ualbertalib / jupiter

Jupiter is a University of Alberta Libraries-based initiative to create a sustainable and extensible digital asset management system. This is phase 2 (Digitization).
https://era.library.ualberta.ca/
MIT License
23 stars 10 forks source link

Bump brakeman from 6.2.1 to 6.2.2 #3598

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 1 month ago

Bumps brakeman from 6.2.1 to 6.2.2.

Release notes

Sourced from brakeman's releases.

6.2.2

  • New end-of-support dates for Rails
  • Revamp command injection detection in pipeline* calls (#1862)
  • Exclude more native gems from vendored gems in brakeman gem (#1869)
Changelog

Sourced from brakeman's changelog.

6.2.2 - 2024-10-15

  • Ignore more native gems when building gem
  • Revamp command injection in pipeline* calls
  • New end-of-support dates for Rails
Commits
  • 0aeceda Bump to 6.2.2
  • 43612a6 Merge pull request #1872 from presidentbeef/more_native_gems_to_ignore
  • 2ece3b4 Update CHANGES
  • 72df013 Ignore more native gems when building gem
  • e4f49f6 Merge pull request #1868 from presidentbeef/revamp_pipeline_check
  • 9e8cd79 Revamp command injection in pipeline* calls
  • f99539b Merge pull request #1865 from presidentbeef/update_eol_dates_for_rails
  • 1713d5f Remove Gitter link from README
  • c25fcae Merge pull request #1864 from presidentbeef/fix_docker_once_more
  • 8da2a28 New end-of-support dates for Rails
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
pgwillia commented 3 weeks ago

@dependabot rebase