leopic
commented
5 years ago For what is worth, this probably not very Gucci but I manually updated the dependency for my (iOS only) project and the gem is still working. I updated to mini_magick (>= 4.9.4, < 5.0.0)
HazAT
I am using this with fastlane and it has been great. However Githubs new auto security bot is telling me that the mini_magick version specified (4.5) has a vulnerability and needs updated.
This is the issue found
https://nvd.nist.gov/vuln/detail/CVE-2019-13574