Issue #15942 has been updated by duerst (Martin D=FCrst).

Status changed from Open to Third Party's Issue

What @shevegen says: raise it at https://github.com/rubygems/rubygems, plea=
se.

----------------------------------------
Feature #15942: gem: Warn on known vulnerable packages
https://bugs.ruby-lang.org/issues/15942#change-78726

* Author: mcandre (Andrew Pennebaker)
* Status: Third Party's Issue
* Priority: Normal
* Assignee: =

* Target version: =

----------------------------------------
In comparison to RubyGems, NPM offers builtin warnings when users attempt t=
o install packages with known vulnerabilities. This helps developers to mor=
e quickly react to security concerns, updating or replacing their dependenc=
ies.

CI automation systems such as in GitHub, now implement alerts for vulnerabi=
lities in Ruby projects. Now that we know this is technically possible, let=
's move the warnings directly into gem, so that regardless of where code is=
 pushed, and before code is pushed, devs get a clear warning when they refe=
rence vulnerable RubyGems packages.



-- =

https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=3Dunsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>