Bump carrierwave from 2.0.2 to 2.2.0

Bumps carrierwave from 2.0.2 to 2.2.0.

Release notes

Sourced from carrierwave's releases.

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables [@​versions](https://github.com/versions)_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of [@​cache](https://github.com/cache)_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

2.1.0

Added

• Support authenticated_url for Blackblaze provider(@​kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@​mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@​Bonias #2439)
• Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@​p8 #2437)

Changelog

Sourced from carrierwave's changelog.

2.2.0 - 2021-02-23

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables [@​versions](https://github.com/versions)_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of [@​cache](https://github.com/cache)_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1 - 2021-02-08

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

2.1.0 - 2020-02-16

Added

• Support authenticated_url for Blackblaze provider(@​kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@​mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@​Bonias #2439)
• Make MiniMagick::Image constant absolute to prevent misleading 'uninitialized constant' error(@​p8 #2437)

Commits

• 13330a7 Version 2.2.0
• ae31743 Fix CI failures
• 4ae8dc6 Remove the #vips! block argument and #manipulate!
• e842197 Disable libvips image caching
• f23e9aa Merge pull request #2500 from rhymes/rhymes/add-vips
• 8b978ab Remove binding.pry
• aaa52b8 Merge branch 'master' into rhymes/add-vips
• f90e14c Calculate Fog expiration taking DST into account
• 657f259 Update model base class to ApplicationRecord
• 1a0da9b Use allowlist/denylist terminology also for README
• Additional commits viewable in compare view