mini_magick dependency contains security vulnerability #15044
Comments
|
Already done, PR is merged: #15042 Thanks for reporting! (Keeping this issue open until the release is out so we don't get many more of this.) |
|
Just curious, how soon is soon for the release? |
|
Thanks everyone, this seems to have been shipped now 🚀 #15042 (comment) |
2 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Request
The mini_magick gem has a security vulnerability for versions less than 4.9.4. The current version used by fastlane is 4.5.1. https://nvd.nist.gov/vuln/detail/CVE-2019-13574
Motivation Behind Feature
Github is notifying projects that contain security vulnerabilities via email and on push so my organization continues to get notified about this vulnerability. Upgrading the version of this gem to one that does not contain a known vulnerability will make the notifications go away.
The text was updated successfully, but these errors were encountered: