dependabot-preview[bot]
commented
4 years ago Superseded by #97.
Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago Superseded by #97.
Bumps sobelow from 0.8.0 to 0.9.3.
Changelog
*Sourced from [sobelow's changelog](https://github.com/nccgroup/sobelow/blob/master/CHANGELOG.md).* > ## v0.9.3 > * Enhancements > * Improved checks for all aliased functions > > * Bug Fixes > * JSON output for Raw findings is now properly normalized > * `send_download` correctly flags aliased function calls > * `send_download` now correctly flags piped functions > > ## v0.9.2 > * Bug Fixes > * Fix error that resulted from redefining imported functions > > ## v0.9.1 > * Bug Fixes > * Revert umbrella app recursion > > ## v0.9.0 > * Enhancements > * Add `--mark-skip-all` and `--clear-skip` flags > * New CSRF via action reuse checks > * Sobelow can now be run in umbrella apps > > * Bug Fixes > * Fix an error when printing some kinds of variablesCommits
- [`8fd367a`](https://github.com/nccgroup/sobelow/commit/8fd367a21bffaf8df1ed79827316be72502a723b) Version bump - 0.9.3 - [`1d2ff22`](https://github.com/nccgroup/sobelow/commit/1d2ff22f5f6b7a14e18def7e372898181edb5619) Generalize aliased function parse, and add new required but not strict alias ... - [`dbb606e`](https://github.com/nccgroup/sobelow/commit/dbb606e304b50a4136155bfcb010c0c4dc87972a) Merge pull request [#56](https://github-redirect.dependabot.com/nccgroup/sobelow/issues/56) from samhstn/master - [`c699e62`](https://github.com/nccgroup/sobelow/commit/c699e62509c137fbaaeb79213e9f1c68969ede21) allow for piping into function - [`ce71b3d`](https://github.com/nccgroup/sobelow/commit/ce71b3da0a9b44048554ef93f97693483471063e) Add line to JSON output of XSS.Raw findings - [`6b8a892`](https://github.com/nccgroup/sobelow/commit/6b8a89282acde1931945a31f2f93741651e410e4) Remove unused variable - [`8132067`](https://github.com/nccgroup/sobelow/commit/813206775c2dac6b19f61e5ba635c0b13e4703de) Version bump - 0.9.2 - [`57e6ca4`](https://github.com/nccgroup/sobelow/commit/57e6ca4a8a4d8731105fd2556b269f07984b3571) Fix function redefinition bug - [`d7c2595`](https://github.com/nccgroup/sobelow/commit/d7c25956ed0ac9874d9b9c9b884454113bd490e8) Version bump - 0.9.1 - [`c8b0c14`](https://github.com/nccgroup/sobelow/commit/c8b0c144ca47389ee326c134f27e8a7590bcd8f6) Revert recursive umbrella scan - Additional commits viewable in [compare view](https://github.com/nccgroup/sobelow/compare/v0.8.0...v0.9.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)