Skip to content

Bump brakeman from 4.9.0 to 4.9.1

James Nutt requested to merge dependabot-bundler-brakeman-4.9.1 into master

Bumps brakeman from 4.9.0 to 4.9.1.

Release notes

Sourced from brakeman's releases.

4.9.1

  • Use version from active_record for non-Rails apps (Ulysse Buonomo)
  • Check chomped strings for SQL injection (#1509)
  • Always set line number for joined arrays (#1499)
  • Avoid warning about missing attr_accessible if protected_attributes gem is used (#1512)
  • Bundle latest ruby_parser (4.15.0)
Changelog

Sourced from brakeman's changelog.

4.9.1 - 2020-09-04

  • Check chomped strings for SQL injection
  • Use version from active_record for non-Rails apps (Ulysse Buonomo)
  • Always set line number for joined arrays
  • Avoid warning about missing attr_accessible if protected_attributes gem is used
Commits
  • c790626 Bump to 4.9.1
  • 5a552e4 Update CHANGES
  • 80f6bfa Merge pull request #1513 from presidentbeef/protected_attributes_attr_accessible
  • 7fa17b9 Avoid warning about missing attr_accessible
  • 4056719 Merge pull request #1511 from presidentbeef/chomp_strings_sql
  • 7c43897 Check chomped strings for SQL injection
  • 8782848 Merge pull request #1506 from BuonOmo/main
  • 46aa047 Also track active_record for version detection
  • aace7e0 Merge pull request #1503 from presidentbeef/join_arrays_with_no_line_number
  • 649b7f3 Always set line number for joined arrays
  • See full diff in compare view

Merge request reports