bundler-audit doesn't track if it actually ignored an unpatched gem due to an ignore - it would be good if it did, and so errored if it was asked to ignore a CVE that doesn't affect any of the scanned gems.
This is useful because it makes it more visible when a previously-ignored vulnerability is patched, and reduced the risks of a vulnerability being reintroduced unknowingly due to outdated ignore lists.
IMO this should be the default, but if you don't want to be breaking you could put it behind a flag:
--continue-on-missing-ignore if erroring is made the default behaviour--error-on-missing-ignore if not erroring is kept as the default behaviour
I'm happy to help implement this :)
bundler-auditdoesn't track if it actually ignored an unpatched gem due to an ignore - it would be good if it did, and so errored if it was asked to ignore a CVE that doesn't affect any of the scanned gems.This is useful because it makes it more visible when a previously-ignored vulnerability is patched, and reduced the risks of a vulnerability being reintroduced unknowingly due to outdated ignore lists.
IMO this should be the default, but if you don't want to be breaking you could put it behind a flag:
--continue-on-missing-ignoreif erroring is made the default behaviour--error-on-missing-ignoreif not erroring is kept as the default behaviourI'm happy to help implement this :)