Commit `d1c0b3c`

mo <mo.khan@gmail.com>

2018-08-26 23:08:22

ignore rubyzip CVE until patch is available.

rubyzip is used by selenium web driver which is only used in the test suite.

main

1 parent f98f88f

Changed files (1)

lib

tasks

lint.rake

@@ -1,12 +1,24 @@
 # frozen_string_literal: true
 
+# This is a temporary workaround until there is a patch for CVE-2018-1000544
+# https://github.com/rubyzip/rubyzip/issues/369
+namespace :bundle do
+  desc 'Updates the ruby-advisory-db then runs bundle-audit'
+  task :audit do
+    require 'bundler/audit/cli'
+
+    Bundler::Audit::CLI.start ['update']
+    Bundler::Audit::CLI.start ['check', '--ignore', 'CVE-2018-1000544']
+  end
+end
+
 namespace :lint do
   begin
     require 'rubocop/rake_task'
     require 'bundler/audit/task'
 
     RuboCop::RakeTask.new
-    Bundler::Audit::Task.new
+    # Bundler::Audit::Task.new
   rescue LoadError => error
     puts error.message
   end

Commit d1c0b3c

Commit `d1c0b3c`