Bump brakeman from 5.2.3 to 5.4.1

[dependabot[bot]]

Bumps brakeman from 5.2.3 to 5.4.1.

Release notes

Sourced from brakeman's releases.

5.4.1

• Add Rails 6.1 and 7.0 default configuration values
• Support Rails 7 redirect options
• Add redirect_back and redirect_back_or_to to open redirect check
• Revise checking for request.env to only consider request headers
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in? (#1569)
• Fix issue with if expressions in when clauses (#1743)
• Fix file/line location for EOL software warnings

5.4.0

• Add check for weak RSA key sizes and padding modes (#1736)
• Add check for absolute paths issue with Pathname (#1721)
• Handle multiple values and splats in case/when (#1730)
• Ignore more model methods in redirects (#1723)
• Fix load_rails_defaults overwriting settings in the Rails application (James Gregory-Monk)
• Use relative paths for CodeClimate report format (Mike Poage)

5.3.1

• Fix version range for CVE-2022-32209

5.3.0

• Add CWE information to warnings (Stephen Aghaulor)
• Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
• Add check for CVE-2022-32209
• Load rexml as a Brakeman dependency
• Fix "full call" information propagating unnecessarily

Changelog

Sourced from brakeman's changelog.

5.4.1 - 2023-02-21

• Fix file/line location for EOL software warnings
• Revise checking for request.env to only consider request headers
• Add redirect_back and redirect_back_or_to to open redirect check
• Support Rails 7 redirect options
• Add Rails 6.1 and 7.0 default configuration values
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in?
• Fix issue with if expressions in when clauses

5.4.0 - 2022-11-17

• Use relative paths for CodeClimate report format (Mike Poage)
• Add check for weak RSA key sizes and padding modes
• Handle multiple values and splats in case/when
• Ignore more model methods in redirects
• Add check for absolute paths issue with Pathname
• Fix load_rails_defaults overwriting settings in the Rails application (James Gregory-Monk)

5.3.1 - 2022-08-09

• Fix version range for CVE-2022-32209

5.3.0 - 2022-08-09

• Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
• Load rexml as a Brakeman dependency
• Fix "full call" information propagating unnecessarily
• Add check for CVE-2022-32209
• Add CWE information to warnings (Stephen Aghaulor)

Commits

• 0bc31d9 Update CHANGES for 5.4.1
• b937e06 Bump to 5.4.1
• 106d46d Update CHANGES
• 7ccbaaf Fix file/line location for EOL software warnings (#1761)
• 35541df Update CHANGES
• 22108f3 Update CHANGES
• 126cad1 Revise checking for request.env to only consider request headers (#1760)
• 3a32dfd Add ruby 3.2 to CI (#1759)
• 72327f7 Add redirect_back and redirect_back_or_to to open redirect check (#1756)
• 749b664 Rails 7 redirect options (#1755)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)