Skip to content

Commit

Permalink
Update mimemagic
Browse files Browse the repository at this point in the history 
All versions prior to 0.3.6 have been pulled by the developer, presumably due to a security vulnerability. [1]

[1] Conversation on the repo mimemagicrb/mimemagic#98
  • Loading branch information
@CristinaRO
CristinaRO committed Mar 24, 2021
1 parent c18c736 commit dfdfb90
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ GEM
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2020.1104)
mimemagic (0.3.5)
mimemagic (0.3.6)
mini_mime (1.0.2)
mini_portile2 (2.5.0)
mini_racer (0.3.1)
Expand Down

3 comments on commit dfdfb90

@liamjones
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

presumably due to a security vulnerability

No, this was down to a licensing issue (see mimemagicrb/mimemagic#97). Be aware that by switching to 0.3.6 you are now including GPL licensed code which may have a knock-on effect on the licensing of this repo.

@pboling
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CristinaRO indeed this change, if kept, would force this project to be released under the GPL instead of MIT license. If that's not desirable, then follow along with the effort to release a 0.3.7 version of the gem that is back to the MIT license.
jellybob/mimemagic#3

@CristinaRO
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you both, indeed we at dxw are closely following the latest developments of the Evergreen Mimemagic Situation. :)

Please sign in to comment.