Upgrade httparty to 0.21
httparty
released 0.21.0
which contains a security fix.
- See https://github.com/jnunemaker/httparty/blob/master/Changelog.md#0210
- https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e
- https://github.com/advisories/GHSA-5pq7-52mg-hr42
Usage?
httparty
is wrapped as Gitlab::HTTP
and used widely at GitLab.
Confidential?
There's no security impact on GitLab. See #389079 (comment 1252646384)
The confidentiality is currently discussed in #389079 (comment 1254080374).
Refs
Edited by Peter Leitzen