Skip to content

Bump brakeman from 4.7.2 to 4.8.2

NipaNipa requested to merge dependabot/bundler/brakeman-4.8.2 into master

Bumps brakeman from 4.7.2 to 4.8.2.

Release notes

Sourced from brakeman's releases.

4.8.2

  • Add --text-fields option
  • Add check for CVE-2020-8159
  • Add check for escaping HTML entities in JSON configuration option
  • Fix authenticate_or_request_with_http_basic check for passed blocks (Hugo Corbucci)

4.8.1

  • Warn about global(!) mass assignment
  • Check SQL query strings using String#strip or String.squish (#1459)
  • Handle non-symbol keys in locals hash for render (#1465)
  • Index calls in render arguments (#1459)

4.8.0

  • Add JUnit XML report format (Naoki Kimurai)
  • Sort ignore files by fingerprint and line (Ngan Pham)
  • Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
  • User-friendly message when ignore config file has invalid JSON (D. Hicks)
  • Freeze call index results, fix thread-safety issue
  • Properly render confidence in Markdown report (#1446)
  • Report old warnings as fixed if zero warnings reported
  • Initialize Rails version with nil (Carsten Wirth)
  • Fix output test when using newer Minitest
Changelog

Sourced from brakeman's changelog.

4.8.2 - 2020-05-12

  • Add check for CVE-2020-8159
  • Fix authenticate_or_request_with_http_basic check for passed blocks (Hugo Corbucci)
  • Add --text-fields option
  • Add check for escaping HTML entities in JSON configuration

4.8.1 - 2020-04-06

  • Check SQL query strings using String#strip or String.squish
  • Handle non-symbol keys in locals hash for render()
  • Warn about global(!) mass assignment
  • Index calls in render arguments

4.8.0 - 2020-02-18

  • Add JUnit-XML report format (Naoki Kimura)
  • Sort ignore files by fingerprint and line (Ngan Pham)
  • Freeze call index results
  • Fix output test when using newer Minitest
  • Properly render confidence in Markdown report
  • Report old warnings as fixed if zero warnings reported
  • Catch dangerous concatenation in CheckExecute (Jacob Evelyn)
  • Show user-friendly message when ignore config file has invalid JSON (D. Hicks)
  • Initialize Rails version with nil (Carsten Wirth)
Commits
  • 2c955a9 Bump to 4.8.2
  • fdd166c Update CHANGES
  • 565e6cf Merge pull request #1477 from presidentbeef/CVE-2020-8159
  • 9f6376d Add check for CVE-2020-8159
  • 12fadf1 Merge pull request #1478 from hugocorbucci/fix/basic_auth_error_for_reference...
  • db4bb50 Fix authenticate_or_request_with_http_basic check for passed blocks
  • aba95b6 Always convert gem names to symbols
  • d2b1b95 Merge pull request #1473 from presidentbeef/add_text_format_option
  • 064070d Merge pull request #1474 from evrone-opensource/patch-1
  • 595172a make ruby look great again
  • Additional commits viewable in compare view

Merge request reports