I noticed that GitHub's Dependabot checks .gemspec files, as well as Gemfile.lock. We should do the same, as it would let bundler-audit monitor gems directly.
They also check other files as well, so may also want to add that.
See https://github.com/dependabot/dependabot-core/tree/main/bundler/lib/dependabot/bundler for how they do it.
I noticed that GitHub's Dependabot checks .gemspec files, as well as Gemfile.lock. We should do the same, as it would let bundler-audit monitor gems directly.
They also check other files as well, so may also want to add that.
See https://github.com/dependabot/dependabot-core/tree/main/bundler/lib/dependabot/bundler for how they do it.