Bump brakeman from 5.4.0 to 6.0.0

[dependabot]

Bumps brakeman from 5.4.0 to 6.0.0.

Release notes

Sourced from brakeman's releases.

6.0.0

• Drop support for Ruby 1.8/1.9 syntax
• Raise minimum Ruby version to 3.0
• Add obsolete fingerprints to comparison report (#1758)
• Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
• Fix false positive with content_tag in newer Rails (#1778)
• Scan directories that include the word public
• Fix end-of-life dates for Ruby

5.4.1

• Add Rails 6.1 and 7.0 default configuration values
• Support Rails 7 redirect options
• Add redirect_back and redirect_back_or_to to open redirect check
• Revise checking for request.env to only consider request headers
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in? (#1569)
• Fix issue with if expressions in when clauses (#1743)
• Fix file/line location for EOL software warnings

Changelog

Sourced from brakeman's changelog.

6.0.0 - 2023-05-24

• Add obsolete fingerprints to comparison report
• Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
• Scan directories that include the word public
• Raise minimum Ruby version to 3.0
• Drop support for Ruby 1.8/1.9 syntax
• Fix end-of-life dates for Ruby
• Fix false positive with content_tag in newer Rails

5.4.1 - 2023-02-21

• Fix file/line location for EOL software warnings
• Revise checking for request.env to only consider request headers
• Add redirect_back and redirect_back_or_to to open redirect check
• Support Rails 7 redirect options
• Add Rails 6.1 and 7.0 default configuration values
• Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
• Warn about unscoped find for find_by(id: ...)
• Support presence, presence_in and in?
• Fix issue with if expressions in when clauses

Commits

• 9be7fbf Bump to 6.0.0
• 32add92 Update CHANGES
• b4d07f8 No attribute name XSS warning in Rails 6.1.6+ (#1779)
• 38306e2 Update CHANGES
• 98885f3 Add obsolete entries to comparison report (#1777)
• a301e6a Merge pull request #1776 from presidentbeef/montdidier-hotfix/rails_52_if_no_...
• d6c99c7 Test for Rails 5.2 CSRF warning with no defaults
• 022a0c9 Merge branch 'hotfix/rails_52_if_no_defaults' of github.com:montdidier/brakem...
• dd9ba8b Scan directories that include 'public' (#1774)
• fe5abcd use correct capitalization for GitHub (#1772)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #85 (3395796) into main (898c0e5) will increase coverage by 37.50%.
The diff coverage is 100.00%.

❗ Current head 3395796 differs from pull request most recent head 80f0265. Consider uploading reports for the commit 80f0265 to get more accurate results

@@             Coverage Diff              @@
##             main       #85       +/-   ##
============================================
+ Coverage   62.50%   100.00%   +37.50%     
============================================
  Files           6         6               
  Lines          16        15        -1     
============================================
+ Hits           10        15        +5     
+ Misses          6         0        -6     

Impacted Files	Coverage Δ
app/controllers/application_controller.rb	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes