Use frozen setting to disallow changes to Gemfile.lock (!183) · Merge requests · GitLab.org / Quality Department / pipeline-common

As per the Rubygems.org advisory, we should use either the frozen or deployment options as defense-in-depth to mitigate supply chain attacks - https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79

Please note that --frozen flag is deprecated so we should use bundle config set --local frozen 'true' instead.

Edited May 16, 2022 by Anastasia McDonald

Use frozen setting to disallow changes to Gemfile.lock