From 2a12286d15f07f155987103ef6716a9e217c6b44 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Apr 2024 00:53:03 +0200
Subject: [PATCH] Bump brakeman from 6.0.1 to 6.1.2 (#119)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 6.0.1
to 6.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/presidentbeef/brakeman/releases">brakeman's
releases</a>.</em></p>
<blockquote>
<h2>6.1.2</h2>
<ul>
<li>Avoid detecting Phlex components as dynamic render paths (<a
href="https://github.com/ElMassimo">Máximo Mussini</a>)</li>
<li>Avoid detecting <code>ViewComponentContrib::Base</code> as dynamic
render paths (<a
href="https://github.com/vividmuimui">vividmuimui</a>)</li>
<li>Avoid copying Sexps that are too large (<a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1818">#1818</a>,
<a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1546">#1546</a>)</li>
<li>Add EOL date for Ruby 3.3.0</li>
<li>Remove deprecated use of
<code>Kernel#open(&quot;|...&quot;)</code></li>
<li>Remove <code>safe_yaml</code> gem dependency</li>
<li>Update Highline to 3.0 (<a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1812">#1812</a>)</li>
</ul>
<h2>6.1.1</h2>
<ul>
<li>Handle racc as a default gem in Ruby 3.3.0</li>
</ul>
<h2>6.1.0</h2>
<ul>
<li>Add check for unfiltered search with Ransack</li>
<li>Add <code>--timing</code> to add timing duration for scan steps</li>
<li>Add <code>PG::Connection.escape_string</code> as a SQL sanitization
method (<a href="https://github.com/joevin-slq-docto">Joévin
Soulenq</a>)</li>
<li>Handle <code>class &lt;&lt; self</code></li>
<li>Fix class method lookup in parent classes</li>
<li>Fix keyword splats in filter arguments</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md">brakeman's
changelog</a>.</em></p>
<blockquote>
<h1>6.1.2 - 2024-02-01</h1>
<ul>
<li>Update Highline to 3.0</li>
<li>Add EOL date for Ruby 3.3.0</li>
<li>Avoid copying Sexps that are too large</li>
<li>Avoid detecting <code>ViewComponentContrib::Base</code> as dynamic
render paths (vividmuimui)</li>
<li>Remove deprecated use of
<code>Kernel#open(&quot;|...&quot;)</code></li>
<li>Remove <code>safe_yaml</code> gem dependency</li>
<li>Avoid detecting Phlex components as dynamic render paths (Máximo
Mussini)</li>
</ul>
<h1>6.1.1 - 2023-12-24</h1>
<ul>
<li>Handle racc as a default gem in Ruby 3.3.0</li>
</ul>
<h1>6.1.0 - 2023-12-04</h1>
<ul>
<li>Add <code>--timing</code> to add timing duration for scan steps</li>
<li>Fix keyword splats in filter arguments</li>
<li>Add check for unfiltered search with Ransack</li>
<li>Fix class method lookup in parent classes</li>
<li>Handle <code>class &lt;&lt; self</code></li>
<li>Add <code>PG::Connection.escape_string</code> as a SQL sanitization
method (Joévin Soulenq)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/a368fd912a902b2e4a7828a4dcb43c71fa934e37"><code>a368fd9</code></a>
Bump to 6.1.2</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/08a119afa50c430d32851a617ff12b1c13c467e9"><code>08a119a</code></a>
Update CHANGES</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/a21654897561b30cfe09b24799c773e9e2a54c41"><code>a216548</code></a>
Update Highline to 3.0 (<a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1825">#1825</a>)</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/1954a004b14783f411d4adcc2cf14c4446fc422d"><code>1954a00</code></a>
Skip timeout test (<a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1823">#1823</a>)</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/fe9e0a3e6eac15878148664372f6d20909f7acca"><code>fe9e0a3</code></a>
Merge pull request <a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1821">#1821</a>
from vividmuimui/view_component_contrib_base</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/5291a4152793823155ae09d1fc51d95ed059705f"><code>5291a41</code></a>
Merge pull request <a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1822">#1822</a>
from presidentbeef/eol_for_3_3</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/b02ba1ec53c8c4d2bd26d10e73893a742f36df17"><code>b02ba1e</code></a>
Add EOL for Ruby 3.3.0</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/f07829d060a241fd1bda143a3168c348b964c9b4"><code>f07829d</code></a>
Merge pull request <a
href="https://redirect.github.com/presidentbeef/brakeman/issues/1820">#1820</a>
from presidentbeef/limit_mass_of_copied_values</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/26d4180aadfe30ec9e6cc05480ead75b219423bc"><code>26d4180</code></a>
fix: avoid detecting 'ViewComponentContrib::Base' as dynamic render
paths</li>
<li><a
href="https://github.com/presidentbeef/brakeman/commit/180e872cb33d0bd6a82f89a314ccac7ec2c0bab3"><code>180e872</code></a>
Avoid copying Sexps that are too large</li>
<li>Additional commits viewable in <a
href="https://github.com/presidentbeef/brakeman/compare/v6.0.1...v6.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brakeman&package-manager=bundler&previous-version=6.0.1&new-version=6.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index d758637..c1a0eed 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -82,7 +82,8 @@ GEM
     bigdecimal (3.1.6)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
-    brakeman (6.0.1)
+    brakeman (6.1.2)
+      racc
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)