From 40dda5833bc443634e8be7409ce97ee8bb61c86f Mon Sep 17 00:00:00 2001
From: ulferts <jens.ulferts@googlemail.com>
Date: Tue, 9 Feb 2021 21:58:52 +0100
Subject: [PATCH] bump carrierwave

Fixes https://nvd.nist.gov/vuln/detail/CVE-2021-21288 and https://nvd.nist.gov/vuln/detail/CVE-2021-21305
---
 Gemfile.lock                                           | 6 ++++--
 lib/open_project/patches/carrierwave_sanitized_file.rb | 2 +-
 lib/open_project/patches/fog_file.rb                   | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 35cd8be3a0d..8d8a0c62470 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -317,10 +317,11 @@ GEM
     capybara-screenshot (1.0.25)
       capybara (>= 1.0, < 4)
       launchy
-    carrierwave (1.3.1)
+    carrierwave (1.3.2)
       activemodel (>= 4.0.0)
       activesupport (>= 4.0.0)
       mime-types (>= 1.16)
+      ssrf_filter (~> 1.0)
     carrierwave_direct (2.1.0)
       carrierwave (>= 1.0.0)
       fog-aws
@@ -512,7 +513,7 @@ GEM
       domain_name (~> 0.5)
     http_parser.rb (0.6.0)
     httpclient (2.8.3)
-    i18n (1.8.7)
+    i18n (1.8.8)
       concurrent-ruby (~> 1.0)
     i18n-js (3.8.0)
       i18n (>= 0.6.6)
@@ -850,6 +851,7 @@ GEM
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
+    ssrf_filter (1.0.7)
     stackprof (0.2.16)
     stringex (2.8.5)
     structured_warnings (0.4.0)
diff --git a/lib/open_project/patches/carrierwave_sanitized_file.rb b/lib/open_project/patches/carrierwave_sanitized_file.rb
index 8951e55e8fc..f838ce63b6c 100644
--- a/lib/open_project/patches/carrierwave_sanitized_file.rb
+++ b/lib/open_project/patches/carrierwave_sanitized_file.rb
@@ -6,7 +6,7 @@ require 'carrierwave/storage/fog'
 #
 # @todo Upgrade to CarrierWave 2.0.2 to make this patch obsolete.
 
-if Gem.loaded_specs["carrierwave"].version > Gem::Version.new('1.3.1')
+if Gem.loaded_specs["carrierwave"].version > Gem::Version.new('1.3.2')
   raise "Check if these patches of Carrierwave are still required"
 end
 
diff --git a/lib/open_project/patches/fog_file.rb b/lib/open_project/patches/fog_file.rb
index 4265dc6ea3b..d9461a3acf2 100644
--- a/lib/open_project/patches/fog_file.rb
+++ b/lib/open_project/patches/fog_file.rb
@@ -1,4 +1,4 @@
-if Gem.loaded_specs["carrierwave"].version > Gem::Version.new('1.3.1')
+if Gem.loaded_specs["carrierwave"].version > Gem::Version.new('1.3.2')
   raise "Check if these patches of Carrierwave are still required"
 end