Reply to post:

Your code is RUBBISH, says GitHub. Good thing we're here to save you

Chewi

It's worth pointing out that this probably applies more to private projects than open source ones on the Ruby side. It's considered bad practise to commit Gemfile.lock in open source projects and you're not supposed to lock down dependencies to exact versions in your gemspec either. The gemspec may have something like ~> 1.2 and the whole of 1.x may be vulnerable and unmaintained but it's not clear whether this checks for that. Such cases often involve more than a simple "bump" too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021