From: duerst@... Date: 2019-06-20T04:32:16+00:00 Subject: [ruby-core:93268] [Ruby trunk Feature#15942] gem: Warn on known vulnerable packages Issue #15942 has been updated by duerst (Martin D�rst). Status changed from Open to Third Party's Issue What @shevegen says: raise it at https://github.com/rubygems/rubygems, please. ---------------------------------------- Feature #15942: gem: Warn on known vulnerable packages https://bugs.ruby-lang.org/issues/15942#change-78726 * Author: mcandre (Andrew Pennebaker) * Status: Third Party's Issue * Priority: Normal * Assignee: * Target version: ---------------------------------------- In comparison to RubyGems, NPM offers builtin warnings when users attempt to install packages with known vulnerabilities. This helps developers to more quickly react to security concerns, updating or replacing their dependencies. CI automation systems such as in GitHub, now implement alerts for vulnerabilities in Ruby projects. Now that we know this is technically possible, let's move the warnings directly into gem, so that regardless of where code is pushed, and before code is pushed, devs get a clear warning when they reference vulnerable RubyGems packages. -- https://bugs.ruby-lang.org/ Unsubscribe: