Skip low-confidence Brakeman warnings in CI (#765)

* Update Ruby to 2.7.7 * Update Brakeman to latest. * Skip low-confidence Brakeman warnings for now.
doubleunion · Feb 2, 2023 · f2965bb · f2965bb
1 parent 66f50ce
commit f2965bb
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 5 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -30,4 +30,5 @@ jobs:
           bundler-cache: true
 
       - name: brakeman
-        run: bundle exec brakeman
+        # Skip "low confidence" warnings with -w2
+        run: bundle exec brakeman -w2
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.7.6
+2.7.7
diff --git a/Gemfile b/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-ruby "2.7.6"
+ruby File.read(".ruby-version").strip
 
 gem "rails", "~>6.0"
 gem "jquery-rails", ">= 4.3.5"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -104,7 +104,7 @@ GEM
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
-    brakeman (5.3.1)
+    brakeman (5.4.0)
     bugsnag (6.24.2)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
@@ -489,7 +489,7 @@ DEPENDENCIES
   webdrivers
 
 RUBY VERSION
-   ruby 2.7.6p219
+   ruby 2.7.7p221
 
 BUNDLED WITH
    2.1.4