Bump brakeman from 4.7.1 to 4.8.2

[dependabot-preview]

Bumps brakeman from 4.7.1 to 4.8.2.

Release notes

Sourced from brakeman's releases.

4.8.2

• Add --text-fields option
• Add check for CVE-2020-8159
• Add check for escaping HTML entities in JSON configuration option
• Fix authenticate_or_request_with_http_basic check for passed blocks (Hugo Corbucci)

4.8.1

• Warn about global(!) mass assignment
• Check SQL query strings using String#strip or String.squish (#1459)
• Handle non-symbol keys in locals hash for render (#1465)
• Index calls in render arguments (#1459)

4.8.0

• Add JUnit XML report format (Naoki Kimurai)
• Sort ignore files by fingerprint and line (Ngan Pham)
• Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
• User-friendly message when ignore config file has invalid JSON (D. Hicks)
• Freeze call index results, fix thread-safety issue
• Properly render confidence in Markdown report (#1446)
• Report old warnings as fixed if zero warnings reported
• Initialize Rails version with nil (Carsten Wirth)
• Fix output test when using newer Minitest

4.7.2

• Add request.params as query parameters (#1398)
• Handle more permit! cases (#1426)
• Remove version guard for named_scope vs. scope
• Find SQL injection in String#strip_heredoc target (#1433)
• Ensure file name is set when processing models
• Bundle ruby_parser version 3.14.1 (#1429)

Changelog

Sourced from brakeman's changelog.

4.8.2 - 2020-05-12

• Add check for CVE-2020-8159
• Fix authenticate_or_request_with_http_basic check for passed blocks (Hugo Corbucci)
• Add --text-fields option
• Add check for escaping HTML entities in JSON configuration

4.8.1 - 2020-04-06

• Check SQL query strings using String#strip or String.squish
• Handle non-symbol keys in locals hash for render()
• Warn about global(!) mass assignment
• Index calls in render arguments

4.8.0 - 2020-02-18

• Add JUnit-XML report format (Naoki Kimura)
• Sort ignore files by fingerprint and line (Ngan Pham)
• Freeze call index results
• Fix output test when using newer Minitest
• Properly render confidence in Markdown report
• Report old warnings as fixed if zero warnings reported
• Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
• Show user-friendly message when ignore config file has invalid JSON (D. Hicks)
• Initialize Rails version with nil (Carsten Wirth)

4.7.2 - 2019-11-25

• Remove version guard for named_scope vs. scope
• Find SQL injection in String#strip_heredoc target
• Handle more permit! cases
• Ensure file name is set when processing model
• Add request.params as query parameters

Commits

• 2c955a9 Bump to 4.8.2
• fdd166c Update CHANGES
• 565e6cf Merge pull request #1477 from presidentbeef/CVE-2020-8159
• 9f6376d Add check for CVE-2020-8159
• 12fadf1 Merge pull request #1478 from hugocorbucci/fix/basic_auth_error_for_reference...
• db4bb50 Fix authenticate_or_request_with_http_basic check for passed blocks
• aba95b6 Always convert gem names to symbols
• d2b1b95 Merge pull request #1473 from presidentbeef/add_text_format_option
• 064070d Merge pull request #1474 from evrone-opensource/patch-1
• 595172a make ruby look great again
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[coveralls]

Coverage remained the same at 96.998% when pulling be316d3 on dependabot/bundler/brakeman-4.8.2 into 7b6c3be on develop.

[dependabot-preview]

Superseded by #284.