Skip to content

build(deps): bump image_processing from 1.14.0 to 2.0.2#940

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/image_processing-2.0.1
Open

build(deps): bump image_processing from 1.14.0 to 2.0.2#940
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/image_processing-2.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps image_processing from 1.14.0 to 2.0.2.

Changelog

Sourced from image_processing's changelog.

2.0.2 (2026-06-03)

  • Raise LoadError instead of ImageProcessing::Error when soft dependencies are missing (@​bdewater-thatch)

2.0.1 (2026-05-22)

  • [minimagick] Prevent remote shell execution when passing loader/saver options from user input

2.0.0 (2026-05-20)

  • mini_magick/ruby-vips are now soft dependencies and need to be manually added to the Gemfile (@​janko)

  • Avoid remote shell execution vulnerability in #apply when arguments are coming from user input (@​janko)

  • [vips] Unfuzzed loaders are now blocked by default (@​janko)

  • [vips] Sharpening after resize has been disabled by default (@​janko)

  • [minimagick] Remove deprecated :compose and :geometry keyword arguments for #composite (@​janko)

  • Ruby 3.0+ is now required (@​janko)

Commits
  • 7d89c01 Bump to 2.0.2
  • 7f38304 Create a new LoadError for missing dependencies
  • 996862c Warn and reraise LoadError instead of raising custom error (#143)
  • a64dbd5 Inline dhash-vips
  • 9489387 Bump to 2.0.1
  • 31b3d91 Prevent remote shell execution in loader/saver minimagick options
  • cd1353d Bump to 2.0.0
  • fb1c0ed Update documentation with recent changes
  • f9a1379 Use double quotes
  • ad46160 Add IRB and Benchmark to Gemfile
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies ruby Pull requests that update Ruby code labels Jun 2, 2026
@dependabot dependabot Bot changed the title build(deps): bump image_processing from 1.14.0 to 2.0.1 build(deps): bump image_processing from 1.14.0 to 2.0.2 Jun 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/bundler/image_processing-2.0.1 branch from 732cb82 to db51980 Compare June 4, 2026 01:22
@dependabot
build(deps): bump image_processing from 1.14.0 to 2.0.2
74fa147 
Bumps [image_processing](https://github.com/janko/image_processing) from 1.14.0 to 2.0.2.
- [Changelog](https://github.com/janko/image_processing/blob/master/CHANGELOG.md)
- [Commits](janko/image_processing@v1.14.0...v2.0.2)

---
updated-dependencies:
- dependency-name: image_processing
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/image_processing-2.0.1 branch from db51980 to 74fa147 Compare June 4, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@maxfierke maxfierke

Labels

dependencies ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maxfierke