• Report Formats
  • Add GitHub Actions format (Klaus Badelt)
  • Add ignored warnings to SARIF report (Eli Block)
  • Fix SARIF report when checks have no description (Eli Block)
  • Adjust copy of --interactive menu (Elia Schito)
• Performance
  • Read and parse files in parallel
• Ruby Interpretation
  • Initial support for ActiveRecord enums (#1492)
  • Interprocedural dataflow from very simple class methods
  • Support Array#fetch and Hash#fetch (#1571)
  • Support Array#push
  • Support Array#*
  • Better Array#join support
  • Support Hash#values and Hash#values_at
  • Support Hash#include?
• SQL Injection
  • Update SQL injection check for Rails 6.0/6.1
  • Add --sql-safe-methods option (Esty Scheiner)
  • Ignore dates in SQL
  • Ignore sanitize_sql_like in SQL (#1571)
  • Ignore method calls on numbers in SQL (#1571)
• Other Fixes
  • Ignore renderables in dynamic render path check (Brad Parker)
  • Fix false positive in command injection with Open3.capture (Richard Fitzgerald)
  • Fix infinite loop on mixin self-includes (Andrew Szczepanski)
  • Check for user-controlled evaluation even if it's a call target (#1590)
• Refactoring
  • Refactor cookie?/param? methods (Keenan Brock)
  • Better method definition tracking and lookup