Bump brakeman from 4.9.0 to 4.9.1 (!144) · Merge requests · multiple-projects / imported-project-ed0b947507b98663

George Koltsov requested to merge dependabot-bundler-brakeman-4.9.1 into master Sep 05, 2020

Bumps brakeman from 4.9.0 to 4.9.1.

Release notes

4.9.1

Use version from active_record for non-Rails apps (Ulysse Buonomo)

Check chomped strings for SQL injection (#1509)

Always set line number for joined arrays (#1499)

Avoid warning about missing attr_accessible if protected_attributes gem is used (#1512)

Bundle latest ruby_parser (4.15.0)

Changelog

Sourced from brakeman's changelog.

4.9.1 - 2020-09-04

Check chomped strings for SQL injection

Use version from active_record for non-Rails apps (Ulysse Buonomo)

Always set line number for joined arrays

Avoid warning about missing attr_accessible if protected_attributes gem is used

Commits

c790626 Bump to 4.9.1
5a552e4 Update CHANGES
80f6bfa Merge pull request #1513 from presidentbeef/protected_attributes_attr_accessible
7fa17b9 Avoid warning about missing attr_accessible
4056719 Merge pull request #1511 from presidentbeef/chomp_strings_sql
7c43897 Check chomped strings for SQL injection
8782848 Merge pull request #1506 from BuonOmo/main
46aa047 Also track active_record for version detection
aace7e0 Merge pull request #1503 from presidentbeef/join_arrays_with_no_line_number
649b7f3 Always set line number for joined arrays
See full diff in compare view

Admin message

Admin message

Bump brakeman from 4.9.0 to 4.9.1

4.9.1

4.9.1 - 2020-09-04

Merge request reports