From de4b8224c09a5d868c02a550022485e14245cb0a Mon Sep 17 00:00:00 2001
From: Nick Schonning <nschonni@gmail.com>
Date: Sat, 18 Feb 2023 06:49:09 -0500
Subject: [PATCH] Run bundler-audit on PRs (#23514)

---
 .bundler-audit.yml              | 3 +++
 .codeclimate.yml                | 2 +-
 .github/workflows/lint-ruby.yml | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 .bundler-audit.yml

diff --git a/.bundler-audit.yml b/.bundler-audit.yml
new file mode 100644
index 0000000000..f84ec80872
--- /dev/null
+++ b/.bundler-audit.yml
@@ -0,0 +1,3 @@
+---
+ignore:
+  - CVE-2015-9284 # Mitigation following https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284#mitigating-in-rails-applications
diff --git a/.codeclimate.yml b/.codeclimate.yml
index 59051aae7a..00469df005 100644
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -24,7 +24,7 @@ plugins:
   brakeman:
     enabled: true
   bundler-audit:
-    enabled: true
+    enabled: false
   eslint:
     enabled: false
   rubocop:
diff --git a/.github/workflows/lint-ruby.yml b/.github/workflows/lint-ruby.yml
index 54f45796c1..de54fe9ae5 100644
--- a/.github/workflows/lint-ruby.yml
+++ b/.github/workflows/lint-ruby.yml
@@ -7,6 +7,7 @@ on:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '**/*.rb'
       - '**/*.rake'
       - '.github/workflows/lint-ruby.yml'
@@ -16,6 +17,7 @@ on:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '**/*.rb'
       - '**/*.rake'
       - '.github/workflows/lint-ruby.yml'
@@ -42,3 +44,6 @@ jobs:
 
       - name: Run rubocop
         run: bundle exec rubocop
+
+      - name: Run bundler-audit
+        run: bundle exec bundler-audit