From 717a478b5b789208eb7b84904f923d2eb2654e1a Mon Sep 17 00:00:00 2001
From: James 'zofrex' Sanderson <zofrex@gmail.com>
Date: Fri, 30 Apr 2021 21:56:04 +0100
Subject: [PATCH] Proof of concept to check the Bundler version too

---
 lib/bundler/audit/scanner.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/bundler/audit/scanner.rb b/lib/bundler/audit/scanner.rb
index d0431df6..90656629 100644
--- a/lib/bundler/audit/scanner.rb
+++ b/lib/bundler/audit/scanner.rb
@@ -215,7 +215,18 @@ def scan_specs(options={})
                  else                     config.ignore
                  end
 
-        @lockfile.specs.each do |gem|
+        specs = @lockfile.specs
+
+        # Bundler itself doesn't appear in the list of specs in the lockfile,
+        # but the lockfile does provide a version for it
+        if @lockfile.bundler_version
+          specs << Gem::Specification.new do |s|
+            s.name = 'bundler'
+            s.version = @lockfile.bundler_version
+          end
+        end
+
+        specs.each do |gem|
           @database.check_gem(gem) do |advisory|
             is_ignored = ignore.intersect?(advisory.identifiers.to_set)
             next if is_ignored