Upgrade bundler-audit to the latest version (!132470) · Merge requests · GitLab.org / GitLab

Helio Cola requested to merge gitlab-community/gitlab:upgrade/bundler-audit into master Sep 23, 2023

What does this MR do and why?

Upgrade bundler-audit to the latest version

Upgrading from version 0.7.0.1 to 0.9.1 Version 0.7.0.1 throw Psych::DisallowedClass when running bundle-audit check Version 0.9.1 now list the gems with CVEs that needed to be updated

Screenshots or screen recordings

Not applicable

How to set up and validate locally

Run bundle install
Run bundler-audit update
Run bundler-audit check

With the new version, the list of Gems with CVEs are displayed With version 0.7.0.1, it throws an exception and prints out Tried to load unspecified class: Date (Psych::DisallowedClass)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Upgrade bundler-audit to the latest version

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports