Bump carrierwave from 2.2.4 to 3.0.1

[dependabot]

Bumps carrierwave from 2.2.4 to 3.0.1.

Release notes

Sourced from carrierwave's releases.

3.0.1

Fixed

• Fix not respecting the parent's #enable_processing value after reading its own (@​mshibuya 2df0f53, #2676)
• Fix NoMethodError when a record is rolled back (@​y-yagi #2674, #2675)
• Fix filename suffix being removed due to unnecessary deduplication (@​mshibuya d68a111, #2672)
• Fix #dup causing unintended name deduplication of copied files (@​mshibuya b732acd, #2670)
• Fix initialization failing when active_support/core_ext is not loaded yet (@​mshibuya 875d972)

3.0.0

Added

• Support adding suffix to filename on store when path collides with the existing ones (@​mshibuya 07a5632, #1855)
• Add image dimension validation (@​TsubasaYoshida #2592, 3b1f8b4)
• Provide validation error details via ActiveModel::Errors#details (@​mshibuya 9013999, #2150)
• Support clearing #remote_urls by assigning nil (@​mshibuya 8307f93, #2067)
• Support configuration of download retry wait time (@​tricknotes #2646)
• Support for ActiveRecord::Base#dup (@​mshibuya, @​BrianHawley 19b33b8, #2645, #1962)
• Add CarrierWave::Storage::Fog::File#to_file for interface consistency with SanitizedFile (@​mshibuya 68ce83a, #1960)
• Allow SanitizedFile to accept read with an optional length and output_buffer arguments (@​mshibuya 9096459, #1959)
• Add basename and fix extension value for fog file (@​leductienttkt #2587)
• Allow uploaders to accept unless conditions (@​Vpatel1093 #2588)
• Add retry option to download from remote url (@​tashirosota #2577)

Changed

• Stop relying on ActiveModel::Dirty change tracking for removal of unnecessary files (@​mshibuya aac25c1)
• Create versions lazily to reflect subclass configurations properly (@​mshibuya 1531a67, #1957, #2619)
• [BREAKING CHANGE] Use the resulting file extension on changing format by :convert (@​mshibuya #2659, #2125, #2126, #2254)
• Prioritize Magic-detected content type for spoof-tolerance (@​mshibuya a2ca59c, #2570)
• Handle assignments in an ActiveModel::Dirty-friendly way (@​mshibuya #2658, #2404, #2409, #2468)
• Give a stable name to classes created by the mount_uploader block (@​mshibuya f5b09b8, #2407, #2471)
• Give a stable name to version classes (@​mshibuya a9de756, #2407, #2471)
• Completely migrate to allowlist/denylist terminology (@​mshibuya 7a40ef7, #2536)
• Remove implementation-dependent information from an error message (@​akihikodaki #2499)
• Replace mini_mime with marcel (@​pjmartorell #2552)
• [BREAKING CHANGE] Change to store files on after_save hook instead of after_commit, with performing cleanup when transaction is rolled back (@​fsateler #2546)

Deprecated

• #denylist was deprecated to prefer explicitly opting-in (@​mshibuya 7a40ef7, #2536)

Removed

• Drop support for Ruby < 2.5 and Rails 5.x (@​mshibuya 229594f)
• Remove support for Merb (@​seuros #2566)

Fixed

• Fix CarrierWave::Storage::Fog::File#read breaking when the file doesn't exist (@​mshibuya 246eb01, #2524)
• Fix to preserve the original URI as much as possible on download (@​mshibuya 2f3afaf, #2631)
• Fix not to invoke content type detection on #copy_to as it's costly (@​mshibuya 6c6e2dc, #2465)
• Fix calling #=~ on non-String breaking in Ruby 3.2 (@​aubinlrx #2653, fd03ddd)
• Fix #clean_cache! to respect the uploader's root, not the global one (@​sawasaki-narumi #2652, 3cb9992, #2113)
• Fix to use helper method #fog_provider instead of checking #fog_credentials (@​joshuamsager #2660)
• Fix being unable to delete a file by assigning nil (@​mshibuya f8ea354, #2654, #2613)

... (truncated)

Changelog

Sourced from carrierwave's changelog.

3.0.1 - 2023-07-22

Fixed

• Fix not respecting the parent's #enable_processing value after reading its own (@​mshibuya 2df0f53, #2676)
• Fix NoMethodError when a record is rolled back (@​y-yagi #2674, #2675)
• Fix filename suffix being removed due to unnecessary deduplication (@​mshibuya d68a111, #2672)
• Fix #dup causing unintended name deduplication of copied files (@​mshibuya b732acd, #2670)
• Fix initialization failing when active_support/core_ext is not loaded yet (@​mshibuya 875d972)

3.0.0 - 2023-07-02

No changes.

3.0.0.rc - 2023-06-11

Added

• Support adding suffix to filename on store when path collides with the existing ones (@​mshibuya 07a5632, #1855)
• Add image dimension validation (@​TsubasaYoshida #2592, 3b1f8b4)
• Provide validation error details via ActiveModel::Errors#details (@​mshibuya 9013999, #2150)
• Support clearing #remote_urls by assigning nil (@​mshibuya 8307f93, #2067)
• Support configuration of download retry wait time (@​tricknotes #2646)
• Support for ActiveRecord::Base#dup (@​mshibuya, @​BrianHawley 19b33b8, #2645, #1962)
• Add CarrierWave::Storage::Fog::File#to_file for interface consistency with SanitizedFile (@​mshibuya 68ce83a, #1960)
• Allow SanitizedFile to accept read with an optional length and output_buffer arguments (@​mshibuya 9096459, #1959)

Changed

• Stop relying on ActiveModel::Dirty change tracking for removal of unnecessary files (@​mshibuya aac25c1)
• Create versions lazily to reflect subclass configurations properly (@​mshibuya 1531a67, #1957, #2619)
• [BREAKING CHANGE] Use the resulting file extension on changing format by :convert (@​mshibuya #2659, #2125, #2126, #2254)
• Prioritize Magic-detected content type for spoof-tolerance (@​mshibuya a2ca59c, #2570)
• Handle assignments in an ActiveModel::Dirty-friendly way (@​mshibuya #2658, #2404, #2409, #2468)
• Give a stable name to classes created by the mount_uploader block (@​mshibuya f5b09b8, #2407, #2471)
• Give a stable name to version classes (@​mshibuya a9de756, #2407, #2471)

Fixed

• Fix CarrierWave::Storage::Fog::File#read breaking when the file doesn't exist (@​mshibuya 246eb01, #2524)
• Fix to preserve the original URI as much as possible on download (@​mshibuya 2f3afaf, #2631)
• Fix not to invoke content type detection on #copy_to as it's costly (@​mshibuya 6c6e2dc, #2465)
• Fix calling #=~ on non-String breaking in Ruby 3.2 (@​aubinlrx #2653, fd03ddd)
• Fix #clean_cache! to respect the uploader's root, not the global one (@​sawasaki-narumi #2652, 3cb9992, #2113)
• Fix to use helper method #fog_provider instead of checking #fog_credentials (@​joshuamsager #2660)
• Fix being unable to delete a file by assigning nil (@​mshibuya f8ea354, #2654, #2613)
• Fix to raise exception when ImageMagick is not installed (@​mshibuya d90c399, #2060)
• Fix to remove unnecessary floodfill in CarrierWave::RMagick#resize_and_pad (@​mshibuya f34a9bd)
• Fix #{column}_cache= fails to be stored when set as a nested attribute (@​mshibuya e84d11e, #2206)
• Fix to use AWS S3 regional endpoints when using virtual-hosted style (@​mshibuya 8dace34, #2523)
• Fix to respect condition on processing a derived version (@​mshibuya 1fecddc, #2516)
• Fix #recreate_versions! affecting the original file (@​mshibuya a67bfb6, 5f00715, #2480, #2655)
• Fix remove_#{column}! doesn't remove the file immediately (@​mshibuya b719fb3, #2540)
• Fix column value populated without a file when using filename override (@​mshibuya f1eff6e, #2284)
• Fix boolean configurations couldn't be set to false on a per-uploader basis (@​megane42 #2642)

... (truncated)

Commits

• 3bdbfda Version 3.0.1
• 2df0f53 Fix not respecting the parent's #enable_processing value after reading its own
• 73bacd2 Merge pull request #2674 from y-yagi/fix-NoMethodError-from-remove_added
• db95563 Fix a NoMethodError when a record is rollbacked
• d68a111 Fix filename suffix being removed due to unnecessary deduplication
• 3a24616 Merge pull request #2671 from y-yagi/update-contributing-doc
• b732acd Fix #dup causing unintended name deduplication of copied files
• 875d972 Fix initialization failing when active_support/core_ext is not loaded yet
• 75bf129 Mention libvips in CONTRIBUTING.md
• 269c37a Version 3.0.0 🚀
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

⚠️ This repo is Continuously Deployed: make sure you follow the guidance ⚠️

Follow these steps if you are doing a Rails upgrade.

[ollietreend]

@dependabot recreate

[ollietreend]

@dependabot ignore this major version

because of #8007

[dependabot]

OK, I won't notify you about version 3.x.x again, unless you re-open this PR. 😢

[ChrisBAshton]

@dependabot allow this major version.

[ChrisBAshton]

Dang it, that didn't work. Let's try restoring the branch.

[ChrisBAshton]

@dependabot rebase

[ChrisBAshton]

For context:

---

We configured Dependabot in #7999 , to ignore v3 of Carrierwave, so a security patch could not be raised.

It was set to be ignored because of #8007 , and the version of Carrierwave was pinned.

In b699cd4 , Carrierwave was unpinned, and indeed, we are now pointing to version 3.0.5.

We want Dependabot to continue raising PRs for Carrierwave from now on, but unfortunately it's a bit fiddly getting it to "un-ignore'! 😁

[dependabot]

Superseded by #9634.