Bump bundler-audit from 0.7.0.1 to 0.8.0

[dependabot-preview]

Bumps bundler-audit from 0.7.0.1 to 0.8.0.

Changelog

Sourced from bundler-audit's changelog.

0.8.0 / 2021-03-10

• No longer vendor [ruby-advisory-db].
• Added {Bundler::Audit::Configuration}.
  • Supports loading YAML configuration data from a .bundler-audit.yml file.
• Added {Bundler::Audit::Results}.
• Added {Bundler::Audit::Report}.
• Added {Bundler::Audit::CLI::Formats}.
• Added {Bundler::Audit::CLI::Formats::Text}.
• Added {Bundler::Audit::CLI::Formats::JSON}.
• Added {Bundler::Audit::Database::DEFAULT_PATH}.
• Added {Bundler::Audit::Database.exists?}.
• Added {Bundler::Audit::Database#git?}.
• Added {Bundler::Audit::Database#update!}.
  • Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed} exception, if the git pull command fails.
• Added {Bundler::Audit::Database#last_updated_at}.
• Added {Bundler::Audit::Scanner#report}.
• {Bundler::Audit::Database::USER_PATH} is now Gem.user_home aware.
  • Gem.user_home will try to infer HOME, even if it is not set.
• {Bundler::Audit::Database#download} will now raise a {Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the git clone command fails.
• {Bundler::Audit::Scanner#initialize}:
  • Now accepts an additional database and config_dot_file arguments.
  • Will now raise a Bundler::GemfileLockNotFound exception, if the given Gemfile.lock file cannot be found.
• {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a 127.0.0.0/8 or ::1/128 IP address.
• {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in {Bundler::Audit::Configuration#ignore}, which is loaded from the .bundler-audit.yml file.
• Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}.
• Removed Bundler::Audit::Database::VENDORED_PATH.
• Removed Bundler::Audit::Database::VENDORED_TIMESTAMP.

CLI

• Require [thor] ~> 1.0.
• Added bundler-audit stats.
• Added bundler-audit download.
• bundler-audit check:
  • Now accepts a optional DIR argument for the project directory.
    • bundler-audit check will now print an explicit error message and exit, if the given DIR does not exist.
  • Will now auto-download [ruby-advisory-db] to ensure the latest advisory information is used on first run.
  • Now supports a --database option for specifying a path to an alternative [ruby-advisory-db] copy.

... (truncated)

Commits

• 9def635 Bump the copyright year to 2021.
• 6c57938 Version bump to 0.8.0.
• 5a2915e Require ruby >= 2.0.0.
• aa69fc8 Remove my email from the README.
• c24eb67 Replace the Travis-CI badge with a GitHub Actions badge.
• 94fdb8a Bump the prospective 0.8.0 release date.
• 316205b Moved the Thor::Shell::Basic extension into bundler/audit/cli/.
• c360a9f Always refer to the bundler-audit command.
• c40252b Remove grosser per his request.
• 63f6a6b Enable the GitHub Sponsors button
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)