Bump carrierwave from 1.3.2 to 2.2.2

[dependabot[bot]]

Bumps carrierwave from 1.3.2 to 2.2.2.

Release notes

Sourced from carrierwave's releases.

2.2.2

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

2.1.0

Added

• Support authenticated_url for Blackblaze provider(@​kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@​mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@​Bonias #2439)

... (truncated)

Changelog

Sourced from carrierwave's changelog.

2.2.2 - 2021-05-28

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1 - 2021-03-30

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0 - 2021-02-23

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1 - 2021-02-08

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya e0f79e36, GHSA-fwcm-636p-68r5)

2.1.0 - 2020-02-16

Added

• Support authenticated_url for Blackblaze provider(@​kevivmatrix #2444)

Fixed

• Fix Ruby 2.7 deprecations(@​mshibuya 9a37fc9e)
• Fix S3 path-style URL for host with dots for buckets that are placed in other regions than us-east-1(@​Bonias #2439)

... (truncated)

Commits

• 32abf5b Version 2.2.2
• 61acca5 Mark ruby-head build as experimental
• 30fbb75 Merge pull request #2569 from maratgaliev/google_comment_fix
• 48c1b19 Fix typo in google config
• d50d80e Fix Ruby 3.0 builds
• 1c7bdd2 Merge pull request #2562 from pjmartorell/fix/csv-file-content-type
• 68e41d2 Fix bug when reading content_type from a CSV object linked to a file
• 2dba2c1 Version 2.2.1
• 3f80967 Merge pull request #2551 from pjmartorell/fix/replace-mimemagic-with-marcel
• 3cefc38 Replace mimemagic with marcel gem
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[eitoball]

@dependabot rebase

[eitoball]

@dependabot rebase

[dependabot[bot]]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.