Merge pull request #4119 from zendesk/grosser/ignre

document bundler audit ignores
zendesk · Oct 14, 2024 · 21df496 · 21df496
2 parents 982fdc1 + 41e8274
commit 21df496
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/.bundler-audit.yml b/.bundler-audit.yml
@@ -1,2 +1,6 @@
+# ignores for `rake bundle_audit`
+# - 1 ignore per line
+# - leave a comment why we can safely ignore it and where to find more details
+# - leave file with `ignore: []` if ignore list is empty
 ignore:
   - CVE-2024-6484 # ignore until a patch is available https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
diff --git a/Rakefile b/Rakefile
@@ -60,7 +60,7 @@ end
 
 desc 'Scan for gem vulnerabilities'
 task :bundle_audit do
-  sh "bundle-audit check --update --ignore=CVE-2024-6484"
+  sh "bundle-audit check --update" # manage ignores in .bundler-audit.yml
 end
 
 desc "Run rubocop"