Issue #15942 has been reported by mcandre (Andrew Pennebaker).

----------------------------------------
Feature #15942: gem: Warn on known vulnerable packages
https://bugs.ruby-lang.org/issues/15942

* Author: mcandre (Andrew Pennebaker)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
In comparison to RubyGems, NPM offers builtin warnings when users attempt to install packages with known vulnerabilities. This helps developers to more quickly react to security concerns, updating or replacing their dependencies.

CI automation systems such as in GitHub, now implement alerts for vulnerabilities in Ruby projects. Now that we know this is technically possible, let's move the warnings directly into gem, so that regardless of where code is pushed, and before code is pushed, devs get a clear warning when they reference vulnerable RubyGems packages.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>