Bump mini_magick from 4.9.3 to 4.9.4 (!896) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/mini_magick-4.9.4 into master Jul 12, 2019

Bumps mini_magick from 4.9.3 to 4.9.4.

Release notes

v4.9.4

Fixed a remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input (thanks to @rootxharsh)

Fixed some Ruby warnings (thanks to @koic)

Commits

293f9bb Bump to 4.9.4
4cd5081 Don't allow remote shell execution
152d33a Fix test failure
87e9059 Merge pull request #427 from koic/suppress_deprecation_warnings_in_production...
b5ce047 Suppress warning: instance variable [@processor_path](https://github.com/processor_path) not initialized
a74b73e Suppress warning: instance variable [@cli_path](https://github.com/cli_path) not initialized
6fca405 Suppress warning: instance variable [@cli](https://github.com/cli) not initialized
64560f5 Suppress warning: method redefined; discarding old debug=
563cc61 Suppress warning: method redefined; discarding old cli_path
2965e55 Suppress warning: method redefined; discarding old cli and cli=
Additional commits viewable in compare view

Bump mini_magick from 4.9.3 to 4.9.4

v4.9.4

Merge request reports