Bump brakeman from 6.1.2 to 6.2.1 (#617)

rsmithlal · web-flow · commit b21f6b045fbf · 2024-08-23T13:56:57.000-02:30
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 6.1.2 to 6.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/releases">brakeman's releases</a>.</em></p> <blockquote> <h2>6.2.1</h2> <ul> <li>Add optional support for Prism parser (use <code>--prism</code>)</li> <li>Handle parallel assignment with splats (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1833">#1833</a>)</li> <li>Warn about unscoped finds with <code>find_by!</code> (<a href="https://redirect.github.com/presidentbeef/brakeman/issues/1786">#1786</a>)</li> <li>Add initial Rails 8 support (<a href="https://github.com/ron-shinall">Ron Shinall</a>)</li> <li>Add support for symbolic links (<a href="https://github.com/lubert">Lu Zhu</a>)</li> <li>Support YAML aliases in secret configs (<a href="https://github.com/chaadow">Chedli Bourguiba</a>)</li> <li>Add <code>--show-ignored</code> option (<a href="https://github.com/gazayas">Gabriel Arcangel Zayas</a>)</li> <li>Treat <code>::X</code> and <code>X</code> the same, for now (<a href="https://github.com/that-jill">Jill Klang</a>)</li> <li>Remediation advice for command injection <a href="https://github.com/rangerscience">Nicholas Barone</a></li> <li>Fix compatibility with default frozen string literals (<a href="https://github.com/casperisfine">Jean Boussier</a>)</li> <li>Fix Ruby warnings in test suite (<a href="https://github.com/casperisfine">Jean Boussier</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md">brakeman's changelog</a>.</em></p> <blockquote> <h1>6.2.1 - 2024-08-22</h1> <p>Just a packaging fix for brakeman.gem</p> <h1>6.2.0 - 2024-08-22</h1> <ul> <li>Add <code>--show-ignored</code> option (Gabriel Zayas)</li> <li>Add optional support for Prism parser</li> <li>Warn about unscoped finds with <code>find_by!</code></li> <li>Treat <code>::X</code> and <code>X</code> the same, for now (Jill Klang)</li> <li>Fix compatibility with default frozen string literals (Jean Boussier)</li> <li>Remediation advice for command injection (Nicholas Barone)</li> <li>Fix Ruby warnings in test suite (Jean Boussier)</li> <li>Support YAML aliases in secret configs (Chedli Bourguiba)</li> <li>Add initial Rails 8 support (Ron Shinall)</li> <li>Handle mass assignment with splats</li> <li>Add support for symbolic links (Lu Zhu)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/presidentbeef/brakeman/commit/281e5806c3e44df72f0c40f8974be75d312df90c"><code>281e580</code></a> Bump to 6.2.1</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/a7478eaec0c79b9319604e5041451203bb8a5a0c"><code>a7478ea</code></a> Do not package strscan in gem</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/4f47cad08d5bf14d782a25d035f2d73886a3cb29"><code>4f47cad</code></a> Bump to 6.2.0</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/833afc126070b6ad3679bbe279d60d5b10204645"><code>833afc1</code></a> Update CHANGES</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/1f7bbadb31da213481ae54c728dda9372efb3eb3"><code>1f7bbad</code></a> Merge pull request <a href="https://redirect.github.com/presidentbeef/brakeman/issues/1861">#1861</a> from gazayas/features/show-ignored-flag</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/5d40a44f497ec00456a88bd837a598279ab16cf8"><code>5d40a44</code></a> Show ignored warnings at end of report text, explicitly return output string</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/3203739307155ba34113c958bfee5280412d3389"><code>3203739</code></a> Improve title for show ignored flag</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/c83406e7f073ad469cd2f4a44a108cdafd4c6897"><code>c83406e</code></a> Update CHANGES</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/c8c96d5f464b5967443cdb88d357f1e485be9d4d"><code>c8c96d5</code></a> Add show ignored flag test to options tests</li> <li><a href="https://github.com/presidentbeef/brakeman/commit/e1d32ce3817ab1027f9583a9518f608f0242517a"><code>e1d32ce</code></a> Add --show-ignored flag</li> <li>Additional commits viewable in <a href="https://github.com/presidentbeef/brakeman/compare/v6.1.2...v6.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brakeman&package-manager=bundler&previous-version=6.1.2&new-version=6.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -159,7 +159,7 @@ GEM
     bootstrap (5.3.3)
       autoprefixer-rails (>= 9.1.0)
       popper_js (>= 2.11.8, < 3)
-    brakeman (6.1.2)
+    brakeman (6.2.1)
       racc
     builder (3.3.0)
     bundler-audit (0.9.1)
