - 4 comments
Labels: feature

#302 - Release of psych-4.0.0 breaks library with Date DisallowedClass

Issue - State: closed - Opened by poloka over 3 years ago - 8 comments
Labels: bug

#301 - Fix text format output

Pull Request - State: closed - Opened by gonzoyumo over 3 years ago - 4 comments

#299 - Proof of concept to check the Bundler version too

Pull Request - State: open - Opened by zofrex over 3 years ago - 8 comments

#290 - Error running bundler-audit

Issue - State: closed - Opened by natebird almost 4 years ago - 2 comments

#286 - No longer compatible with Ruby 2.0.0 after v0.6.1

Issue - State: closed - Opened by ericpetroelje almost 4 years ago - 3 comments

#273 - Update README.md

Pull Request - State: closed - Opened by kaskas about 4 years ago - 1 comment

#260 - Trying to register Bundler::GemfileError for status code 4 but Bundler::GemfileError is already registered (ArgumentError)

Issue - State: closed - Opened by HarlemSquirrel over 4 years ago - 5 comments
Labels: upstream, rubygems

#257 - Add criticality filtering to cli

Pull Request - State: open - Opened by joshmfrankel over 4 years ago - 9 comments
Labels: feature, discussion

#229 - Feature request: Audit ruby version, when specified

Issue - State: open - Opened by fatkodima about 5 years ago - 6 comments
Labels: feature

#200 - Ability to define the Gemfile via BUNDLE_GEMFILE

Pull Request - State: open - Opened by gurix about 6 years ago - 4 comments

#199 - Add --no-exit-on-warn flag that exits with 0 even when vulnerable

Pull Request - State: open - Opened by MC-Squared about 6 years ago - 3 comments

#198 - Exit with error code when Bundler::Audit::Database.update! returns nil

Pull Request - State: closed - Opened by RohanM about 6 years ago - 2 comments