Build(deps-dev): Bump brakeman from 6.2.2 to 7.0.0 (#731)

rsmithlal · web-flow · commit 3b78c9d87557 · 2025-01-15T13:26:54.000-03:30
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 6.2.2 to 7.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/releases">brakeman's releases</a>.</em></p> <blockquote> <h2>7.0.0</h2> <ul> <li>Default to using Prism parser if available (disable with <code>--no-prism</code>)</li> <li>Disable following symbolic links by default (re-enable with <code>--follow-symlinks</code>)</li> <li>Remove updated entry in Brakeman ignore files (<a href="https://github.com/tobyhs">Toby Hsieh</a>)</li> <li>Major changes to how rescanning works</li> <li>Fix hardcoded globally excluded paths (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1830">#1830</a>)</li> <li>Always warn about deserializing from <code>Marshal</code></li> <li>Update <code>eval</code> check to be a little noisier</li> <li>Output <code>originalBaseUriIds</code> for SARIF format report (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1889">#1889</a>)</li> <li>Add step (and timing) for finding files</li> <li>Fix recursion when handling multiple assignment expressions (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1877">#1877</a>)</li> <li>Fix array/hash unknown index handling</li> <li>Update <code>terminal-table</code> version</li> <li>Add CSV library as explicit dependency for Ruby 3.4 support</li> <li>Raise minimum Ruby version to 3.1</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md">brakeman's changelog</a>.</em></p> <blockquote> <h1>7.0.0 - 2024-12-30</h1> <ul> <li>Always warn about deserializing from Marshal</li> <li>Output <code>originalBaseUriIds</code> for SARIF format report</li> <li>Default to using Prism parser if available (disable with <code>--no-prism</code>)</li> <li>Update <code>terminal-table</code> version to use latest</li> <li>Update <code>eval</code> check to be a little noisier</li> <li>Fix array/hash unknown index handling</li> <li>Disable following symbolic links by default, re-enable with --follow-symlinks</li> <li>Add step (and timing) for finding files</li> <li>Add CSV library as explicit dependency for Ruby 3.4 support</li> <li>Major changes to how rescanning works</li> <li>Raise minimum Ruby version to 3.1</li> <li>Fix hardcoded globally excluded paths</li> <li>Remove updated entry in Brakeman ignore files (Toby Hsieh)</li> <li>Fix recursion when handling multiple assignment expressions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/presidentbeef/brakeman/commit/2f2cd21c8f86021a295f67f45ac5b4b1f5c0b86f"><code>2f2cd21</code></a> Relax Prism version for --prism too</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/76da00a2730a60698793e318c8f5e0f3b24c5d4d"><code>76da00a</code></a> Bump to 7.0.0</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/b0eb1fc59c19ca0cac45d7449535f517743818e9"><code>b0eb1fc</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1904">#1904</a> from presidentbeef/relax_prism_version</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/5ae38b9b16c9afbdfe871fe184b40b90f7427ade"><code>5ae38b9</code></a> Relax Prism version requirement</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/c7018cd85c125788fd5c471b2807b0c39eb5c61b"><code>c7018cd</code></a> Update CHANGES</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/5f378919749f2e8a5f37267de8053f80ef9814f3"><code>5f37891</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1902">#1902</a> from presidentbeef/update_deserialize_check</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/d83415076e6be9d70babe4e619f05e3947e03b8b"><code>d834150</code></a> Output <code>originalBaseUriIds</code> for SARIF report (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1890">#1890</a>)</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/ee9de40562ca2b45dc805e9e0e3c2e469f8bb00a"><code>ee9de40</code></a> Use Prism parser by default (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1897">#1897</a>)</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/f891743504ecacade7bf4cf2b3da667390c33820"><code>f891743</code></a> Always warn about deserializing with Marshal</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/b299ca0a1020c9daf801fc3d000da80f87f15d8d"><code>b299ca0</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1899">#1899</a> from presidentbeef/update_eval_check</li> <li>Additional commits viewable in <a href="https://github.com/presidentbeef/brakeman/compare/v6.2.2...v7.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brakeman&package-manager=bundler&previous-version=6.2.2&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -190,7 +190,7 @@ GEM
     bootstrap (5.3.3)
       autoprefixer-rails (>= 9.1.0)
       popper_js (>= 2.11.8, < 3)
-    brakeman (6.2.2)
+    brakeman (7.0.0)
       racc
     builder (3.3.0)
     bundler-audit (0.9.2)
