Bump brakeman from 4.5.1 to 4.6.0 (!919) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/brakeman-4.6.0 into master Jul 24, 2019

Bumps brakeman from 4.5.1 to 4.6.0.

Changelog

4.6.0

Skip calls to dup

Add reverse tabnabbing check (Linos Giannopoulos)

Better handling of gems with no version declared

Warn people that Haml 5 is not fully supported (Jared Beck)

Avoid warning about file access with ActiveStorage::Filename#sanitized (Tejas Bubane)

Update loofah version for fixing CVE-2018-8048 (Markus Nölle)

Restore Warning#relative_path

Add check for cookie serialization with Marshal

Index calls in initializers

Improve template output handling in conditional branches

Avoid assigning nil line numbers to Sexps

Add special warning code for custom checks

Add call matching by regular expression

Commits

See full diff in compare view

Bump brakeman from 4.5.1 to 4.6.0

4.6.0

Merge request reports