Update bundler-audit to 0.9.0.1
Problem to solve
bundler-audit 0.9.0.1
is available, we should consider upgrading our analyzer.
Proposal
Please carefully check the how to update the upstream Scanner.
Or follow the default workflow:
-
review the changelog -
update the pinned version (in the Dockerfile or script or template, the mileage may vary) -
make sure all test passes
Testing
-
Check relevant test projects leveraging bundler-audit and make sure QA pipelines are passing with this new version: QA projects for Dependency Scanning
https://gitlab-org.gitlab.io/quality/ci/secure-test-project-orchestrator/ - Sort by bundler-audit
, bundler-audit-dependency_scanning
shows Custom CA
and ruby-bundler
What does success look like, and how can we measure that?
Our feature is leveraging the latest version (0.9.0.1
) of bundler-audit.
What is the type of buyer?
Links / references
Related to #325324 (closed).