The merge request upgrades the bundler-audit gem from version 0.7.0.1 to 0.9.1, which is the latest version. Bundler-audit is a tool that helps identify vulnerabilities in a project's dependencies. Upgrading to the latest version ensures that the project is protected against the latest security threats.
Upgrade bundler-audit to the latest version
Upgrading from version 0.7.0.1 to 0.9.1 Version 0.7.0.1 throw Psych::DisallowedClass when running bundle-audit check Version 0.9.1 now list the gems with CVEs that needed to be updated
With the new version, the list of Gems with CVEs are displayed
With version 0.7.0.1, it throws an exception and prints out
Tried to load unspecified class: Date (Psych::DisallowedClass)
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.