Merge branch 'remove-gemfile-lock'

When I run automated security checks on a gem I want the alerts to be mostly relevant So that no-one gets confused by unnecessary false positives And I don't get used to ignore warnings The Gemfile.loclk in a gem is only used during development (it is not used when the gem is installed in a project), it is arguably not essential to lock dependencies in development, and having the file causes automatic security scanners to trigger most often that not alerts that are not relevant.
gonzalo-bulnes · Dec 21, 2017 · 6ce6f5b · 6ce6f5b
2 parents 05815bf + ff35d21
commit 6ce6f5b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 75 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [Unreleased] - 2017-12-21
+
+### Fixed
+
+- Remove `Gemfile.lock` - mostly to acknowledge that it is only used in development and is not really necessary.
+
 ## [0.11.0] - 2016-12-29
 
 ### Added

diff --git a/Gemfile.lock b/Gemfile.lock