Created by: dependabot[bot]
Bumps bundler-audit from 0.8.0 to 0.9.0.1.
Changelog
Sourced from bundler-audit's changelog.
0.9.0.1 / 2021-08-31
- Add a workaround for Psych < 3.1.0 to support running on Ruby < 2.6. (issue #319)
0.9.0 / 2021-08-31
- Load advisory metadata using
YAML.safe_load
. (issue #302)
- Explicitly permit the
Date
class for Psych >= 4.0.0 and Ruby >= 3.1.0.- Added {Bundler::Audit::Advisory#to_h}. (pull #310)
- Added {Bundler::Audit::Database#commit_id}.
CLI
- Added the
--config
option. (pull #306)- Added the
junit
output format (ex:--format junit
). (pull #314)- Add missing output for CVSSv3 criticality information. (pull #302)
- Include criticality information in the JSON output as well. (pull #310)
bundle-audit stats
now prints the commit ID of the ruby-advisory-db.- Fixed a deprecation warning from Thor. (issue #317)
Rake Task
- Add the
bundle:audit:update
task for updating the [ruby-advisory-db]. (pull #296)- Aliased
bundle:audit
tobundle:audit:check
.- Aliased
bundler:audit:*
tobundle:audit:*
.- Rake tasks now execute
bundle-audit
command as a subprocess to ensure isolation.
Commits
-
4ca9346
Updated the ChangeLog for 0.9.0.1. -
675a8e4
Version bump to 0.9.0.1. -
9d3bd12
Re-enable Ruby 2.5 in the CI matrix to test against psych < 3.1.0. -
8a3a197
Support psych < 3.1.0 YAML.safe_load calling conventions for ruby < 2.6 (issu... -
18da030
Added a Gem Version badge (badge.fury.io). -
28f9495
Mention that issue #302 will also affect ruby >= 3.1.0, if not fixed. -
e6c2d09
Updated the ChangeLog for 0.9.0. -
05d7c49
Missed a spot. -
f72df0a
Do not require yard-spellcheck by default, as it's a CLI tool. -
8f2a294
Use https:// URLs in license text. - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)