Also check out this gem to automate the process of updating gems. It will check your gems for known vulnerabilities and also recommend some improvements regarding the update process in general. It uses the gem ruby-advisory-db, which is a community effort to collect vulnerabilities of the most popular gems. So before you run “bundle-audit”, update the list of vulnerabilities with “bundle-audit update”. It will then check your Gemfile.lock and tell you the criticality of any vulnerability found. So make bundler-audit a dependency in your project and run it regularly.
