Bump carrierwave from 2.0.2 to 2.2.0
Bumps carrierwave from 2.0.2 to 2.2.0.
Release notes
Sourced from carrierwave's releases.
2.2.0
Added
- libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- Support for the latest version of RMagick (@mshibuya 88f24451)
Deprecated
#(content_type|extension)_whitelist
,#(content_type|extension)_blacklist
are deprecated. Use#(content_type|extension)_allowlist
and#(content_type|extension)_denylist
instead (@grantbdev #2442, 4c3cac75)Fixed
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
[@versions](https://github.com/versions)_to_*
not initialized warning (@mshibuya c10b82ed, #2493)- Fix
SanitizedFile#move_to
wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495)- Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- Fix file's
#url
being called twice, which might be costly for non-local files (@skyeagle #2519)- Fix mime type detection failing with types which contain
+
symbol, such asimage/svg+xml
(@sylvainbx #2489)- Fix
#cached?
to return boolean instead of[@cache](https://github.com/cache)_id
value (@kmiyake #2510)- Fix mime type detection for MS Office files (@anthonypenner #2447)
Security
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)
2.1.1
Security
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)
2.1.0
Added
- Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)
Fixed
Changelog
Sourced from carrierwave's changelog.
2.2.0 - 2021-02-23
Added
- libvips support through ImageProcessing::Vips and ruby-vips (@rhymes #2500, e8421978, 4ae8dc64)
- Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@grantbdev #2442, 4c3cac75, #2491)
- Support for the latest version of RMagick (@mshibuya 88f24451)
Deprecated
#(content_type|extension)_whitelist
,#(content_type|extension)_blacklist
are deprecated. Use#(content_type|extension)_allowlist
and#(content_type|extension)_denylist
instead (@grantbdev #2442, 4c3cac75)Fixed
- Calculate Fog expiration taking DST into account (@mshibuya, f90e14ca, #2059)
- Set correct content type on copy of fog files (@ZuevEvgenii #2503, 6682f7ac, #2487)
- Fix fog-google support to pass acl_header for public read if fog is public (@yosiat #2525, #2426)
- Fix various URL escape issues by escaping on URI parse error only (@mshibuya 3faf7491, #2457, #2473)
- Fix instance variables
[@versions](https://github.com/versions)_to_*
not initialized warning (@mshibuya c10b82ed, #2493)- Fix
SanitizedFile#move_to
wrongly detects content_type based on the path before move (@mshibuya a42e1b4c, #2495)- Fix returning invalid content type on text files (@inkstak #2474, #2424)
- Skip content type and extension filters where possible (@alexpooley #2464)
- Fix file's
#url
being called twice, which might be costly for non-local files (@skyeagle #2519)- Fix mime type detection failing with types which contain
+
symbol, such asimage/svg+xml
(@sylvainbx #2489)- Fix
#cached?
to return boolean instead of[@cache](https://github.com/cache)_id
value (@kmiyake #2510)- Fix mime type detection for MS Office files (@anthonypenner #2447)
Security
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya 012702eb, GHSA-fwcm-636p-68r5)
2.1.1 - 2021-02-08
Security
- Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
- Fix SSRF vulnerability in the remote file download feature (@mshibuya e0f79e36, GHSA-fwcm-636p-68r5)
2.1.0 - 2020-02-16
Added
- Support authenticated_url for Blackblaze provider(@kevivmatrix #2444)
Fixed
Commits
-
13330a7
Version 2.2.0 -
ae31743
Fix CI failures -
4ae8dc6
Remove the #vips! block argument and #manipulate! -
e842197
Disable libvips image caching -
f23e9aa
Merge pull request #2500 from rhymes/rhymes/add-vips -
8b978ab
Remove binding.pry -
aaa52b8
Merge branch 'master' into rhymes/add-vips -
f90e14c
Calculate Fog expiration taking DST into account -
657f259
Update model base class to ApplicationRecord -
1a0da9b
Use allowlist/denylist terminology also for README - Additional commits viewable in compare view