Closed depfu[bot] closed 5 months ago
Sorry, but the merge failed with:
At least 1 approving review is required by reviewers with write access. You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ carrierwave (3.0.6 → 3.0.7) · Repo · Changelog
Security Advisories 🚨
🚨 CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Release Notes
3.0.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 2 commits:
Version 3.0.7
Fix Content-Type allowlist bypass vulnerability remained
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands