Bump brakeman from 4.6.0 to 4.7.0 (!1049) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/brakeman-4.7.0 into master Oct 17, 2019

Bumps brakeman from 4.6.0 to 4.7.0.

Release notes

4.6.1

Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)

Changelog

4.7.0

Refactor Brakeman::Differ#second_pass (Benoit Côté-Jodoin)

Ignore interpolation in %W[]

Fix version_between? (Andrey Glushkov)

Add support for ruby_parser 3.14.0

Ignore form_for for XSS check

Update Haml support to Haml 5.x

Catch shell injection from -c shell commands (Jacob Evelyn)

Correctly handle non-symbols in CheckCookieSerialization (Phil Turnbull)

4.6.1

Fix Reverse Tabnabbing warning message (Steffen Schildknecht / Jörg Schiller)

Commits

See full diff in compare view

Bump brakeman from 4.6.0 to 4.7.0

4.6.1

4.7.0

4.6.1

Merge request reports