RubyGems - brakeman - Versions diffs - 4.10.1 → 5.0.0.pre1 - Mend

brakeman 4.10.1 → 5.0.0.pre1

Files changed (123) hide show

data/lib/brakeman/tracker.rb CHANGED Viewed

@@ -68,6 +68,12 @@ class Brakeman::Tracker
     }
   end
+  def add_errors exceptions
+    exceptions.each do |e|
+      error(e)
+    end
+  end
   #Run a set of checks on the current information. Results will be stored
   #in Tracker#checks.
   def run_checks

data/lib/brakeman/tracker/controller.rb CHANGED Viewed

@@ -125,7 +125,7 @@ module Brakeman
         value = args[-1][2]
         case value.node_type
         when :array
-          filter[option] = value.sexp_body.map {|v| v[1] }
+          filter[option] = value[1..-1].map {|v| v[1] }
         when :lit, :str
           filter[option] = value[1]
         else

data/lib/brakeman/util.rb CHANGED Viewed

@@ -321,7 +321,7 @@ module Brakeman::Util
       if node_type? current, :class
         return true
       elsif sexp? current
-        todo = current.sexp_body.concat todo
+        todo = current[1..-1].concat todo
       end
     end
@@ -334,7 +334,7 @@ module Brakeman::Util
     if args.empty? or args.first.empty?
       #nothing to do
     elsif node_type? args.first, :arglist
-      call.concat args.first.sexp_body
+      call.concat args.first[1..-1]
     elsif args.first.node_type.is_a? Sexp #just a list of args
       call.concat args.first
     else
@@ -368,8 +368,13 @@ module Brakeman::Util
   #
   # views/test/something.html.erb -> test/something
   def template_path_to_name path
-    names = path.relative.split("/")
+    names = path.relative.split('/')
     names.last.gsub!(/(\.(html|js)\..*|\.(rhtml|haml|erb|slim))$/, '')
-    names[(names.index("views") + 1)..-1].join("/").to_sym
+    if names.include? 'views'
+      names[(names.index('views') + 1)..-1]
+    else
+      names
+    end.join('/').to_sym
   end
 end

data/lib/brakeman/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Brakeman
-  Version = "4.10.1"
+  Version = "5.0.0.pre1"
 end

data/lib/brakeman/warning_codes.rb CHANGED Viewed

@@ -119,6 +119,8 @@ module Brakeman::WarningCodes
     :CVE_2020_8159 => 115,
     :CVE_2020_8166 => 116,
     :erb_template_injection => 117,
+    :http_verb_confusion => 118,
+    :unsafe_method_reflection => 119,
     :custom_check => 9090,
   }

data/lib/ruby_parser/bm_sexp.rb CHANGED Viewed

@@ -175,7 +175,7 @@ class Sexp
     start_index = 3
     if exp.is_a? Sexp and exp.node_type == :arglist
-      exp = exp.sexp_body
+      exp = exp[1..-1]
     end
     exp.each_with_index do |e, i|
@@ -198,10 +198,10 @@ class Sexp
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
-      self.sexp_body(3).unshift :arglist
+      self[3..-1].unshift :arglist
     when :super, :zsuper
       if self[1]
-        self.sexp_body.unshift :arglist
+        self[1..-1].unshift :arglist
       else
         Sexp.new(:arglist)
       end
@@ -218,13 +218,13 @@ class Sexp
     case self.node_type
     when :call, :attrasgn, :safe_call, :safe_attrasgn
       if self[3]
-        self.sexp_body(3)
+        self[3..-1]
       else
         Sexp.new
       end
     when :super, :zsuper
       if self[1]
-        self.sexp_body
+        self[1..-1]
       else
         Sexp.new
       end
@@ -512,7 +512,7 @@ class Sexp
     self.slice!(index..-1) #Remove old body
     if exp.first == :rlist
-      exp = exp.sexp_body
+      exp = exp[1..-1]
     end
     #Insert new body
@@ -529,11 +529,11 @@ class Sexp
     case self.node_type
     when :defn, :class
-      self.sexp_body(3)
+      self[3..-1]
     when :defs
-      self.sexp_body(4)
+      self[4..-1]
     when :module
-      self.sexp_body(2)
+      self[2..-1]
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: brakeman
 version: !ruby/object:Gem::Version
-  version: 4.10.1
+  version: 5.0.0.pre1
 platform: ruby
 authors:
 - Justin Collins
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-25 00:00:00.000000000 Z
+date: 2020-11-18 00:00:00.000000000 Z
 dependencies: []
 description: Brakeman detects security vulnerabilities in Ruby on Rails applications
   via static analysis.
@@ -56,46 +56,46 @@ files:
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/tiny.rb
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/lib/erubis/util.rb
 - bundle/ruby/2.7.0/gems/erubis-2.7.0/setup.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/CHANGELOG.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/FAQ.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/Gemfile
-- bundle/ruby/2.7.0/gems/haml-5.2.1/MIT-LICENSE
-- bundle/ruby/2.7.0/gems/haml-5.2.1/README.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/REFERENCE.md
-- bundle/ruby/2.7.0/gems/haml-5.2.1/TODO
-- bundle/ruby/2.7.0/gems/haml-5.2.1/haml.gemspec
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_builder.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_compiler.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/attribute_parser.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/buffer.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/compiler.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/engine.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/error.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/escapable.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/exec.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/filters.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/generator.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_extensions.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/action_view_xss_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubi_template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/safe_erubis_template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/helpers/xss_mods.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/options.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/parser.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/plugin.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/railtie.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/sass_rails_filter.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/template/options.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_engine.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/temple_line_counter.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/util.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/lib/haml/version.rb
-- bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/fulldoc/html/css/common.sass
-- bundle/ruby/2.7.0/gems/haml-5.2.1/yard/default/layout/html/footer.erb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/CHANGELOG.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/FAQ.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/Gemfile
+- bundle/ruby/2.7.0/gems/haml-5.2.0/MIT-LICENSE
+- bundle/ruby/2.7.0/gems/haml-5.2.0/README.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/REFERENCE.md
+- bundle/ruby/2.7.0/gems/haml-5.2.0/TODO
+- bundle/ruby/2.7.0/gems/haml-5.2.0/haml.gemspec
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_builder.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_compiler.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/attribute_parser.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/buffer.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/compiler.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/engine.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/error.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/escapable.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/exec.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/filters.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/generator.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_extensions.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/action_view_xss_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubi_template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/safe_erubis_template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/helpers/xss_mods.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/options.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/parser.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/plugin.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/railtie.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/sass_rails_filter.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/template/options.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_engine.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/temple_line_counter.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/util.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/lib/haml/version.rb
+- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/fulldoc/html/css/common.sass
+- bundle/ruby/2.7.0/gems/haml-5.2.0/yard/default/layout/html/footer.erb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/AUTHORS
 - bundle/ruby/2.7.0/gems/highline-2.0.3/COPYING
 - bundle/ruby/2.7.0/gems/highline-2.0.3/Changelog.md
@@ -132,60 +132,6 @@ files:
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/terminal/unix_stty.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/version.rb
 - bundle/ruby/2.7.0/gems/highline-2.0.3/lib/highline/wrapper.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/README.md
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attlistdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/attribute.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/cdata.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/child.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/comment.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/doctype.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/document.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/attlistdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/dtd.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/elementdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/entitydecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/dtd/notationdecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/element.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/encoding.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/entity.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/default.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/pretty.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/formatters/transitive.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/functions.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/instruction.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/light/node.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/namespace.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/node.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/output.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parent.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parseexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/baseparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/lightparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/pullparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/sax2parser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/streamparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/treeparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/ultralightparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/parsers/xpathparser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/quickpath.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/rexml.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/sax2listener.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/security.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/source.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/streamlistener.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/text.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/undefinednamespaceexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/relaxng.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validation.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/validation/validationexception.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmldecl.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xmltokens.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/lib/rexml/xpath_parser.rb
-- bundle/ruby/2.7.0/gems/rexml-3.2.4/rexml.gemspec
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/History.rdoc
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/Manifest.txt
 - bundle/ruby/2.7.0/gems/ruby2ruby-2.4.4/README.rdoc
@@ -502,8 +448,10 @@ files:
 - lib/brakeman/checks/check_template_injection.rb
 - lib/brakeman/checks/check_translate_bug.rb
 - lib/brakeman/checks/check_unsafe_reflection.rb
+- lib/brakeman/checks/check_unsafe_reflection_methods.rb
 - lib/brakeman/checks/check_unscoped_find.rb
 - lib/brakeman/checks/check_validation_regex.rb
+- lib/brakeman/checks/check_verb_confusion.rb
 - lib/brakeman/checks/check_weak_hash.rb
 - lib/brakeman/checks/check_without_protection.rb
 - lib/brakeman/checks/check_xml_dos.rb
@@ -534,6 +482,7 @@ files:
 - lib/brakeman/processors/haml_template_processor.rb
 - lib/brakeman/processors/lib/basic_processor.rb
 - lib/brakeman/processors/lib/call_conversion_helper.rb
+- lib/brakeman/processors/lib/file_type_detector.rb
 - lib/brakeman/processors/lib/find_all_calls.rb
 - lib/brakeman/processors/lib/find_call.rb
 - lib/brakeman/processors/lib/find_return_value.rb
@@ -570,6 +519,7 @@ files:
 - lib/brakeman/report/report_junit.rb
 - lib/brakeman/report/report_markdown.rb
 - lib/brakeman/report/report_sarif.rb
+- lib/brakeman/report/report_sonar.rb
 - lib/brakeman/report/report_table.rb
 - lib/brakeman/report/report_tabs.rb
 - lib/brakeman/report/report_text.rb
@@ -619,12 +569,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.1.2
 signing_key:

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/Gemfile DELETED Viewed

@@ -1,6 +0,0 @@
-source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-# Specify your gem's dependencies in rexml.gemspec
-gemspec

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/LICENSE.txt DELETED Viewed

@@ -1,22 +0,0 @@
-Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.

data/bundle/ruby/2.7.0/gems/rexml-3.2.4/NEWS.md DELETED Viewed

@@ -1,141 +0,0 @@
-# News
-## 3.2.4 - 2020-01-31 {#version-3-2-4}
-### Improvements
-  * Don't use `taint` with Ruby 2.7 or later.
-    [GitHub#21][Patch by Jeremy Evans]
-### Fixes
-  * Fixed a `elsif` typo.
-    [GitHub#22][Patch by Nobuyoshi Nakada]
-### Thanks
-  * Jeremy Evans
-  * Nobuyoshi Nakada
-## 3.2.3 - 2019-10-12 {#version-3-2-3}
-### Fixes
-  * Fixed a bug that `REXML::XMLDecl#close` doesn't copy `@writethis`.
-    [GitHub#20][Patch by hirura]
-### Thanks
-  * hirura
-## 3.2.2 - 2019-06-03 {#version-3-2-2}
-### Fixes
-  * xpath: Fixed a bug for equality and relational expressions.
-    [GitHub#17][Reported by Mirko Budszuhn]
-  * xpath: Fixed `boolean()` implementation.
-  * xpath: Fixed `local_name()` with nonexistent node.
-  * xpath: Fixed `number()` implementation with node set.
-    [GitHub#18][Reported by Mirko Budszuhn]
-### Thanks
-  * Mirko Budszuhn
-## 3.2.1 - 2019-05-04 {#version-3-2-1}
-### Improvements
-  * Improved error message.
-    [GitHub#12][Patch by FUJI Goro]
-  * Improved error message.
-    [GitHub#16][Patch by ujihisa]
-  * Improved documentation markup.
-    [GitHub#14][Patch by Alyssa Ross]
-### Fixes
-  * Fixed a bug that `nil` variable value raises an unexpected exception.
-    [GitHub#13][Patch by Alyssa Ross]
-### Thanks
-  * FUJI Goro
-  * Alyssa Ross
-  * ujihisa
-## 3.2.0 - 2019-01-01 {#version-3-2-0}
-### Fixes
-  * Fixed a bug that no namespace attribute isn't matched with prefix.
-    [ruby-list:50731][Reported by Yasuhiro KIMURA]
-  * Fixed a bug that the default namespace is applied to attribute names.
-    NOTE: It's a backward incompatible change. If your program has any
-    problem with this change, please report it. We may revert this fix.
-    * `REXML::Attribute#prefix` returns `""` for no namespace attribute.
-    * `REXML::Attribute#namespace` returns `""` for no namespace attribute.
-### Thanks
-  * Yasuhiro KIMURA
-## 3.1.9 - 2018-12-20 {#version-3-1-9}
-### Improvements
-  * Improved backward compatibility.
-    Restored `REXML::Parsers::BaseParser::UNQME_STR` because it's used
-    by kramdown.
-## 3.1.8 - 2018-12-20 {#version-3-1-8}
-### Improvements
-  * Added support for customizing quote character in prologue.
-    [GitHub#8][Bug #9367][Reported by Takashi Oguma]
-    * You can use `"` as quote character by specifying `:quote` to
-      `REXML::Document#context[:prologue_quote]`.
-    * You can use `'` as quote character by specifying `:apostrophe`
-      to `REXML::Document#context[:prologue_quote]`.
-  * Added processing instruction target check. The target must not nil.
-    [GitHub#7][Reported by Ariel Zelivansky]
-  * Added name check for element and attribute.
-    [GitHub#7][Reported by Ariel Zelivansky]
-  * Stopped to use `Exception`.
-    [GitHub#9][Patch by Jean Boussier]
-### Fixes
-  * Fixed a bug that `REXML::Text#clone` escapes value twice.
-    [ruby-dev:50626][Bug #15058][Reported by Ryosuke Nanba]
-### Thanks
-  * Takashi Oguma
-  * Ariel Zelivansky
-  * Jean Boussier
-  * Ryosuke Nanba