Created by: dependabot[bot]
Bumps bundler-audit from 0.9.0.1 to 0.9.1.
Changelog
Sourced from bundler-audit's changelog.
0.9.1 / 2022-05-19
- Opt into rubygems.org MFA requirement.
CLI
- Improve the readability of the suggested gem versions to upgrade to (pull #331).
Rake Task
- Fixed a regression introduced in 0.9.0 where the
bundler:audit
rake task was not exiting with an error status code if vulnerabilities were found. Now when thebundler-audit
command fails, the rake task will also exit with thebundler-audit
command's error code.- If the
bundler-audit
command could not be found for some reason raise the {Bundler::Audit::Task::CommandNotFound} exception.
Commits
-
0b44c75
Removed dependabot configuration since dependabot still scansspec/bundle/
. -
b558d61
Correct dependabot'spackage-ecosystem:
. -
b30645b
Attempt to configure dependabot to ignorespec/bundle/
. -
4e24903
Updated the secure bundle. -
c4d42f2
Opt into rubygems.org MFA requirement. -
80fdc15
Use more GitHub Flavored Markdown. -
da1f1c8
Use redcarpet on CRuby so YARD can parse GFM syntax highlighting in the README. -
48ae487
Update the copyright years. -
b483232
Only support populatinggemspec.test_files
fromspec/
. -
8c25ff8
Mention the Pull Request number. - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)