> Very cool (assuming the database of vulnerabilities is up to date). To turn this problem on its head, people who maintain gems: where would you submit the info that a gem has been updated with a security release? I think bundler-audit and gemnasium use https://github.com/rubysec/ruby-advisory-db as their data source.