Bump brakeman from 4.7.2 to 4.8.2
Bumps brakeman from 4.7.2 to 4.8.2.
Release notes
Sourced from brakeman's releases.
4.8.2
- Add
--text-fields
option- Add check for CVE-2020-8159
- Add check for escaping HTML entities in JSON configuration option
- Fix
authenticate_or_request_with_http_basic
check for passed blocks (Hugo Corbucci)4.8.1
- Warn about global(!) mass assignment
- Check SQL query strings using
String#strip
orString.squish
(#1459)- Handle non-symbol keys in
locals
hash forrender
(#1465)- Index calls in render arguments (#1459)
4.8.0
- Add JUnit XML report format (Naoki Kimurai)
- Sort ignore files by fingerprint and line (Ngan Pham)
- Catch dangerous concatenation in
CheckExecute
(Jacob Evelyn)- User-friendly message when ignore config file has invalid JSON (D. Hicks)
- Freeze call index results, fix thread-safety issue
- Properly render confidence in Markdown report (#1446)
- Report old warnings as fixed if zero warnings reported
- Initialize Rails version with
nil
(Carsten Wirth)- Fix output test when using newer Minitest
Changelog
Sourced from brakeman's changelog.
4.8.2 - 2020-05-12
- Add check for CVE-2020-8159
- Fix
authenticate_or_request_with_http_basic
check for passed blocks (Hugo Corbucci)- Add
--text-fields
option- Add check for escaping HTML entities in JSON configuration
4.8.1 - 2020-04-06
- Check SQL query strings using
String#strip
orString.squish
- Handle non-symbol keys in locals hash for render()
- Warn about global(!) mass assignment
- Index calls in render arguments
4.8.0 - 2020-02-18
- Add JUnit-XML report format (Naoki Kimura)
- Sort ignore files by fingerprint and line (Ngan Pham)
- Freeze call index results
- Fix output test when using newer Minitest
- Properly render confidence in Markdown report
- Report old warnings as fixed if zero warnings reported
- Catch dangerous concatenation in
CheckExecute
(Jacob Evelyn)- Show user-friendly message when ignore config file has invalid JSON (D. Hicks)
- Initialize Rails version with
nil
(Carsten Wirth)
Commits
-
2c955a9
Bump to 4.8.2 -
fdd166c
Update CHANGES -
565e6cf
Merge pull request #1477 from presidentbeef/CVE-2020-8159 -
9f6376d
Add check for CVE-2020-8159 -
12fadf1
Merge pull request #1478 from hugocorbucci/fix/basic_auth_error_for_reference... -
db4bb50
Fix authenticate_or_request_with_http_basic check for passed blocks -
aba95b6
Always convert gem names to symbols -
d2b1b95
Merge pull request #1473 from presidentbeef/add_text_format_option -
064070d
Merge pull request #1474 from evrone-opensource/patch-1 -
595172a
make ruby look great again - Additional commits viewable in compare view