Use bundler-audit (closes #12)

Gemfile

@@ -109,6 +109,9 @@ group :development, :test do
 
   # rspec-rails is a testing framework for Rails 3+
   gem 'rspec-rails', '~> 3.8'
+
+  # bundler-audit provides patch-level verification for Bundled apps.
+  gem 'bundler-audit', '~> 0.6'
 end
 
 group :development do

Gemfile.lock

@@ -60,6 +60,9 @@ GEM
       popper_js (>= 1.12.9, < 2)
       sass (>= 3.5.2)
     builder (3.2.3)
+    bundler-audit (0.6.0)
+      bundler (~> 1.2)
+      thor (~> 0.18)
     byebug (10.0.2)
     capistrano (3.11.0)
       airbrussh (>= 1.0.0)
@@ -393,6 +396,7 @@ DEPENDENCIES
   bcrypt (~> 3.1)
   bootsnap (>= 1.1.0)
   bootstrap (~> 4.1.3)
+  bundler-audit (~> 0.6)
   byebug
   capistrano (~> 3.11)
   capistrano-npm (~> 1.0)

Rakefile

@@ -5,7 +5,7 @@ require_relative 'config/application'
 Rails.application.load_tasks
 
 desc 'Run all checks (test, lint...)'
-task default: :lint
+task default: %i[lint bundler:audit]
 
 desc 'Run all code analysis tools (RuboCop...)'
 task lint: :rubocop
@@ -26,3 +26,25 @@ begin
 rescue LoadError
   nil
 end
+
+namespace :bundler do
+  require 'bundler/audit/cli'
+
+  desc 'Updates the ruby-advisory-db and ' \
+       'checks the Gemfile.lock for insecure dependencies'
+  task audit: %i[audit:update audit:check]
+
+  namespace :audit do
+    desc 'Updates the ruby-advisory-db'
+    task :update do
+      Bundler::Audit::CLI.start ['update']
+    end
+
+    desc 'Checks the Gemfile.lock for insecure dependencies'
+    task :check do
+      Bundler::Audit::CLI.start ['check']
+    end
+  end
+rescue LoadError
+  nil
+end