From ef0348d97c122d33a787b90abc01558c4e7350a3 Mon Sep 17 00:00:00 2001
From: Brian Kelly <polymonic@gmail.com>
Date: Mon, 5 Aug 2024 09:43:53 -0500
Subject: [PATCH] Switch to bundler-audit configuration file (#350)

---
 .bundler-audit.yml       | 4 ++++
 .github/workflows/ci.yml | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 .bundler-audit.yml

diff --git a/.bundler-audit.yml b/.bundler-audit.yml
new file mode 100644
index 00000000..2014fde0
--- /dev/null
+++ b/.bundler-audit.yml
@@ -0,0 +1,4 @@
+---
+ignore:
+  - CVE-2015-9284 # Temporarily ignore Omniauth vulnerability
+  - CVE-2024-6531 # No fix for this yet
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ab2eca17..0860019b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,4 +29,4 @@ jobs:
         bundle exec rake db:schema:load
         bundle exec rake ci
     - name: Audit gems
-      run: bundle exec bundle-audit check --ignore CVE-2015-9284 # tempoarily ignore omniauth vulnerability
+      run: bundle exec bundle-audit check