Bundler audit is not thread safe #156
Description
Because of the Dir.chdir in lib/bundler/audit/database.rb, the gem itself is not threadsafe
I believe that this should do the trick:
module Bundler
module Audit
# Represents the directory of advisories, grouped by gem name
# and CVE number.
class Database
def path
return VENDORED_PATH unless File.directory?(USER_PATH)
t1 = Time.parse(`git -C #{USER_PATH} log --date=iso8601 --pretty="%cd" -1`)
t2 = VENDORED_TIMESTAMP
t1 >= t2 ? USER_PATH : VENDORED_PATH
end
# Updates the ruby-advisory-db.
# @return [Boolean, nil]
# Specifies whether the update was successful.
# A `nil` indicates no update was performed.
def update!
if File.directory?(USER_PATH)
cmd = "git -C #{USER_PATH} pull origin master"
else
cmd = "git clone #{URL} #{USER_PATH}"
end
system cmd
end
end
end
end