Skip to content
This repository was archived by the owner on May 24, 2026. It is now read-only.

Bump brakeman from 7.0.2 to 8.0.1#40

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/brakeman-8.0.1
Closed

Bump brakeman from 7.0.2 to 8.0.1#40
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/brakeman-8.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 30, 2026

Copy link
Copy Markdown

Bumps brakeman from 7.0.2 to 8.0.1.

Release notes

Sourced from brakeman's releases.

8.0.1

  • Fix for disappearing cursor when no warnings are reported

8.0.0

  • Complete revamp of scan progress output and logging
  • --skip-libs removed (#1839
  • --index-libs removed
  • Fix qualified constant lookup to respect module/class context (Mike Dalessio)
  • Fix singleton method prefixes (viralpraxis)
  • Faster file globbing for templates (Mikael Henriksson)
  • No longer produce weak dynamic render path warnings
  • Replace Erubis with Erubi (#1970)

7.1.2

This was released on December 25, 2025

  • Update ruby_parser to remove max version restriction (Chedli Bourguiba)
  • Increase minimum Ruby version to 3.2.0
  • Reduce SQL injection false positives from count (and other) calls (#1936)
  • Remove more XSS false positives related to Haml attribute builder
  • Update Minitest version to 6.0

7.1.1

  • Exclude directories before searching for files (#1925)
  • Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)
  • Fix SQL injection check for calculate method (Rohan Sharma)
  • Check each side of or SQL arguments (#1935)
  • Consider Tempfile.create.path as safe input (Ali Ismayilov)
  • Fix false positive when calling with_content on ViewComponents (Peer Allan)
  • Add FilePath#to_path for Ruby 3.5 compatibility (S.H.)
  • Ignore attribute builder in Haml 6 (#1952)
  • Word wrap text report output in pager

7.1.0

  • Add Haml 6.x support (#1914, #1841, etc.)
  • Support render model shortcut (#959, #1940, etc.)
  • Add --ensure-no-obsolete-config-entries option (viralpraxis)
  • Update JUnit report for CircleCI (Philippe Bernery)
  • Improve ignored warnings layout in HTML report (Sebastien Savater)
  • Only load escape functionality from cgi library (Earlopain)
  • Add EOL dates for Rails 8.0 and Ruby 3.4
  • Use lazy file lists for AppTree
Changelog

Sourced from brakeman's changelog.

8.0.1 - 2026-01-29

  • Make sure to reset the cursor even when exit code is 0

8.0.0 - 2026-01-29

  • No longer produce weak dynamic render path warnings
  • --skip-libs removed
  • --index-libs removed
  • Revamp of scan progress output and logging
  • Faster file globbing for templates (Mikael Henriksson)
  • Fix singleton method prefixes (viralpraxis)
  • Fix qualified constant lookup to respect module/class context (Mike Dalessio)
  • Replace Erubis with Erubi

7.1.2 - 2025-12-25

  • Update ruby_parser to remove version restriction (Chedli Bourguiba)
  • Raise minimum required Ruby to 3.2.0
  • Use Minitest 6.0
  • Reduce SQL injection false positives from count calls
  • Ignore more Haml attribute builder methods

7.1.1 - 2025-11-03

  • Fix false positive when calling with_content on ViewComponents (Peer Allan)
  • Word wrap text output in pager
  • Consider Tempfile.create.path as safe input (Ali Ismayilov)
  • Exclude directories before searching for files
  • Check each side of or SQL arguments
  • Ignore attribute builder in Haml 6
  • Add FilePath#to_path for Ruby 3.5 compatibility (S-H-GAMELINKS)
  • Fix SQL injection check for calculate method (Rohan Sharma)
  • Fix missing td in HTML report (John Hawthorn)
  • Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)

7.1.0 - 2025-07-18

  • Add EOL dates for Rails 8.0 and Ruby 3.4
  • Support render model shortcut
  • Use lazy file lists for AppTree
  • Add Haml 6.x support
  • Improve ignored warnings layout in HTML report (Sebastien Savater)
  • Update JUnit report for CircleCI (Philippe Bernery)
  • Only load escape functionality from cgi library (Earlopain)
  • Add --ensure-no-obsolete-ignore-entries option (viralpraxis)
Commits
  • 406e8f1 Bump to 8.0.1
  • 6d37b1c Merge pull request #2002 from presidentbeef/always_quit
  • 192fcb9 Make sure to quit after running
  • 198741a Merge pull request #1999 from presidentbeef/fix_reline_import
  • 7a4b8b4 Add Reline as a dependency
  • 10ec1ee Merge pull request #1998 from presidentbeef/logger_before_use
  • bfd5995 Create logger before potential Prism warning
  • 63ae26e Bump to 8.0.0
  • 321e402 Update CHANGES
  • 92050fe Merge pull request #1997 from presidentbeef/drop_weak_dynamic_render_warnings
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump brakeman from 7.0.2 to 8.0.1
01af929 
Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 7.0.2 to 8.0.1.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](presidentbeef/brakeman@v7.0.2...v8.0.1)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jan 30, 2026
@dependabot dependabot Bot mentioned this pull request Jan 30, 2026
Closed
@dependabot @github

dependabot Bot commented on behalf of github Feb 4, 2026

Copy link
Copy Markdown
Author

Superseded by #43.

@dependabot dependabot Bot closed this Feb 4, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/brakeman-8.0.1 branch February 4, 2026 05:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants