Bump carrierwave from 2.0.2 to 2.1.1 (!1265) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/carrierwave-2.1.1 into master Feb 09, 2021

Bumps carrierwave from 2.0.2 to 2.1.1.

Changelog

2.1.1 - 2021-02-08

Security

Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)

Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

2.1.0 - 2020-02-16

Added

Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)

Fixed

Fix Ruby 2.7 deprecations(@mshibuya 9a37fc9e)

Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@Bonias #2439)

Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@p8 #2437)

Commits

003e2ce Version 2.1.1
15bcf8d Fix Code Injection vulnerability in CarrierWave::RMagick
e0f79e3 Fix SSRF vulnerability in the remote file download feature
3356634 Version 2.1.0
8964775 Merge pull request #2444 from inkoop/backblaze-private-bucket-support
9a37fc9 Test against Ruby 2.7
3dfacea backblaze authenticated_url spec added
caf9018 merged master
e39194f Merge pull request #2438 from jaredbeck/patch-2
21a0061 Merge pull request #2439 from Bonias/aws-use-proper-region-for-path-style-url
Additional commits viewable in compare view

Bump carrierwave from 2.0.2 to 2.1.1

2.1.1 - 2021-02-08

Security

2.1.0 - 2020-02-16

Added

Fixed

Merge request reports