activestorage 8.0.5 → 8.1.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb8d04a9237523518b1a6b00aab432decc944e0432e7296d1f283126c73eb374
-  data.tar.gz: 74fabd6db3bfefae7e51f9be208fafb37b76e5df3bdc238bafe60fa8357bd405
+  metadata.gz: 8959531cd3a50439e1d30882ac0398b7d361da8a6859049b01c31e1a35e58862
+  data.tar.gz: c4027f992ab9f941cecbe88a7a415d52f5a3800b86e69fe8789567f320a9b9ea
 SHA512:
-  metadata.gz: e8555d671d585f19dcecb996f38d4aa4f182e3e98082856916e13cefa8f6f9c0288f11dbf83f7f80f641dbf82e5e93a39559bf7e86b98638b3737029c17660c4
-  data.tar.gz: bd3b5a92c37258cecf1bca978f4a59a090c6bb20a30cf290479a173add2efa6de64ffe120d4649c1d4d9aa3b0e500c2ae7b24b44ee4b6413e65efafe7eac91e4
+  metadata.gz: 2750ae72f60c4e388b74813b74fa2580a5ebe48887eca53905b1d1173a08bac4ff931f22fadc3fb2ffec0d96417f7661fe22aba44cdaa36e7480c7df4b0f52d0
+  data.tar.gz: 3201606c2dce4e6e41649c8aca6432dbd2c0635c966366809bc6552ad07cc074596d3d973054bce87f79f3eca9ffb68d91e116d9b8f81ac5dad7d59b8040cd5b

data/CHANGELOG.md

@@ -1,86 +1,51 @@
-## Rails 8.0.5 (March 24, 2026) ##
+## Rails 8.1.0.beta1 (September 04, 2025) ##
 
-*   Fix `ActiveStorage::Blob` content type predicate methods to handle `nil`.
+*   Remove deprecated `:azure` storage service.
 
-    *Daichi KUDO*
+    *Rafael Mendonça França*
 
+*   Remove unnecessary calls to the GCP metadata server.
 
-## Rails 8.0.4.1 (March 23, 2026) ##
+    Calling Google::Auth.get_application_default triggers an explicit call to
+    the metadata server - given it was being called for significant number of
+    file operations, it can lead to considerable tail latencies and even metadata
+    server overloads. Instead, it's preferable (and significantly more efficient)
+    that applications use:
 
-*   Filter user supplied metadata in DirectUploadController
+    ```ruby
+    Google::Apis::RequestOptions.default.authorization = Google::Auth.get_application_default(...)
+    ```
 
-    [CVE-2026-33173]
+    In the cases applications do not set that, the GCP libraries automatically determine credentials.
 
-    *Jean Boussier*
+    This also enables using credentials other than those of the associated GCP
+    service account like when using impersonation.
 
-*   Configurable maxmimum streaming chunk size
+    *Alex Coomans*
 
-    Makes sure that byte ranges for blobs don't exceed 100mb by default.
-    Content ranges that are too big can result in denial of service.
+*   Direct upload progress accounts for server processing time.
 
-    [CVE-2026-33174]
+    *Jeremy Daer*
 
-    *Gannon McGibbon*
+*   Delegate `ActiveStorage::Filename#to_str` to `#to_s`
 
-*   Limit range requests to a single range
+    Supports checking String equality:
 
-    [CVE-2026-33658]
+    ```ruby
+    filename = ActiveStorage::Filename.new("file.txt")
+    filename == "file.txt" # => true
+    filename in "file.txt" # => true
+    "file.txt" == filename # => true
+    ```
 
-    *Jean Boussier*
+    *Sean Doyle*
 
-*   Prevent path traversal in `DiskService`.
+*   Add support for alternative MD5 implementation through `config.active_storage.checksum_implementation`.
 
-    `DiskService#path_for` now raises an `InvalidKeyError` when passed keys with dot segments (".",
-    ".."), or if the resolved path is outside the storage root directory.
+    Also automatically degrade to using the slower `Digest::MD5` implementation if `OpenSSL::Digest::MD5`
+    is found to be disabled because of OpenSSL FIPS mode.
 
-    `#path_for` also now consistently raises `InvalidKeyError` if the key is invalid in any way, for
-    example containing null bytes or having an incompatible encoding. Previously, the exception
-    raised may have been `ArgumentError` or `Encoding::CompatibilityError`.
-
-    `DiskController` now explicitly rescues `InvalidKeyError` with appropriate HTTP status codes.
-
-    [CVE-2026-33195]
-
-    *Mike Dalessio*
-
-*   Prevent glob injection in `DiskService#delete_prefixed`.
-
-    Escape glob metacharacters in the resolved path before passing to `Dir.glob`.
-
-    Note that this change breaks any existing code that is relying on `delete_prefixed` to expand
-    glob metacharacters. This change presumes that is unintended behavior (as other storage services
-    do not respect these metacharacters).
-
-    [CVE-2026-33202]
-
-    *Mike Dalessio*
-
-
-## Rails 8.0.4 (October 28, 2025) ##
-
-*   No changes.
-
-
-## Rails 8.0.3 (September 22, 2025) ##
-
-*   Address deprecation of `Aws::S3::Object#upload_stream` in `ActiveStorage::Service::S3Service`.
-
-    *Joshua Young*
-
-*   Fix `config.active_storage.touch_attachment_records` to work with eager loading.
-
-    *fatkodima*
-
-
-## Rails 8.0.2.1 (August 13, 2025) ##
-
-*   Remove dangerous transformations
-
-    [CVE-2025-24293]
-
-    *Zack Deveau*
-
-## Rails 8.0.2 (March 12, 2025) ##
+    *Matt Pasquini*, *Jean Boussier*
 
 *   A Blob will no longer autosave associated Attachment.
 
@@ -94,52 +59,4 @@
 
     *Edouard-chin*
 
-
-## Rails 8.0.1 (December 13, 2024) ##
-
-*   No changes.
-
-
-## Rails 8.0.0.1 (December 10, 2024) ##
-
-*   No changes.
-
-
-## Rails 8.0.0 (November 07, 2024) ##
-
-*   No changes.
-
-
-## Rails 8.0.0.rc2 (October 30, 2024) ##
-
-*   No changes.
-
-
-## Rails 8.0.0.rc1 (October 19, 2024) ##
-
-*   No changes.
-
-
-## Rails 8.0.0.beta1 (September 26, 2024) ##
-
-*   Deprecate `ActiveStorage::Service::AzureStorageService`.
-
-    *zzak*
-
-*   Improve `ActiveStorage::Filename#sanitized` method to handle special characters more effectively.
-    Replace the characters `"*?<>` with `-` if they exist in the Filename to match the Filename convention of Win OS.
-
-    *Luong Viet Dung(Martin)*
-
-*   Improve InvariableError, UnpreviewableError and UnrepresentableError message.
-
-    Include Blob ID and content_type in the messages.
-
-    *Petrik de Heus*
-
-*   Mark proxied files as `immutable` in their Cache-Control header
-
-    *Nate Matykiewicz*
-
-
-Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/activestorage/CHANGELOG.md) for previous changes.
+Please check [8-0-stable](https://github.com/rails/rails/blob/8-0-stable/activestorage/CHANGELOG.md) for previous changes.

data/README.md

@@ -1,6 +1,6 @@
 # Active Storage
 
-Active Storage makes it simple to upload and reference files in cloud services like [Amazon S3](https://aws.amazon.com/s3/), [Google Cloud Storage](https://cloud.google.com/storage/docs/), or [Microsoft Azure Storage](https://azure.microsoft.com/en-us/services/storage/), and attach those files to Active Records. Supports having one main service and mirrors in other services for redundancy. It also provides a disk service for testing or local deployments, but the focus is on cloud storage.
+Active Storage makes it simple to upload and reference files in cloud services like [Amazon S3](https://aws.amazon.com/s3/), or [Google Cloud Storage](https://cloud.google.com/storage/docs/), and attach those files to Active Records. Supports having one main service and mirrors in other services for redundancy. It also provides a disk service for testing or local deployments, but the focus is on cloud storage.
 
 Files can be uploaded from the server to the cloud or directly from the client to the cloud.
 
@@ -173,7 +173,10 @@ Active Storage, with its included JavaScript library, supports uploading directl
     ```erb
     <%= form.file_field :attachments, multiple: true, direct_upload: true %>
     ```
-3. That's it! Uploads begin upon form submission.
+
+3. Configure CORS on third-party storage services to allow direct upload requests.
+
+4. That's it! Uploads begin upon form submission.
 
 ### Direct upload JavaScript events
 

data/app/assets/javascripts/activestorage.esm.js

@@ -672,7 +672,7 @@ class DirectUploadController {
     }));
   }
   uploadRequestDidProgress(event) {
-    const progress = event.loaded / event.total * 100;
+    const progress = event.loaded / event.total * 90;
     if (progress) {
       this.dispatch("progress", {
         progress: progress
@@ -707,6 +707,42 @@ class DirectUploadController {
       xhr: xhr
     });
     xhr.upload.addEventListener("progress", (event => this.uploadRequestDidProgress(event)));
+    xhr.upload.addEventListener("loadend", (() => {
+      this.simulateResponseProgress(xhr);
+    }));
+  }
+  simulateResponseProgress(xhr) {
+    let progress = 90;
+    const startTime = Date.now();
+    const updateProgress = () => {
+      const elapsed = Date.now() - startTime;
+      const estimatedResponseTime = this.estimateResponseTime();
+      const responseProgress = Math.min(elapsed / estimatedResponseTime, 1);
+      progress = 90 + responseProgress * 9;
+      this.dispatch("progress", {
+        progress: progress
+      });
+      if (xhr.readyState !== XMLHttpRequest.DONE && progress < 99) {
+        requestAnimationFrame(updateProgress);
+      }
+    };
+    xhr.addEventListener("loadend", (() => {
+      this.dispatch("progress", {
+        progress: 100
+      });
+    }));
+    requestAnimationFrame(updateProgress);
+  }
+  estimateResponseTime() {
+    const fileSize = this.file.size;
+    const MB = 1024 * 1024;
+    if (fileSize < MB) {
+      return 1e3;
+    } else if (fileSize < 10 * MB) {
+      return 2e3;
+    } else {
+      return 3e3 + fileSize / MB * 50;
+    }
   }
 }
 

data/app/assets/javascripts/activestorage.js

@@ -662,7 +662,7 @@
       }));
     }
     uploadRequestDidProgress(event) {
-      const progress = event.loaded / event.total * 100;
+      const progress = event.loaded / event.total * 90;
       if (progress) {
         this.dispatch("progress", {
           progress: progress
@@ -697,6 +697,42 @@
         xhr: xhr
       });
       xhr.upload.addEventListener("progress", (event => this.uploadRequestDidProgress(event)));
+      xhr.upload.addEventListener("loadend", (() => {
+        this.simulateResponseProgress(xhr);
+      }));
+    }
+    simulateResponseProgress(xhr) {
+      let progress = 90;
+      const startTime = Date.now();
+      const updateProgress = () => {
+        const elapsed = Date.now() - startTime;
+        const estimatedResponseTime = this.estimateResponseTime();
+        const responseProgress = Math.min(elapsed / estimatedResponseTime, 1);
+        progress = 90 + responseProgress * 9;
+        this.dispatch("progress", {
+          progress: progress
+        });
+        if (xhr.readyState !== XMLHttpRequest.DONE && progress < 99) {
+          requestAnimationFrame(updateProgress);
+        }
+      };
+      xhr.addEventListener("loadend", (() => {
+        this.dispatch("progress", {
+          progress: 100
+        });
+      }));
+      requestAnimationFrame(updateProgress);
+    }
+    estimateResponseTime() {
+      const fileSize = this.file.size;
+      const MB = 1024 * 1024;
+      if (fileSize < MB) {
+        return 1e3;
+      } else if (fileSize < 10 * MB) {
+        return 2e3;
+      } else {
+        return 3e3 + fileSize / MB * 50;
+      }
     }
   }
   const inputSelector = "input[type=file][data-direct-upload-url]:not([disabled])";

data/app/controllers/active_storage/disk_controller.rb

@@ -17,8 +17,6 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     end
   rescue Errno::ENOENT
     head :not_found
-  rescue ActiveStorage::InvalidKeyError
-    head :not_found
   end
 
   def update
@@ -34,8 +32,6 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController
     end
   rescue ActiveStorage::IntegrityError
     head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
-  rescue ActiveStorage::InvalidKeyError
-    head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
   end
 
   private

data/app/controllers/concerns/active_storage/streaming.rb

@@ -14,8 +14,7 @@ module ActiveStorage::Streaming
     def send_blob_byte_range_data(blob, range_header, disposition: nil)
       ranges = Rack::Utils.get_byte_ranges(range_header, blob.byte_size)
 
-      return head(:range_not_satisfiable) unless ranges_valid?(ranges)
-      return head(:range_not_satisfiable) if ranges.length > ActiveStorage.streaming_max_ranges
+      return head(:range_not_satisfiable) if ranges.blank? || ranges.all?(&:blank?)
 
       if ranges.length == 1
         range = ranges.first
@@ -52,12 +51,6 @@ module ActiveStorage::Streaming
       )
     end
 
-    def ranges_valid?(ranges)
-      return false if ranges.blank? || ranges.all?(&:blank?)
-
-      ranges.sum { |range| range.end - range.begin } < ActiveStorage.streaming_chunk_max_size
-    end
-
     # Stream the blob from storage directly to the response. The disposition can be controlled by setting +disposition+.
     # The content type and filename is set directly from the +blob+.
     def send_blob_stream(blob, disposition: nil) # :doc:

data/app/javascript/activestorage/direct_upload_controller.js

@@ -31,7 +31,8 @@ export class DirectUploadController {
   }
 
   uploadRequestDidProgress(event) {
-    const progress = event.loaded / event.total * 100
+    // Scale upload progress to 0-90% range
+    const progress = (event.loaded / event.total) * 90
     if (progress) {
       this.dispatch("progress", { progress })
     }
@@ -63,5 +64,51 @@ export class DirectUploadController {
   directUploadWillStoreFileWithXHR(xhr) {
     this.dispatch("before-storage-request", { xhr })
     xhr.upload.addEventListener("progress", event => this.uploadRequestDidProgress(event))
+
+    // Start simulating progress after upload completes
+    xhr.upload.addEventListener("loadend", () => {
+      this.simulateResponseProgress(xhr)
+    })
+  }
+
+  simulateResponseProgress(xhr) {
+    let progress = 90
+    const startTime = Date.now()
+
+    const updateProgress = () => {
+      // Simulate progress from 90% to 99% over estimated time
+      const elapsed = Date.now() - startTime
+      const estimatedResponseTime = this.estimateResponseTime()
+      const responseProgress = Math.min(elapsed / estimatedResponseTime, 1)
+      progress = 90 + (responseProgress * 9) // 90% to 99%
+
+      this.dispatch("progress", { progress })
+
+      // Continue until response arrives or we hit 99%
+      if (xhr.readyState !== XMLHttpRequest.DONE && progress < 99) {
+        requestAnimationFrame(updateProgress)
+      }
+    }
+
+    // Stop simulation when response arrives
+    xhr.addEventListener("loadend", () => {
+      this.dispatch("progress", { progress: 100 })
+    })
+
+    requestAnimationFrame(updateProgress)
+  }
+
+  estimateResponseTime() {
+    // Base estimate: 1 second for small files, scaling up for larger files
+    const fileSize = this.file.size
+    const MB = 1024 * 1024
+
+    if (fileSize < MB) {
+      return 1000 // 1 second for files under 1MB
+    } else if (fileSize < 10 * MB) {
+      return 2000 // 2 seconds for files 1-10MB
+    } else {
+      return 3000 + (fileSize / MB * 50) // 3+ seconds for larger files
+    }
   }
 }

data/app/models/active_storage/blob/representable.rb

@@ -25,8 +25,8 @@ module ActiveStorage::Blob::Representable
   #
   #   <%= image_tag Current.user.avatar.variant(resize_to_limit: [100, 100]) %>
   #
-  # This will create a URL for that specific blob with that specific variant, which the ActiveStorage::Representations::ProxyController
-  # or ActiveStorage::Representations::RedirectController can then produce on-demand.
+  # This will create a URL for that specific blob with that specific variant, which the ActiveStorage::RepresentationsController
+  # can then produce on-demand.
   #
   # Raises ActiveStorage::InvariableError if the variant processor cannot
   # transform the blob. To determine whether a blob is variable, call

data/app/models/active_storage/blob.rb

@@ -16,18 +16,10 @@
 # Blobs are intended to be immutable in as-so-far as their reference to a specific file goes. You're allowed to
 # update a blob's metadata on a subsequent pass, but you should not update the key or change the uploaded file.
 # If you need to create a derivative or otherwise change the blob, simply create a new blob and purge the old one.
-#
-# When using a custom +key+, the value is treated as trusted. Using untrusted user input
-# as the key may result in unexpected behavior.
 class ActiveStorage::Blob < ActiveStorage::Record
   MINIMUM_TOKEN_LENGTH = 28
 
   has_secure_token :key, length: MINIMUM_TOKEN_LENGTH
-
-  # FIXME: these property should never have been stored in the metadata.
-  # The blob table should be migrated to have dedicated columns for theses.
-  PROTECTED_METADATA = %w(analyzed identified composed)
-  private_constant :PROTECTED_METADATA
   store :metadata, accessors: [ :analyzed, :identified, :composed ], coder: ActiveRecord::Coders::JSON
 
   class_attribute :services, default: {}
@@ -100,9 +92,6 @@ class ActiveStorage::Blob < ActiveStorage::Record
     # be saved before the upload begins to prevent the upload clobbering another due to key collisions.
     # When providing a content type, pass <tt>identify: false</tt> to bypass
     # automatic content type inference.
-    #
-    # The optional +key+ parameter is treated as trusted. Using untrusted user input
-    # as the key may result in unexpected behavior.
     def create_and_upload!(key: nil, io:, filename:, content_type: nil, metadata: nil, service_name: nil, identify: true, record: nil)
       create_after_unfurling!(key: key, io: io, filename: filename, content_type: content_type, metadata: metadata, service_name: service_name, identify: identify).tap do |blob|
         blob.upload_without_unfurling(io)
@@ -115,7 +104,6 @@ class ActiveStorage::Blob < ActiveStorage::Record
     # Once the form using the direct upload is submitted, the blob can be associated with the right record using
     # the signed ID.
     def create_before_direct_upload!(key: nil, filename:, byte_size:, checksum:, content_type: nil, metadata: nil, service_name: nil, record: nil)
-      metadata = filter_metadata(metadata)
       create! key: key, filename: filename, byte_size: byte_size, checksum: checksum, content_type: content_type, metadata: metadata, service_name: service_name
     end
 
@@ -163,15 +151,6 @@ class ActiveStorage::Blob < ActiveStorage::Record
         combined_blob.save!
       end
     end
-
-    private
-      def filter_metadata(metadata)
-        if metadata.is_a?(Hash)
-          metadata.without(*PROTECTED_METADATA)
-        else
-          metadata
-        end
-      end
   end
 
   include Analyzable
@@ -210,22 +189,22 @@ class ActiveStorage::Blob < ActiveStorage::Record
 
   # Returns true if the content_type of this blob is in the image range, like image/png.
   def image?
-    content_type&.start_with?("image")
+    content_type.start_with?("image")
   end
 
   # Returns true if the content_type of this blob is in the audio range, like audio/mpeg.
   def audio?
-    content_type&.start_with?("audio")
+    content_type.start_with?("audio")
   end
 
   # Returns true if the content_type of this blob is in the video range, like video/mp4.
   def video?
-    content_type&.start_with?("video")
+    content_type.start_with?("video")
   end
 
   # Returns true if the content_type of this blob is in the text range, like text/plain.
   def text?
-    content_type&.start_with?("text")
+    content_type.start_with?("text")
   end
 
   # Returns the URL of the blob on the service. This returns a permanent URL for public files, and returns a
@@ -353,7 +332,7 @@ class ActiveStorage::Blob < ActiveStorage::Record
     def compute_checksum_in_chunks(io)
       raise ArgumentError, "io must be rewindable" unless io.respond_to?(:rewind)
 
-      OpenSSL::Digest::MD5.new.tap do |checksum|
+      ActiveStorage.checksum_implementation.new.tap do |checksum|
         read_buffer = "".b
         while io.read(5.megabytes, read_buffer)
           checksum << read_buffer

data/app/models/active_storage/filename.rb

@@ -64,6 +64,7 @@ class ActiveStorage::Filename
   def to_s
     sanitized.to_s
   end
+  alias_method :to_str, :to_s
 
   def as_json(*)
     to_s

data/app/models/active_storage/variant.rb

@@ -8,29 +8,29 @@
 #
 # Variants rely on {ImageProcessing}[https://github.com/janko/image_processing] gem for the actual transformations
 # of the file, so you must add <tt>gem "image_processing"</tt> to your Gemfile if you wish to use variants. By
-# default, images will be processed with {ImageMagick}[http://imagemagick.org] using the
-# {MiniMagick}[https://github.com/minimagick/minimagick] gem, but you can also switch to the
-# {libvips}[http://libvips.github.io/libvips/] processor operated by the {ruby-vips}[https://github.com/libvips/ruby-vips]
+# default, images will be processed with {libvips}[http://libvips.github.io/libvips/] using the
+# {ruby-vips}[https://github.com/libvips/ruby-vips] gem, but you can also switch to the
+# {ImageMagick}[http://imagemagick.org] processor operated by the {MiniMagick}[https://github.com/minimagick/minimagick]
 # gem).
 #
 #   Rails.application.config.active_storage.variant_processor
-#   # => :mini_magick
-#
-#   Rails.application.config.active_storage.variant_processor = :vips
 #   # => :vips
 #
+#   Rails.application.config.active_storage.variant_processor = :mini_magick
+#   # => :mini_magick
+#
 # Note that to create a variant it's necessary to download the entire blob file from the service. Because of this process,
 # you also want to be considerate about when the variant is actually processed. You shouldn't be processing variants inline
 # in a template, for example. Delay the processing to an on-demand controller, like the one provided in
-# ActiveStorage::Representations::ProxyController and ActiveStorage::Representations::RedirectController.
+# ActiveStorage::RepresentationsController.
 #
 # To refer to such a delayed on-demand variant, simply link to the variant through the resolved route provided
 # by Active Storage like so:
 #
 #   <%= image_tag Current.user.avatar.variant(resize_to_limit: [100, 100]) %>
 #
-# This will create a URL for that specific blob with that specific variant, which the ActiveStorage::Representations::ProxyController
-# or ActiveStorage::Representations::RedirectController can then produce on-demand.
+# This will create a URL for that specific blob with that specific variant, which the ActiveStorage::RepresentationsController
+# can then produce on-demand.
 #
 # When you do want to actually produce the variant needed, call +processed+. This will check that the variant
 # has already been processed and uploaded to the service, and, if so, just return that. Otherwise it will perform
@@ -77,8 +77,8 @@ class ActiveStorage::Variant
   # Returns the URL of the blob variant on the service. See ActiveStorage::Blob#url for details.
   #
   # Use <tt>url_for(variant)</tt> (or the implied form, like <tt>link_to variant</tt> or <tt>redirect_to variant</tt>) to get the stable URL
-  # for a variant that points to the ActiveStorage::Representations::ProxyController or ActiveStorage::Representations::RedirectController,
-  # which in turn will use this +service_call+ method for its redirection.
+  # for a variant that points to the ActiveStorage::RepresentationsController, which in turn will use this +service_call+ method
+  # for its redirection.
   def url(expires_in: ActiveStorage.service_urls_expire_in, disposition: :inline)
     service.url key, expires_in: expires_in, disposition: disposition, filename: filename, content_type: content_type
   end

data/app/models/active_storage/variation.rb

@@ -82,6 +82,6 @@ class ActiveStorage::Variation
 
   private
     def transformer
-      ActiveStorage::Transformers::ImageProcessingTransformer.new(transformations.except(:format))
+      ActiveStorage.variant_transformer.new(transformations.except(:format))
     end
 end

data/lib/active_storage/analyzer/image_analyzer/image_magick.rb

@@ -1,22 +1,18 @@
 # frozen_string_literal: true
 
+begin
+  gem "mini_magick"
+  require "mini_magick"
+rescue LoadError => error
+  raise error unless error.message.include?("mini_magick")
+end
+
 module ActiveStorage
   # This analyzer relies on the third-party {MiniMagick}[https://github.com/minimagick/minimagick] gem. MiniMagick requires
   # the {ImageMagick}[http://www.imagemagick.org] system library.
   class Analyzer::ImageAnalyzer::ImageMagick < Analyzer::ImageAnalyzer
-    def self.accept?(blob)
-      super && ActiveStorage.variant_processor == :mini_magick
-    end
-
     private
       def read_image
-        begin
-          require "mini_magick"
-        rescue LoadError
-          logger.info "Skipping image analysis because the mini_magick gem isn't installed"
-          return {}
-        end
-
         download_blob_to_tempfile do |file|
           image = instrument("mini_magick") do
             MiniMagick::Image.new(file.path)

data/lib/active_storage/analyzer/image_analyzer/vips.rb

@@ -1,22 +1,18 @@
 # frozen_string_literal: true
 
+begin
+  gem "ruby-vips"
+  require "ruby-vips"
+rescue LoadError => error
+  raise error unless error.message.include?("ruby-vips")
+end
+
 module ActiveStorage
   # This analyzer relies on the third-party {ruby-vips}[https://github.com/libvips/ruby-vips] gem. Ruby-vips requires
   # the {libvips}[https://libvips.github.io/libvips/] system library.
   class Analyzer::ImageAnalyzer::Vips < Analyzer::ImageAnalyzer
-    def self.accept?(blob)
-      super && ActiveStorage.variant_processor == :vips
-    end
-
     private
       def read_image
-        begin
-          require "ruby-vips"
-        rescue LoadError
-          logger.info "Skipping image analysis because the ruby-vips gem isn't installed"
-          return {}
-        end
-
         download_blob_to_tempfile do |file|
           image = instrument("vips") do
             # ruby-vips will raise Vips::Error if it can't find an appropriate loader for the file
@@ -35,6 +31,9 @@ module ActiveStorage
           logger.error "Skipping image analysis due to a Vips error: #{error.message}"
           {}
         end
+      rescue ::Vips::Error => error
+        logger.error "Skipping image analysis due to an Vips error: #{error.message}"
+        {}
       end
 
       ROTATIONS = /Right-top|Left-bottom|Top-right|Bottom-left/

data/lib/active_storage/analyzer/image_analyzer.rb

@@ -12,6 +12,11 @@ module ActiveStorage
   #   ActiveStorage::Analyzer::ImageAnalyzer::ImageMagick.new(blob).metadata
   #   # => { width: 4104, height: 2736 }
   class Analyzer::ImageAnalyzer < Analyzer
+    extend ActiveSupport::Autoload
+
+    autoload :Vips
+    autoload :ImageMagick
+
     def self.accept?(blob)
       blob.image?
     end