chore(deps-dev): bump brakeman from 7.1.0 to 7.1.1 (#1134)

rsmithlal · web-flow · commit 9d1ac6808d93 · 2025-11-04T14:31:28.000-03:30
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 7.1.0 to 7.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/releases">brakeman's releases</a>.</em></p> <blockquote> <h2>7.1.1</h2> <ul> <li>Exclude directories before searching for files (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1925">#1925</a>)</li> <li>Check for unsafe SQL when two arguments are passed to AR methods (<a href="https://github.com/patbl">Patrick Brinich-Langlois</a>)</li> <li>Fix SQL injection check for <code>calculate</code> method (<a href="https://github.com/rsharma-figma">Rohan Sharma</a>)</li> <li>Check each side of <code>or</code> SQL arguments (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1935">#1935</a>)</li> <li>Consider <code>Tempfile.create.path</code> as safe input (<a href="https://github.com/aliismayilov">Ali Ismayilov</a>)</li> <li>Fix false positive when calling <code>with_content</code> on ViewComponents (<a href="https://github.com/peerkleio">Peer Allan</a>)</li> <li>Add <code>FilePath#to_path</code> for Ruby 3.5 compatibility (<a href="https://github.com/S-H-GAMELINKS">S.H.</a>)</li> <li>Ignore attribute builder in Haml 6 (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1952">#1952</a>)</li> <li>Word wrap text report output in pager</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md">brakeman's changelog</a>.</em></p> <blockquote> <h1>7.1.1 - 2025-11-03</h1> <ul> <li>Fix false positive when calling <code>with_content</code> on ViewComponents (Peer Allan)</li> <li>Word wrap text output in pager</li> <li>Consider Tempfile.create.path as safe input (Ali Ismayilov)</li> <li>Exclude directories before searching for files</li> <li>Check each side of <code>or</code> SQL arguments</li> <li>Ignore attribute builder in Haml 6</li> <li>Add <code>FilePath#to_path</code> for Ruby 3.5 compatibility (S-H-GAMELINKS)</li> <li>Fix SQL injection check for calculate method (Rohan Sharma)</li> <li>Fix missing <code>td</code> in HTML report (John Hawthorn)</li> <li>Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/presidentbeef/brakeman/commit/beabb9ceb917c9896c704c3f6975d6a803ecc6d4"><code>beabb9c</code></a> Update CHANGES</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/a65c657c645bc4d9343815ed2579a4eb6454e142"><code>a65c657</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1961">#1961</a> from presidentbeef/wordwrap_output</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/1dcee03b8a7ca4d4c63b826f43b53b259e85dbe4"><code>1dcee03</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1933">#1933</a> from aliismayilov/ignore-tempfile-path</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/21ae5933df08ac42ce62b722f4624f9788fd2459"><code>21ae593</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1953">#1953</a> from sunny/patch-1</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/da44c3fd147d9bc9beb347967a667b319f00d9be"><code>da44c3f</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1968">#1968</a> from presidentbeef/faster_file_search</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/ec80644adf7fd2c444eeded62dbbb452288b2341"><code>ec80644</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1963">#1963</a> from rsharma-figma/rohan/fix-calculate-sql-injection...</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/e2acb3c63d2004755903dfc9f6268f530d84fb3f"><code>e2acb3c</code></a> Update AppTree tests</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/c959e8be083a066918d259ace4bd05b1d85d48d1"><code>c959e8b</code></a> Add tests for matching file paths</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/9b3c619958e0e6853de752ec5bfea89f3d97369f"><code>9b3c619</code></a> Match directories at top level</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/64abd42a0946a61683e5d31d87279ecad3b88393"><code>64abd42</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1969">#1969</a> from presidentbeef/issue_1935</li> <li>Additional commits viewable in <a href="https://github.com/presidentbeef/brakeman/compare/v7.1.0...v7.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brakeman&package-manager=bundler&previous-version=7.1.0&new-version=7.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       msgpack (~> 1.2)
     bootstrap (5.3.5)
       popper_js (>= 2.11.8, < 3)
-    brakeman (7.1.0)
+    brakeman (7.1.1)
       racc
     builder (3.3.0)
     bundler-audit (0.9.2)
