Changes since 3.7.1:
- Fix
--ensure-latest
(David Guyon)
Just a little release. Next up: 4.0!
Changes since 3.7.0:
- Handle simple guard with
return
at end of branch (#1073) - Add more collection methods for iteration detection
- Modularize
bin/brakeman
- Improve multi-value
Sexp
error message - Update
ruby2ruby
andruby_parser
dependencies
Another Simple Guard
Brakeman will now handle when the branch in a simple guard condition ends in return
.
For example:
unless [:valid, :value].include? params[:x]
do_stuff
more_stuff
return
end
x.send(params[:x]) # Will no longer warn because `params[:x]` must be 'safe'
(changes)
More Collection Methods
Brakeman attempts to detect when a template is iterating over records from a database query.
This release adds a few more methods that might return a collection of records.
(changes)
Modularize Commandline
The logic in the brakeman
executable has now entirely been moved to Brakeman::Commandline
for easier testing and custom behavior.
(changes)
Brakeman 4.0 Plans
If all goes well, Brakeman 4.0 will be released on August 27th, which is also the 7th anniversary of Brakeman’s first release. It will also be the 101st release of Brakeman!
At least two major changes will be coming in Brakeman 4.0:
- The
plain
report format will be the default instead of tables -z
or--exit-on-warn
(sets exit code if any warnings are found) will be on by default
There will likely be other changes, but these two will be the most obvious.
Checksums
The SHA256 sums for this release are:
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Hang out on GitHub for questions and discussion.