Bump brakeman from 4.7.2 to 5.0.2
Bumps brakeman from 4.7.2 to 5.0.2.
Release notes
Sourced from brakeman's releases.
5.0.2
- Fix Loofah version check
5.0.1
- Support loading
slim/smart
(#1570)- Set more line numbers on Sexps (#1579)
- Detect
::Rails.application.configure
too (#1584)- Always ignore
slice
/only
calls for mass assignment- Don't fail if $HOME/$USER are not defined
- Convert splat array arguments to arguments
- Bundle unreleased RubyParser changes
5.0.0
- Scan (almost) all Ruby files in project
- Revamp CSV report to a CSV list of warnings
- Add Sonarqube report format (Adam England)
- Add check for (more) unsafe method reflection (#1488, #1507, and #1508)
- Add check for potential HTTP verb confusion (#1432)
- Add
--[no-]skip-vendor
option- Ignore
uuid
as a safe attribute- Ignore
Tempfile#path
in shell commands- Ignore development environment
- Collapse
__send__
calls- Set Rails configuration defaults based on
load_defaults
version- Update Ruby requirement to version 2.4.0
- Suggest using
--force
if no Rails application is detected5.0.0.pre1
- Add check for (more) unsafe method reflection
- Suggest using
--force
if no Rails application is detected- Add Sonarqube report format (Adam England)
- Add check for potential HTTP verb confusion
- Add
--[no-]skip-vendor
option- Scan (almost) all Ruby files in project
- Add support for Haml 5.2.0
4.10.1
- Declare REXML as a dependency (Ruby 3.0 compatibility)
- Use
Sexp#sexp_body
instead ofSexp#[..]
(Ruby 3.0 compatibility)- Prevent render loops when template names are absolute paths (#1536)
- Ensure RubyParser is passed file path as a String (#1534)
- Support new Haml 5.2.0 escaping method (#1517)
4.10.0
- Add SARIF report format (Steve Winton)
4.9.1
... (truncated)
- Use version from
active_record
for non-Rails apps (Ulysse Buonomo)- Check
chomp
ed strings for SQL injection (#1509)- Always set line number for joined arrays (#1499)
Changelog
Sourced from brakeman's changelog.
5.0.2 - 2021-06-07
- Fix Loofah version check
5.0.1 - 2021-04-27
- Detect
::Rails.application.configure
too- Set more line numbers on Sexps
- Support loading
slim/smart
- Don't fail if $HOME/$USER are not defined
- Always ignore slice/only calls for mass assignment
- Convert splat array arguments to arguments
5.0.0 - 2021-01-26
- Ignore
uuid
as a safe attribute- Collapse
__send__
calls- Ignore
Tempfile#path
in shell commands- Ignore development environment
- Revamp CSV report to a CSV list of warnings
- Set Rails configuration defaults based on
load_defaults
version- Add check for (more) unsafe method reflection
- Suggest using
--force
if no Rails application is detected- Add Sonarqube report format (Adam England)
- Add check for potential HTTP verb confusion
- Add
--[no-]skip-vendor
option- Scan (almost) all Ruby files in project
4.10.1 - 2020-12-24
- Declare REXML as a dependency (Ruby 3.0 compatibility)
- Use
Sexp#sexp_body
instead ofSexp#[..]
(Ruby 3.0 compatibility)- Prevent render loops when template names are absolute paths
- Ensure RubyParser is passed file path as a String
- Support new Haml 5.2.0 escaping method
5.0.0.pre1 - 2020-11-17
- Add check for (more) unsafe method reflection
- Suggest using
--force
if no Rails application is detected- Add Sonarqube report format (Adam England)
- Add check for potential HTTP verb confusion
- Add
--[no-]skip-vendor
option- Scan (almost) all Ruby files in project
- Add support for Haml 5.2.0
4.10.0 - 2020-09-28
... (truncated)
- Add SARIF report format (Steve Winton)
Commits
-
37f3d81
Bump to 5.0.2 -
24184fd
Fix Loofah version check -
eb2a8c5
Merge pull request #1600 from presidentbeef/array_push -
c5f3f9c
Merge pull request #1599 from presidentbeef/array_star -
92dccf0
Merge pull request #1598 from nebulab/main -
24ca235
Support Array#push like Array#<< -
36fec7c
Adjust the copy of the interactive menu -
993d203
Array#join with empty array -
f2d2fcb
Array#join for single element arrays -
2246020
Support Array#* as Array#join - Additional commits viewable in compare view