Bump carrierwave from 1.3.2 to 2.2.4

[dependabot]

Bumps carrierwave from 1.3.2 to 2.2.4.

Release notes

Sourced from carrierwave's releases.

2.2.4

Fixed

• Fix Ruby 2.7 keyword argument warning in uploader process (@​SuperTux88 #2665, #2636, #2635)

2.2.3

Fixed

• Add workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@​mshibuya c74579d, #2628)
• Add workaround for the API change in ssrf_filter 1.1 (@​BrianHawley #2629, #2625)

2.2.2

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)

... (truncated)

Changelog

Sourced from carrierwave's changelog.

2.2.4 - 2023-06-10

Fixed

• Fix Ruby 2.7 keyword argument warning in uploader process (@​SuperTux88 #2665, #2636, #2635)

2.2.3 - 2022-11-21

Fixed

• Add workaround for 'undefined method closed?' error caused by ssrf_filter 1.1 (@​mshibuya c74579d, #2628)
• Add workaround for the API change in ssrf_filter 1.1 (@​BrianHawley #2629, #2625)

2.2.2 - 2021-05-28

Fixed

• Fix no implicit conversion of CSV into String error when parsing a CSV object (@​pjmartorell #2562, #2559)

2.2.1 - 2021-03-30

Changed

• Replace mimemagic with marcel due to licensing concern (@​pjmartorell #2551, #2548)

Fixed

• Fog storage's #clean_cache! breaks when non-cache objects exist in cache_dir (@​mshibuya 42c620a1, #2532)

2.2.0 - 2021-02-23

Added

• libvips support through ImageProcessing::Vips and ruby-vips (@​rhymes #2500, e8421978, 4ae8dc64)
• Provide alternatives to whitelist/blacklist terminology as allowlist/denylist, while old ones are still available but deprecated (@​grantbdev #2442, 4c3cac75, #2491)
• Support for the latest version of RMagick (@​mshibuya 88f24451)

Deprecated

• #(content_type|extension)_whitelist, #(content_type|extension)_blacklist are deprecated. Use #(content_type|extension)_allowlist and #(content_type|extension)_denylist instead (@​grantbdev #2442, 4c3cac75)

Fixed

• Calculate Fog expiration taking DST into account (@​mshibuya, f90e14ca, #2059)
• Set correct content type on copy of fog files (@​ZuevEvgenii #2503, 6682f7ac, #2487)
• Fix fog-google support to pass acl_header for public read if fog is public (@​yosiat #2525, #2426)
• Fix various URL escape issues by escaping on URI parse error only (@​mshibuya 3faf7491, #2457, #2473)
• Fix instance variables @versions_to_* not initialized warning (@​mshibuya c10b82ed, #2493)
• Fix SanitizedFile#move_to wrongly detects content_type based on the path before move (@​mshibuya a42e1b4c, #2495)
• Fix returning invalid content type on text files (@​inkstak #2474, #2424)
• Skip content type and extension filters where possible (@​alexpooley #2464)
• Fix file's #url being called twice, which might be costly for non-local files (@​skyeagle #2519)
• Fix mime type detection failing with types which contain + symbol, such as image/svg+xml (@​sylvainbx #2489)
• Fix #cached? to return boolean instead of @cache_id value (@​kmiyake #2510)
• Fix mime type detection for MS Office files (@​anthonypenner #2447)

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 387116f5, GHSA-cf3w-g86h-35x4)
• Fix SSRF vulnerability in the remote file download feature (@​mshibuya 012702eb, GHSA-fwcm-636p-68r5)

2.1.1 - 2021-02-08

Security

• Fix Code Injection vulnerability in CarrierWave::RMagick (@​mshibuya 15bcf8d8, GHSA-cf3w-g86h-35x4)

... (truncated)

Commits

• 2f91bee Version 2.2.4
• 2f2d77a Merge pull request #2665 from SuperTux88/backport-kwargs-fix
• 52237f4 fix: ruby 2.7 kwarg warning in uploader process
• bdb0be0 File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2
• ed8c518 Forward to 1.x changelog for older changes
• baf5df7 Version 2.2.3
• 8c4c91f Make spec runnable
• c74579d Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1
• 674d757 Merge pull request #2629 from BrianHawley/fixes_2625
• 32abf5b Version 2.2.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)