Skip to content
This repository has been archived by the owner on Dec 22, 2022. It is now read-only.

Bump brakeman from 5.1.1 to 5.2.0 #547

Merged
merged 3 commits into from Jan 4, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 16, 2021

Bumps brakeman from 5.1.1 to 5.2.0.

Release notes

Sourced from brakeman's releases.

5.2.0

  • Initial Rails 7 support (#1653)
  • Require Ruby 2.5.0+ (#1649)
  • Fix issue with calls to foo.root in routes (#1640)
  • Ignore I18n.locale in SQL queries (#1597)
  • Do not treat sanitize_sql_like as safe
  • Add new checks for unsupported Ruby and Rails version
  • Bundled version of ruby_parser updated to 3.18.1

5.1.2

  • Updated ruby_parser (Ryan Davis)
  • Fix issue where the previous output is still visible (Jason Frey)
  • Handle cases where enums are not symbols (#1627)
  • Support newer Haml with ::Haml::AttributeBuilder.build
  • Fix sorting with nil line numbers
Changelog

Sourced from brakeman's changelog.

5.2.0 - 2021-12-15

  • Initial Rails 7 support
  • Require Ruby 2.5.0+
  • Fix issue with calls to foo.root in routes
  • Ignore I18n.locale in SQL queries
  • Do not treat sanitize_sql_like as safe
  • Add new checks for unsupported Ruby and Rails versions

5.1.2 - 2021-10-28

  • Handle cases where enums are not symbols
  • Support newer Haml with ::Haml::AttributeBuilder.build
  • Fix issue where the previous output is still visible (Jason Frey)
  • Fix warning sorting with nil line numbers
  • Update for latest RubyParser (Ryan Davis)
Commits
  • 8ccf86b Bump to 5.2.0
  • 264a744 Fix up tests from merges
  • 616a648 Add check for unsupported Rails/Ruby (#1660)
  • 413fd4b Merge pull request #1657 from presidentbeef/unignore_sanitize_sql_like
  • ae2c2b9 Merge pull request #1659 from presidentbeef/bump_ruby_version
  • 440ff75 Merge pull request #1658 from presidentbeef/ignore_locale_in_sql
  • c2abcbc Do not treat sanitize_sql_like as safe
  • e3981c1 Ignore I18N.locale in SQL
  • e05a6e8 Merge pull request #1655 from presidentbeef/root_in_routes
  • 743eebd Calls to root in routes might not be root to:...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 5.1.1 to 5.2.0.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v5.1.1...v5.2.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 16, 2021
The application does force use of HTTPS: config.force_ssl is enabled
When opening a link in a new tab without setting rel: "noopener noreferrer", the new tab can control the parent tab's location. For example, an attacker could redirect to a phishing page.
@pgwillia pgwillia merged commit 0d5b455 into master Jan 4, 2022
@dependabot dependabot bot deleted the dependabot/bundler/brakeman-5.2.0 branch January 4, 2022 21:59
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant