RubyGems - brakeman - Versions diffs - 4.10.1 → 5.0.0.pre1 - Mend

brakeman 4.10.1 → 5.0.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

data/lib/brakeman/tracker.rb CHANGED Viewed

@@ -68,6 +68,12 @@ class Brakeman::Tracker
     }
   end
+  def add_errors exceptions
+    exceptions.each do |e|
+      error(e)
+    end
+  end
   #Run a set of checks on the current information. Results will be stored
   #in Tracker#checks.
   def run_checks

data/lib/brakeman/tracker/controller.rb CHANGED Viewed

@@ -125,7 +125,7 @@ module Brakeman
         value = args[-1][2]
         case value.node_type
         when :array
-          filter[option] = value.sexp_body.map {|v| v[1] }
+          filter[option] = value[1..-1].map {|v| v[1] }
         when :lit, :str
           filter[option] = value[1]
         else

data/lib/brakeman/util.rb CHANGED Viewed

@@ -321,7 +321,7 @@ module Brakeman::Util
       if node_type? current, :class
         return true
       elsif sexp? current
-        todo = current.sexp_body.concat todo
+        todo = current[1..-1].concat todo
       end
     end
@@ -334,7 +334,7 @@ module Brakeman::Util
     if args.empty? or args.first.empty?
       #nothing to do
     elsif node_type? args.first, :arglist
-      call.concat args.first.sexp_body
+      call.concat args.first[1..-1]
     elsif args.first.node_type.is_a? Sexp #just a list of args
       call.concat args.first
     else
@@ -368,8 +368,13 @@ module Brakeman::Util
   #
   # views/test/something.html.erb -> test/something
   def template_path_to_name path
-    names = path.relative.split("/")
+    names = path.relative.split('/')
     names.last.gsub!(/(\.(html|js)\..*|\.(rhtml|haml|erb|slim))$/, '')
-    names[(names.index("views") + 1)..-1].join("/").to_sym
+    if names.include? 'views'
+      names[(names.index('views') + 1)..-1]
+    else
+      names
+    end.join('/').to_sym
   end
 end

data/lib/brakeman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "4.10.1"
+  Version = "5.0.0.pre1"
 end

data/lib/brakeman/warning_codes.rb CHANGED Viewed

@@ -119,6 +119,8 @@ module Brakeman::WarningCodes
     :CVE_2020_8159 => 115,
     :CVE_2020_8166 => 116,
     :erb_template_injection => 117,
+    :http_verb_confusion => 118,
+    :unsafe_method_reflection => 119,
     :custom_check => 9090,
   }

data/lib/ruby_parser/bm_sexp.rb CHANGED Viewed

@@ -175,7 +175,7 @@ class Sexp
     start_index = 3
     if exp.is_a? Sexp and exp.node_type == :arglist
-      exp = exp.sexp_body
+      exp = exp[1..-1]
     end
     exp.each_with_index do |e, i|
@@ -198,10 +198,10 @@ class Sexp
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
-      self.sexp_body(3).unshift :arglist
+      self[3..-1].unshift :arglist
     when :super, :zsuper
       if self[1]
-        self.sexp_body.unshift :arglist
+        self[1..-1].unshift :arglist
       else
         Sexp.new(:arglist)
       end
@@ -218,13 +218,13 @@ class Sexp
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
       if self[3]
-        self.sexp_body(3)
+        self[3..-1]
       else
         Sexp.new
       end
     when :super, :zsuper
       if self[1]
-        self.sexp_body
+        self[1..-1]
       else
         Sexp.new
       end
@@ -512,7 +512,7 @@ class Sexp
     self.slice!(index..-1) #Remove old body
     if exp.first == :rlist
-      exp = exp.sexp_body
+      exp = exp[1..-1]
     end
     #Insert new body
@@ -529,11 +529,11 @@ class Sexp
     case self.node_type
     when :defn, :class
-      self.sexp_body(3)
+      self[3..-1]
     when :defs
-      self.sexp_body(4)
+      self[4..-1]
     when :module
-      self.sexp_body(2)
+      self[2..-1]
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 4.10.1
+  version: 5.0.0.pre1
 platform: ruby
 authors:
 - Justin Collins
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-25 00:00:00.000000000 Z
+date: 2020-11-18 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -56,46 +56,46 @@ files:
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/tiny.rb
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/util.rb
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/setup.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/CHANGELOG.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/FAQ.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/Gemfile
-- bundle/ruby/2.7.0/gems/haml-5.2.1/MIT-LICENSE
-- bundle/ruby/2.7.0/gems/haml-5.2.1/README.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/REFERENCE.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/TODO
-- bundle/ruby/2.7.0/gems/haml-5.2.1/haml.gemspec
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_builder.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_compiler.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_parser.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/buffer.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/compiler.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/engine.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/error.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/exec.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/filters.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/generator.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_extensions.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_xss_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubi_template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubis_template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/xss_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/options.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/parser.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/plugin.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/railtie.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/sass_rails_filter.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template/options.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_engine.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_line_counter.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/util.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/version.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/fulldoc/html/css/common.sass
-- bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/layout/html/footer.erb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/CHANGELOG.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/FAQ.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/Gemfile
+- bundle/ruby/2.7.0/gems/haml-5.2.0/MIT-LICENSE
+- bundle/ruby/2.7.0/gems/haml-5.2.0/README.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/REFERENCE.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/TODO
+- bundle/ruby/2.7.0/gems/haml-5.2.0/haml.gemspec
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_builder.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_compiler.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_parser.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/buffer.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/compiler.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/engine.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/error.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/escapable.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/exec.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/filters.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/generator.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_extensions.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_xss_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubi_template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubis_template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/xss_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/options.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/parser.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/plugin.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/railtie.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/sass_rails_filter.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template/options.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_engine.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_line_counter.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/util.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/version.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/fulldoc/html/css/common.sass
+- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/layout/html/footer.erb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/AUTHORS
 - bundle/ruby/2.7.0/gems/highline-2.0.3/COPYING
 - bundle/ruby/2.7.0/gems/highline-2.0.3/Changelog.md
@@ -132,60 +132,6 @@ files:
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/History.rdoc
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
@@ -502,8 +448,10 @@ files:
 - lib/brakeman/checks/check_template_injection.rb
 - lib/brakeman/checks/check_translate_bug.rb
 - lib/brakeman/checks/check_unsafe_reflection.rb
+- lib/brakeman/checks/check_unsafe_reflection_methods.rb
 - lib/brakeman/checks/check_unscoped_find.rb
 - lib/brakeman/checks/check_validation_regex.rb
+- lib/brakeman/checks/check_verb_confusion.rb
 - lib/brakeman/checks/check_weak_hash.rb
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_xml_dos.rb
@@ -534,6 +482,7 @@ files:
 - lib/brakeman/processors/haml_template_processor.rb
 - lib/brakeman/processors/lib/basic_processor.rb
 - lib/brakeman/processors/lib/call_conversion_helper.rb
+- lib/brakeman/processors/lib/file_type_detector.rb
 - lib/brakeman/processors/lib/find_all_calls.rb
 - lib/brakeman/processors/lib/find_call.rb
 - lib/brakeman/processors/lib/find_return_value.rb
@@ -570,6 +519,7 @@ files:
 - lib/brakeman/report/report_junit.rb
 - lib/brakeman/report/report_markdown.rb
 - lib/brakeman/report/report_sarif.rb
+- lib/brakeman/report/report_sonar.rb
 - lib/brakeman/report/report_table.rb
 - lib/brakeman/report/report_tabs.rb
 - lib/brakeman/report/report_text.rb
@@ -619,12 +569,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.1.2
 signing_key:

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile DELETED Viewed

@@ -1,6 +0,0 @@
-source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-# Specify your gem's dependencies in rexml.gemspec
-gemspec

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt DELETED Viewed

@@ -1,22 +0,0 @@
-Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md DELETED Viewed

@@ -1,141 +0,0 @@
-# News
-## 3.2.4 - 2020-01-31 {#version-3-2-4}
-### Improvements
-  * Don't use `taint` with Ruby 2.7 or later.
-    [GitHub#21][Patch by Jeremy Evans]
-### Fixes
-  * Fixed a `elsif` typo.
-    [GitHub#22][Patch by Nobuyoshi Nakada]
-### Thanks
-  * Jeremy Evans
-  * Nobuyoshi Nakada
-## 3.2.3 - 2019-10-12 {#version-3-2-3}
-### Fixes
-  * Fixed a bug that `REXML::XMLDecl#close` doesn't copy `@writethis`.
-    [GitHub#20][Patch by hirura]
-### Thanks
-  * hirura
-## 3.2.2 - 2019-06-03 {#version-3-2-2}
-### Fixes
-  * xpath: Fixed a bug for equality and relational expressions.
-    [GitHub#17][Reported by Mirko Budszuhn]
-  * xpath: Fixed `boolean()` implementation.
-  * xpath: Fixed `local_name()` with nonexistent node.
-  * xpath: Fixed `number()` implementation with node set.
-    [GitHub#18][Reported by Mirko Budszuhn]
-### Thanks
-  * Mirko Budszuhn
-## 3.2.1 - 2019-05-04 {#version-3-2-1}
-### Improvements
-  * Improved error message.
-    [GitHub#12][Patch by FUJI Goro]
-  * Improved error message.
-    [GitHub#16][Patch by ujihisa]
-  * Improved documentation markup.
-    [GitHub#14][Patch by Alyssa Ross]
-### Fixes
-  * Fixed a bug that `nil` variable value raises an unexpected exception.
-    [GitHub#13][Patch by Alyssa Ross]
-### Thanks
-  * FUJI Goro
-  * Alyssa Ross
-  * ujihisa
-## 3.2.0 - 2019-01-01 {#version-3-2-0}
-### Fixes
-  * Fixed a bug that no namespace attribute isn't matched with prefix.
-    [ruby-list:50731][Reported by Yasuhiro KIMURA]
-  * Fixed a bug that the default namespace is applied to attribute names.
-    NOTE: It's a backward incompatible change. If your program has any
-    problem with this change, please report it. We may revert this fix.
-    * `REXML::Attribute#prefix` returns `""` for no namespace attribute.
-    * `REXML::Attribute#namespace` returns `""` for no namespace attribute.
-### Thanks
-  * Yasuhiro KIMURA
-## 3.1.9 - 2018-12-20 {#version-3-1-9}
-### Improvements
-  * Improved backward compatibility.
-    Restored `REXML::Parsers::BaseParser::UNQME_STR` because it's used
-    by kramdown.
-## 3.1.8 - 2018-12-20 {#version-3-1-8}
-### Improvements
-  * Added support for customizing quote character in prologue.
-    [GitHub#8][Bug #9367][Reported by Takashi Oguma]
-    * You can use `"` as quote character by specifying `:quote` to
-      `REXML::Document#context[:prologue_quote]`.
-    * You can use `'` as quote character by specifying `:apostrophe`
-      to `REXML::Document#context[:prologue_quote]`.
-  * Added processing instruction target check. The target must not nil.
-    [GitHub#7][Reported by Ariel Zelivansky]
-  * Added name check for element and attribute.
-    [GitHub#7][Reported by Ariel Zelivansky]
-  * Stopped to use `Exception`.
-    [GitHub#9][Patch by Jean Boussier]
-### Fixes
-  * Fixed a bug that `REXML::Text#clone` escapes value twice.
-    [ruby-dev:50626][Bug #15058][Reported by Ryosuke Nanba]
-### Thanks
-  * Takashi Oguma
-  * Ariel Zelivansky
-  * Jean Boussier
-  * Ryosuke Nanba