search

bbc / hive-scheduler

MIT License
9 stars 8 forks source link

Bump paperclip from 4.3.7 to 5.2.0 #199

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps paperclip from 4.3.7 to 5.2.0.

Release notes

Sourced from paperclip's releases.

v5.1.0

  • Add default content_type_detector to UploadedFileAdapter (#2270)
  • Default S3 protocol to empty string (#2038)
  • Don't write original file if it wasn't reprocessed (#1993)
  • Disallow trailing newlines in regular expressions (#2266)
  • Support for readbyte in Paperclip attachments (#2034)
  • (port from 4.3) Uri io adapter uses the content-disposition filename (#2250)
  • General refactors and documentation improvements

v5.0.0

  • Bugfix: Now it's possible to save images from URLs with special characters #1932
  • Bugfix: Return false when file to copy is not present in cloud storage #2173
  • Automatically close file while checking mime type #2016
  • Add read_timeout option to UriAdapter#download_content method #2232
  • Fix a nil error in content type validation matcher #1910
  • Documentation improvements

v5.0.0.beta2

  • Bugfix: Dynamic fog directory option is now respected
  • Bugfix: Fixes cocaine duplicated paths #2169
  • Removal of dead code (older versions of Rails and AWS SDK)
  • README adjustments

v5.0.0.beta1

  • Drop support to end-of-life'd ruby 2.0.

  • Drop support for end-of-life'd Rails 3.2 and 4.1

  • Drop support for AWS v1

  • Remove tests for JRuby and Rubinius from Travis CI (they were failing)

  • Improvement: Add fog_options configuration to send options to fog when storing files.

  • Extracted repository for locales only: https://github.com/thoughtbot/paperclip-i18n

  • Bugfix: Original file could be unlinked during post_process_style, producing failures

  • Bugfix for image magick scaling images up

  • Memory consumption improvements

  • url on a unpersisted record returns default_url rather than nil

  • Improvement: aws-sdk v2 support thoughtbot/paperclip#1903

    If your Gemfile contains aws-sdk (>= 2.0.0) and aws-sdk-v1, paperclip will use aws-sdk v2. With aws-sdk v2, S3 storage requires you to set the s3_region. s3_region may be nested in s3_credentials, and (if not nested in s3_credentials) it may be a Proc.

Changelog

Sourced from paperclip's changelog.

5.2.0 (2018-01-23):

  • Security: Remove the automatic loading of URI adapters. Some of these adapters can be specially crafted to expose your network topology. (#2435)

  • Bugfix: The rake task no longer rescues Exception. (#2476)

  • Bugfix: Handle malformed Content-Disposition headers (#2283)

  • Bugfix: The :only_process option works when passed a lambda again. (#2289)

  • Improvement: Added :use_accelerate_endpoint option when using S3 to enable Amazon S3 Transfer Acceleration (#2291)

  • Improvement: Make the fingerprint digest configurable per attachment. The default remains MD5. Making this configurable means it can change in a future version because it is not considered secure anymore against intentional file corruption. For more info, see https://en.wikipedia.org/wiki/MD5#Security

    You can change the digest used for an attachment by adding the :adapter_options parameter to the has_attached_file options like this: has_attached_file :avatar, adapter_options: { hash_digest: Digest::SHA256 }

    Use the rake task to regenerate fingerprints with the new digest for a given class. Note that this does not check the file integrity using the old fingerprint. Run the following command to regenerate fingerprints for all User attachments: CLASS=User rake paperclip:refresh:fingerprints You can optionally limit the attachment that will be processed, e.g: CLASS=User ATTACHMENT=avatar rake paperclip:refresh:fingerprints (#2229)

  • Improvement: The new frame_index option on the thumbnail processor allows you to select a specific frame from an animated upload to use as a thumbnail. Initial support is for mkv, avi, MP4, mov, MPEG, and GIF. (#2155)

  • Improvement: Instead of copying files, use hard links. This is an optimization. (#2120)

  • Improvement: S3 storage option :s3_prefixes_in_alias. (#2287)

  • Improvement: Fog option :fog_public can be a lambda. (#2302)

  • Improvement: One fewer warning on JRuby. (#2352)

  • Ruby 2.4.0 compatibility (doesn't use Fixnum anymore)

5.1.0 (2016-08-19):

  • Add default content_type_detector to UploadedFileAdapter (#2270)
  • Default S3 protocol to empty string (#2038)
  • Don't write original file if it wasn't reprocessed (#1993)
  • Disallow trailing newlines in regular expressions (#2266)
  • Support for readbyte in Paperclip attachments (#2034)
  • (port from 4.3) Uri io adapter uses the content-disposition filename (#2250)
  • General refactors and documentation improvements

5.0.0 (2016-07-01):

  • Improvement: Add read_timeout configuration for URI Adapter download_content method.
  • README adjustments for Ruby beginners (add links, elucidate model in Quick Start)

... (truncated)

Commits
  • 4ebedfb Prepare release 5.2.0
  • 80847b4 Remove the automatic loading of URI Adapters
  • c794f6d Be more explicit
  • 8253c89 Remove bad exception handling!
  • 9b48053 Fixed a build by freezeing cucumber-expressions gem to a known working version.
  • bb274b5 removed extra space char from UPGRADING
  • 38166cf Bring back old bundler version to fix CI
  • 176de35 Fix build by adding missing package in new distro, added more Ruby versions t...
  • 82cd378 Update copyright in README
  • 093b4da Update thoughtbot logo
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bbc/hive-scheduler/network/alerts).