Skip to content

dep: bump brakeman from 4.10.0 to 4.10.1

George Koltsov requested to merge dependabot-bundler-brakeman-4.10.1 into master

Bumps brakeman from 4.10.0 to 4.10.1.

Release notes

Sourced from brakeman's releases.

4.10.1

  • Declare REXML as a dependency (Ruby 3.0 compatibility)
  • Use Sexp#sexp_body instead of Sexp#[..] (Ruby 3.0 compatibility)
  • Prevent render loops when template names are absolute paths (#1536)
  • Ensure RubyParser is passed file path as a String (#1534)
  • Support new Haml 5.2.0 escaping method (#1517)
Changelog

Sourced from brakeman's changelog.

4.10.1 - 2020-12-24

  • Declare REXML as a dependency (Ruby 3.0 compatibility)
  • Use Sexp#sexp_body instead of Sexp#[..] (Ruby 3.0 compatibility)
  • Prevent render loops when template names are absolute paths
  • Ensure RubyParser is passed file path as a String
  • Support new Haml 5.2.0 escaping method
Commits
  • 95d0238 Bump to 4.10.1
  • 09b80df Add new Haml 5.2.0 escaping method
  • c73f314 Ensure RubyParser is passed path as a string
  • f09d161 Prevent render loops with absolute paths
  • 407bef0 Add rexml as a dependency
  • ec0d41e Attempt to test against Ruby 3.0
  • 89c51e9 Use Sexp#sexp_body instead of Sexp#[1..-1]
  • See full diff in compare view

Merge request reports