Update brakeman requirement from ~> 3.3 to ~> 4.8

[dependabot-preview]

Updates the requirements on brakeman to permit the latest version.

Release notes

Sourced from brakeman's releases.

4.8.0

• Add JUnit XML report format (Naoki Kimurai)
• Sort ignore files by fingerprint and line (Ngan Pham)
• Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
• User-friendly message when ignore config file has invalid JSON (D. Hicks)
• Freeze call index results, fix thread-safety issue
• Properly render confidence in Markdown report (#1446)
• Report old warnings as fixed if zero warnings reported
• Initialize Rails version with nil (Carsten Wirth)
• Fix output test when using newer Minitest

Changelog

Sourced from brakeman's changelog.

4.8.0 - 2020-02-18

• Add JUnit-XML report format (Naoki Kimura)
• Sort ignore files by fingerprint and line (Ngan Pham)
• Freeze call index results
• Fix output test when using newer Minitest
• Properly render confidence in Markdown report
• Report old warnings as fixed if zero warnings reported
• Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
• Show user-friendly message when ignore config file has invalid JSON (D. Hicks)
• Initialize Rails version with nil (Carsten Wirth)

4.7.2 - 2019-11-25

• Remove version guard for named_scope vs. scope
• Find SQL injection in String#strip_heredoc target
• Handle more permit! cases
• Ensure file name is set when processing model
• Add request.params as query parameters

4.7.1 - 2019-10-29

• Check string length against limit before joining
• Fix errors from frozen Symbol#to_s in Ruby 2.7
• Fix flaky rails4 test (Adam Kiczula)
• Added release dates to each version in CHANGES (TheSpartan1980)
• Catch reverse tabnabbing with :_blank symbol (Jacob Evelyn)
• Convert s(:lambda) to s(:call) in Sexp#block_call
• Sort text report by file and line (Jacob Evelyn)

4.7.0 - 2019-10-16

• Refactor Brakeman::Differ#second_pass (Benoit Côté-Jodoin)
• Ignore interpolation in %W[]
• Fix version_between? (Andrey Glushkov)
• Add support for ruby_parser 3.14.0
• Ignore form_for for XSS check
• Update Haml support to Haml 5.x
• Catch shell injection from -c shell commands (Jacob Evelyn)
• Correctly handle non-symbols in CheckCookieSerialization (Phil Turnbull)

4.6.1 - 2019-07-24

• Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)

4.6.0 - 2019-07-23

• Skip calls to dup
• Add reverse tabnabbing check (Linos Giannopoulos)
• Better handling of gems with no version declared

... (truncated)

Commits

• aa0b511 Bump to 4.8.0
• 47d56d0 Update README
• a097acd Add JUnit-XML format report (#1453)
• 2b0a101 Merge pull request #1457 from ngan/fix-config-sorting
• ff853ad Sort by fingerprint and line number for ignorefile
• 17c526b Merge pull request #1452 from presidentbeef/stop_modifying_results
• f66ccda Merge pull request #1454 from pradyumna2905/patch-1
• e53cea1 Fix typo in COPYING.
• 86b923c Freeze call index results
• 91c4eef Merge pull request #1451 from presidentbeef/fix_test_with_newer_minitest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[coveralls]

Coverage remained the same at 100.0% when pulling bdf72d9 on dependabot/bundler/brakeman-tw-4.8 into 3bb3a21 on master.