Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update bundle-audit prior to run #2

Merged
merged 3 commits into from
Jul 12, 2020
Merged

Update bundle-audit prior to run #2

merged 3 commits into from
Jul 12, 2020

Conversation

jfi
Copy link
Contributor

@jfi jfi commented May 19, 2020

Bug Fix

Description

There are two fixes here:

  1. Explicitly call bundle audit update, defined in the documentation (as opposed to bundle audit check --update, previously used)
  2. Install git, so that bundle audit update can run

Further information:

Hidden in https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/database.rb#L101-L119 bundler-audit is shelling out to use git binary. If it doesn't exist then we get the error message "Skipping update" logged from bundle-audit update.
Install git inside the docker image so bundler audit can grab the latest advisory database for us.
Fixes # (issue)

Why should this be added

I couldn't make this action run as it always failed on an outdated rails-html-sanitizer vulnerability, that was removed when I ran bundle audit update.

Checklist

  • My code follows the style guidelines of this project
  • Actions are passing

jfi and others added 3 commits May 19, 2020 22:38
@jfi
Fix bundle audit update
f28c421 
`--update` isn't a valid option to pass, run `update` and then `check` separately
@caius
Add git so bundle audit clones the advisory repo
eb71f43 
Hidden in https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/database.rb#L101-L119 bundler-audit is shelling out to use `git` binary. If it doesn't exist then we get the error message "Skipping update" logged from `bundle-audit update`.

Install git inside the docker image so bundler audit can grab the latest advisory database for us.
@jfi
Merge pull request #1 from caius/install_git
6f5d609 
Add git so bundle audit clones the advisory repo
@jfi jfi requested a review from andrewmcodes as a code owner May 19, 2020 22:16
@jfi jfi mentioned this pull request May 19, 2020
Closed
@bbugh
Copy link

bbugh commented Jun 25, 2020

@andrewmcodes is there anything we can do to help you get this merged? Updating the database is obviously very important to auditing. 😄

Thanks for fixing this @jfi.

@andrewmcodes
Copy link
Owner

@bbugh My apologies - this project totally fell off my radar! Feel free to ping me elsewhere on the web bc my GitHub notifications are a bit of a dumpster fire. I will get this rolled out for y'all.

andrewmcodes
andrewmcodes approved these changes Jul 12, 2020
View reviewed changes
Copy link
Owner

@andrewmcodes andrewmcodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jfi - sorry for not seeing this until now!

@andrewmcodes andrewmcodes merged commit 1917ba2 into andrewmcodes:master Jul 12, 2020
@andrewmcodes
Copy link
Owner

@jfi just to let you know, this was released as v0.1.0, thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewmcodes andrewmcodes andrewmcodes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jfi @bbugh @andrewmcodes @caius