Skip to content

Handle empty array of ignores in yaml file #417

Open
Open
Handle empty array of ignores in yaml file#417
Labels
feature
@jasonkarns

Description

@jasonkarns
jasonkarns
opened on Mar 18, 2026

Description

I'm attempting to validate that the current ignore patterns in .bundler-audit.yml are still valid.

I began with a yaml file that looked like this:

---
ignore:
  - CVE-...
  - CVE-...

And then commented out the ignores:

---
ignore:
  # - CVE-...
  # - CVE-...

But then bundler-audit failed to load the file entirely:

$ rake bundler:audit
/opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/configuration.rb:72:in 'block in Bundler::Audit::Configuration.load': 'ignore' key found in config file, but is not an Array (Bundler::Audit::Configuration::InvalidConfigurationError)
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/configuration.rb:68:in 'Array#each'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/configuration.rb:68:in 'Enumerable#each_slice'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/configuration.rb:68:in 'Bundler::Audit::Configuration.load'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/scanner.rb:92:in 'Bundler::Audit::Scanner#initialize'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/cli.rb:70:in 'Class#new'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/cli.rb:70:in 'Bundler::Audit::CLI#check'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/command.rb:28:in 'Thor::Command#run'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/invocation.rb:127:in 'Thor::Invocation#invoke_command'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor.rb:538:in 'Thor.dispatch'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/base.rb:585:in 'Thor::Base::ClassMethods#start'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundle-audit:10:in '<top (required)>'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundler-audit:3:in 'Kernel#load'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundler-audit:3:in '<top (required)>'
	from /opt/rbenv/versions/3.4.8/lib/ruby/site_ruby/3.4.0/rubygems.rb:304:in 'Kernel#load'
	from /opt/rbenv/versions/3.4.8/lib/ruby/site_ruby/3.4.0/rubygems.rb:304:in 'Gem.activate_and_load_bin_path'
	from /opt/rbenv/versions/3.4.8/bin/bundler-audit:25:in '<main>'

Proceeding to comment out the entire ignore stanza also failed:

$ rake bundler:audit
/opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/configuration.rb:59:in 'Bundler::Audit::Configuration.load': Configuration found in '/Users/jasonkarns/Projects/sundaysfordogs/sundays/.bundler-audit.yml' is not YAML (Bundler::Audit::Configuration::InvalidConfigurationError)
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/scanner.rb:92:in 'Bundler::Audit::Scanner#initialize'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/cli.rb:70:in 'Class#new'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/lib/bundler/audit/cli.rb:70:in 'Bundler::Audit::CLI#check'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/command.rb:28:in 'Thor::Command#run'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/invocation.rb:127:in 'Thor::Invocation#invoke_command'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor.rb:538:in 'Thor.dispatch'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/thor-1.5.0/lib/thor/base.rb:585:in 'Thor::Base::ClassMethods#start'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundle-audit:10:in '<top (required)>'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundler-audit:3:in 'Kernel#load'
	from /opt/rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/bundler-audit-0.9.3/bin/bundler-audit:3:in '<top (required)>'
	from /opt/rbenv/versions/3.4.8/lib/ruby/site_ruby/3.4.0/rubygems.rb:304:in 'Kernel#load'
	from /opt/rbenv/versions/3.4.8/lib/ruby/site_ruby/3.4.0/rubygems.rb:304:in 'Gem.activate_and_load_bin_path'
	from /opt/rbenv/versions/3.4.8/bin/bundler-audit:25:in '<main>'

It would be nice if the yaml parsing was able to recognize "empty" as a valid input to allow simple and temporary commenting-out of ignore patterns.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions