Merge pull request 'audit' (#31) from audit into master

Reviewed-on: #31

closes bucky/url-shortener#30

Gemfile

@@ -2,6 +2,10 @@
 
 source 'https://rubygems.org'
 
+gem 'puma', '~> 6.4'
+
+gem 'rackup', '~> 2.1'
+
 gem 'roda', '~> 3.72'
 
 gem 'sequel', '~> 5.72'
@@ -24,8 +28,8 @@ group :test do
   gem 'simplecov'
 
   gem 'rubocop', require: false
+
+  gem 'ruby_audit', '~> 2.2'
 end
 
-gem 'puma', '~> 6.4'
+gem 'bundle-audit', '~> 0.1.0'
-
-gem 'rackup', '~> 2.1'

Gemfile.lock

@@ -7,6 +7,11 @@ GEM
     base64 (0.1.1)
     bigdecimal (3.1.4)
     builder (3.2.4)
+    bundle-audit (0.1.0)
+      bundler-audit
+    bundler-audit (0.9.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     capybara (3.39.2)
       addressable
       matrix
@@ -101,6 +106,8 @@ GEM
     rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
     ruby-progressbar (1.13.0)
+    ruby_audit (2.2.0)
+      bundler-audit (~> 0.9.0)
     rubyzip (2.3.2)
     selenium-webdriver (4.13.1)
       rexml (~> 3.2, >= 3.2.5)
@@ -118,6 +125,7 @@ GEM
       mini_portile2 (~> 2.8.0)
     sys-uname (1.2.3)
       ffi (~> 1.1)
+    thor (1.3.0)
     tilt (2.3.0)
     unicode-display_width (2.5.0)
     webrick (1.8.1)
@@ -129,6 +137,7 @@ PLATFORMS
   x86_64-freebsd-13
 
 DEPENDENCIES
+  bundle-audit (~> 0.1.0)
   capybara (~> 3.39)
   cucumber (~> 9.0)
   erubi (~> 1.12)
@@ -137,6 +146,7 @@ DEPENDENCIES
   roda (~> 3.72)
   rspec (~> 3.12)
   rubocop
+  ruby_audit (~> 2.2)
   selenium-webdriver (~> 4.13)
   sequel (~> 5.72)
   simplecov

Jenkinsfile

@@ -23,6 +23,14 @@ pipeline {
         sh 'sequel -m db/migrations sqlite://db/${DB_NAME}'
       }
     }
+    stage('Audit Dependencies') {
+      steps {
+        catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
+          sh 'bundle exec ruby-audit check'
+          sh 'bundle exec bundle-audit check'
+        }
+      }
+    }
     stage('Code Linting') {
       steps {
         catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {