Skip to content

[VEG-1298] Add bundler-audit and bundler-audit-fix #389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
token-cjg wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[VEG-1298] Add bundler-audit and bundler-audit-fix #389

token-cjg wants to merge 1 commit into from

Conversation

@token-cjg
Copy link

@token-cjg token-cjg commented May 18, 2022
edited
Loading

Description

Adds tools for auditing vulnerabilities for ZAT. This is important in
order to make sure that we ship secure code.

As part of this change I needed to bump the major version of Thor, which
is a gem used to handle the command line functionality for ZAT.

When running bundler-audit-fix one can run

bundle exec bundler-audit-fix update . [1]

This should address vulnerabilities identified by bundler-audit.

[1]: https://github.com/nobuyo/bundler-audit-fix

✌️

/cc @zendesk/vegemite

Tasks

  • Include comments/inline docs where appropriate
  • Write tests
  • Update changelog here

References

Risks

Medium. Might break the command line functionality of ZAT as Thor, the library which powers the CLI, has been bumped by a major version. This should be easy to check though -- if one builds the gem manually and run ./bin/zat version, then things should still work.

Add bundler-audit and bundler-audit-fix
5c1bd6d 
Adds tools for auditing vulnerabilities for ZAT. This is important in
order to make sure that we ship secure code.

As part of this change I needed to bump the major version of Thor, which
is a gem used to handle the command line functionality for ZAT.

When running bundler-audit-fix one can run

`bundle exec bundler-audit-fix update .` [1]

This should address vulnerabilities identified by `bundler-audit`.

[1]: https://github.com/nobuyo/bundler-audit-fix
cl8au
cl8au reviewed May 18, 2022
View reviewed changes
zendesk_apps_tools.gemspec
s.required_rubygems_version = '>= 1.3.6'

s.add_runtime_dependency 'thor', '~> 0.19.4'
s.add_runtime_dependency 'thor', '~> 1.2.1'
Copy link

@cl8au cl8au May 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a major version change which I guess require us to test it before release it out :)

@token-cjg token-cjg changed the title Add bundler-audit and bundler-audit-fix [VEG-1298] Add bundler-audit and bundler-audit-fix May 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cl8au cl8au cl8au approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@token-cjg @cl8au