Two issues from the post-merge review of #1860:
1. **`brakeman --no-pager` is not a real flag.** Brakeman has no
`--no-pager` option (that's `git` / `gh` style). It appeared in
three locations:
- `rules/ruby/hooks.md` L18 (bullet recommendation)
- `rules/ruby/hooks.md` L32 (CI gate snippet)
- `rules/ruby/security.md` L38 (dependency check snippet)
Replaced with `--no-progress`, which is the closest valid option
(suppresses the progress bar while keeping warning output —
what hook contexts usually want). `-q` / `--no-color` would also
be valid alternatives but `--no-progress` matches the original
intent best.
2. **`bundle-audit` invocation was inconsistent across the two
files.** `rules/ruby/security.md` L37 used the
`bundle audit check --update` Bundler plugin subcommand form,
while `rules/ruby/hooks.md` L20 used the direct
`bundle exec bundle-audit check --update` binary form.
Both invoke the same `bundler-audit` gem but look different
enough to confuse readers. Standardized on the
`bundle exec bundle-audit` form (the portable invocation that
works across bundler-audit gem versions without depending on the
plugin registering a `bundle audit` subcommand).
Both issues were also flagged in PR #1860 review comments (#1, #2 of
my comprehensive review; the bundle-audit one was independently
caught by greptile-apps and coderabbitai bots).
Full test suite (`node tests/run-all.js`): 2382 passed, 0 failed.
`markdownlint-cli` clean on both files.
