Run bundler-audit on PRs (#23514)

.bundler-audit.yml

@@ -0,0 +1,3 @@
+---
+ignore:
+  - CVE-2015-9284 # Mitigation following https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284#mitigating-in-rails-applications

.codeclimate.yml

@@ -24,7 +24,7 @@ plugins:
   brakeman:
     enabled: true
   bundler-audit:
-    enabled: true
+    enabled: false
   eslint:
     enabled: false
   rubocop:

.github/workflows/lint-ruby.yml

@@ -7,6 +7,7 @@ on:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '**/*.rb'
       - '**/*.rake'
       - '.github/workflows/lint-ruby.yml'
@@ -16,6 +17,7 @@ on:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '**/*.rb'
       - '**/*.rake'
       - '.github/workflows/lint-ruby.yml'
@@ -42,3 +44,6 @@ jobs:
 
       - name: Run rubocop
         run: bundle exec rubocop
+
+      - name: Run bundler-audit
+        run: bundle exec bundler-audit