[openstreetmap/openstreetmap-website] Bump brakeman from 4.9.0 to 4.9.1 (#2817)

dependabot[bot] notifications at github.com
Mon Sep 7 05:02:10 UTC 2020 

Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 4.9.0 to 4.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/releases">brakeman's releases</a>.</em></p>
<blockquote>
<h2>4.9.1</h2>
<ul>
<li>Use version from <code>active_record</code> for non-Rails apps (<a href="https://github.com/BuonOmo">Ulysse Buonomo</a>)</li>
<li>Check <code>chomp</code>ed strings for SQL injection (<a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1509">#1509</a>)</li>
<li>Always set line number for joined arrays (<a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1499">#1499</a>)</li>
<li>Avoid warning about missing <code>attr_accessible</code> if <code>protected_attributes</code> gem is used (<a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1512">#1512</a>)</li>
<li>Bundle latest ruby_parser (4.15.0)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md">brakeman's changelog</a>.</em></p>
<blockquote>
<h1>4.9.1 - 2020-09-04</h1>
<ul>
<li>Check <code>chomp</code>ed strings for SQL injection</li>
<li>Use version from <code>active_record</code> for non-Rails apps (Ulysse Buonomo)</li>
<li>Always set line number for joined arrays</li>
<li>Avoid warning about missing <code>attr_accessible</code> if <code>protected_attributes</code> gem is used</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/presidentbeef/brakeman/commit/c790626bbf2b86703dac23864426d5c62824e8b0"><code>c790626</code></a> Bump to 4.9.1</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/5a552e4e4cee278df161c25604fdb9052a42defc"><code>5a552e4</code></a> Update CHANGES</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/80f6bfa232b4111f69b00d93a54866f30ec8268a"><code>80f6bfa</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1513">#1513</a> from presidentbeef/protected_attributes_attr_accessible</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/7fa17b9e036b00e759e0008442ebce27456a8251"><code>7fa17b9</code></a> Avoid warning about missing <code>attr_accessible</code></li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/4056719ec4fac8d384c672b10b385e2979866c47"><code>4056719</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1511">#1511</a> from presidentbeef/chomp_strings_sql</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/7c43897831c6a0a9cab3e4b5914a933c9dae4a3a"><code>7c43897</code></a> Check <code>chomp</code>ed strings for SQL injection</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/87828489a083970d4f8ea5d04dfa9834cbaa8739"><code>8782848</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1506">#1506</a> from BuonOmo/main</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/46aa0477bb4aae3fa1dcbcbd17745fef7e41d163"><code>46aa047</code></a> Also track active_record for version detection</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/aace7e0f9c1be81511e7454b29c21beaee7329bd"><code>aace7e0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/presidentbeef/brakeman/issues/1503">#1503</a> from presidentbeef/join_arrays_with_no_line_number</li>
<li><a href="https://github.com/presidentbeef/brakeman/commit/649b7f349e38b155fff4676cddc80a845937e632"><code>649b7f3</code></a> Always set line number for joined arrays</li>
<li>See full diff in <a href="https://github.com/presidentbeef/brakeman/compare/v4.9.0...v4.9.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brakeman&package-manager=bundler&previous-version=4.9.0&new-version=4.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/2817

-- Commit Summary --

  * Bump brakeman from 4.9.0 to 4.9.1

-- File Changes --

    M Gemfile.lock (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/2817.patch
https://github.com/openstreetmap/openstreetmap-website/pull/2817.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2817
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200906/437addbd/attachment.htm>

More information about the rails-dev mailing list