Bump brakeman from 5.2.1 to 6.1.2

[dependabot]

Bumps brakeman from 5.2.1 to 6.1.2.

Release notes

Sourced from brakeman's releases.

6.1.2

• Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)
• Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
• Avoid copying Sexps that are too large (#1818, #1546)
• Add EOL date for Ruby 3.3.0
• Remove deprecated use of Kernel#open("|...")
• Remove safe_yaml gem dependency
• Update Highline to 3.0 (#1812)

6.1.1

• Handle racc as a default gem in Ruby 3.3.0

6.1.0

• Add check for unfiltered search with Ransack
• Add --timing to add timing duration for scan steps
• Add PG::Connection.escape_string as a SQL sanitization method (Joévin Soulenq)
• Handle class << self
• Fix class method lookup in parent classes
• Fix keyword splats in filter arguments

6.0.0.1 - Docker only

This release is to fix the Ruby version used in the Docker image.

No other changes.

6.0.0

• Drop support for Ruby 1.8/1.9 syntax
• Raise minimum Ruby version to 3.0
• Add obsolete fingerprints to comparison report (#1758)
• Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
• Fix false positive with content_tag in newer Rails (#1778)
• Scan directories that include the word public
• Fix end-of-life dates for Ruby

5.4.1

• Add Rails 6.1 and 7.0 default configuration values
• Support Rails 7 redirect options
• Add redirect_back and redirect_back_or_to to open redirect check
• Revise checking for request.env to only consider request headers
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in? (#1569)
• Fix issue with if expressions in when clauses (#1743)
• Fix file/line location for EOL software warnings

5.4.0

• Add check for weak RSA key sizes and padding modes (#1736)
• Add check for absolute paths issue with Pathname (#1721)
• Handle multiple values and splats in case/when (#1730)
• Ignore more model methods in redirects (#1723)

... (truncated)

Changelog

Sourced from brakeman's changelog.

6.1.2 - 2024-02-01

• Update Highline to 3.0
• Add EOL date for Ruby 3.3.0
• Avoid copying Sexps that are too large
• Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
• Remove deprecated use of Kernel#open("|...")
• Remove safe_yaml gem dependency
• Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)

6.1.1 - 2023-12-24

• Handle racc as a default gem in Ruby 3.3.0

6.1.0 - 2023-12-04

• Add --timing to add timing duration for scan steps
• Fix keyword splats in filter arguments
• Add check for unfiltered search with Ransack
• Fix class method lookup in parent classes
• Handle class << self
• Add PG::Connection.escape_string as a SQL sanitization method (Joévin Soulenq)

6.0.1 - 2023-07-20

• Accept strings for load_defaults version

6.0.0 - 2023-05-24

• Add obsolete fingerprints to comparison report
• Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
• Scan directories that include the word public
• Raise minimum Ruby version to 3.0
• Drop support for Ruby 1.8/1.9 syntax
• Fix end-of-life dates for Ruby
• Fix false positive with content_tag in newer Rails

5.4.1 - 2023-02-21

• Fix file/line location for EOL software warnings
• Revise checking for request.env to only consider request headers
• Add redirect_back and redirect_back_or_to to open redirect check
• Support Rails 7 redirect options
• Add Rails 6.1 and 7.0 default configuration values
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in?
• Fix issue with if expressions in when clauses

5.4.0 - 2022-11-17

... (truncated)

Commits

• a368fd9 Bump to 6.1.2
• 08a119a Update CHANGES
• a216548 Update Highline to 3.0 (#1825)
• 1954a00 Skip timeout test (#1823)
• fe9e0a3 Merge pull request #1821 from vividmuimui/view_component_contrib_base
• 5291a41 Merge pull request #1822 from presidentbeef/eol_for_3_3
• b02ba1e Add EOL for Ruby 3.3.0
• f07829d Merge pull request #1820 from presidentbeef/limit_mass_of_copied_values
• 26d4180 fix: avoid detecting 'ViewComponentContrib::Base' as dynamic render paths
• 180e872 Avoid copying Sexps that are too large
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)