1.4.0

• Add check for user input in link_to href parameter
• Match ERB processing to rails_xss plugin when plugin used
• Add Brakeman::Report#to_json, Brakeman::Warning#to_json
• Warnings below minimum confidence are dropped completely
• Brakeman.run always returns a Tracker