Bump brakeman from 4.5.1 to 4.6.0
Bumps brakeman from 4.5.1 to 4.6.0.
Changelog
Sourced from brakeman's changelog.
4.6.0
- Skip calls to
dup
- Add reverse tabnabbing check (Linos Giannopoulos)
- Better handling of gems with no version declared
- Warn people that Haml 5 is not fully supported (Jared Beck)
- Avoid warning about file access with
ActiveStorage::Filename#sanitized
(Tejas Bubane)- Update loofah version for fixing CVE-2018-8048 (Markus Nölle)
- Restore
Warning#relative_path
- Add check for cookie serialization with Marshal
- Index calls in initializers
- Improve template output handling in conditional branches
- Avoid assigning
nil
line numbers toSexp
s- Add special warning code for custom checks
- Add call matching by regular expression
Commits
- See full diff in compare view