Provides patch-level published-vulnerability verification for Bundler.
- Checks for vulnerable versions of gems in
- Checks for insecure gem sources (
- Allows ignoring certain advisories that have been manually worked around.
- Prints advisory information.
- Does not require a network connection.
Changes Accepted Upstream
- Add coverage analysis.
- Be clear in the README about allowed RubyGems versions.
- Broaden test suite a bit.
- Make tests more resilient to changes in details of the output from
- Add tests for Database class.
- Clean up some lingering issues around the switch to requiring RubyGems 1.8.
- Reduce git noise for contributors.
- Add Ruby 2.0 to Travis test list.
- Whitespace cleanup.