Skip to content

Dedup the scanner report for unpatched gems with more than one platform#440

Open
jrodriigues wants to merge 2 commits into
rubysec:masterfrom
jrodriigues:issue-438
Open

Dedup the scanner report for unpatched gems with more than one platform#440
jrodriigues wants to merge 2 commits into
rubysec:masterfrom
jrodriigues:issue-438

Conversation

@jrodriigues

Copy link
Copy Markdown

Fixes #438.

The scanner now deduplicates the unpatched gems on [gem.name, gem.version, advisory.id].

Notice that the spec can considered flaky. Without adding the Gemfile.lock change, it will pass as well.
Let me know if you are happy with this approach or if you prefer something more robust.

@jasnow

jasnow commented Jul 3, 2026

Copy link
Copy Markdown
Member

I was waiting until another team member returns from vacation, but my thought is to
keep the old behavior if the user uses "--verbose" or "-v" so both groups are happy.

@jrodriigues

Copy link
Copy Markdown
Author

That makes sense, I will push something to cover that scenario.

@jasnow jasnow requested a review from flavorjones July 3, 2026 16:31
Comment thread spec/bundle/unpatched_gems/Gemfile.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Duplicate vulnerabilities reported for gems that have multiple arch specs on the lockfile

3 participants