carrierwave 3.1.2 → 3.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 419200b4437cec891e52a5175c1d7b3f4ac26bbe53d5a499ffd78e823deebed1
-  data.tar.gz: 429982feec40f1ffaa18900f45e7615caea384dc6fb9871a9df3010b150e03f4
+  metadata.gz: 20e93cc014326f32bc9123d74648c047a9eeaf634a421981df01ece46dc142cc
+  data.tar.gz: e86f6c907282bc12306f916c31084f34a20e815a4b64291971eefbf366f7ec0c
 SHA512:
-  metadata.gz: 0ba037a1637b1e1991783ba94171869f25eb916643ae3769ac273dd967baef630e00add18beb53d773b7ab796b4ea9605d35bf349aa67c8086b205200a9a6b7e
-  data.tar.gz: 4accb3afbbb5a098552317d59194a9b8bfd2cf5f51c69d14ada968a4607469c7980eb66a54d3ac91c0ae9f3b0b54376ab9d8b6d4dd02cf7dd0eb74c93e7fd36b
+  metadata.gz: 0b1ade5c07dccfc124750e5c066e5a8dff02c52a918e3af496c1de35a42e836d1d1465fe7f48283e3a088214d843b107102fc7a87e0a68d148884d07e0378529
+  data.tar.gz: 9597174ba08ceb10b8ab91e76e67fd1d37a54c97dac99cb745408da716297bbd960c81b809ec003d6b9695dbe0c2d363c1e958e25a43602b5049f6c2f25bd1a0

data/lib/carrierwave/uploader/configuration.rb

@@ -88,7 +88,7 @@ module CarrierWave
               raise CarrierWave::UnknownStorageError, "Unknown storage: #{storage}"
             end
           when nil
-            storage
+            # noop
           else
             self._storage = storage
           end

data/lib/carrierwave/uploader/content_type_denylist.rb

@@ -54,7 +54,10 @@ module CarrierWave
       end
 
       def denylisted_content_type?(denylist, content_type)
-        Array(denylist).any? { |item| content_type =~ /#{item}/ }
+        Array(denylist).any? do |item|
+          item = Regexp.quote(item) if item.class != Regexp
+          content_type =~ /#{item}/
+        end
       end
 
     end # ContentTypeDenylist

data/lib/carrierwave/version.rb

@@ -1,3 +1,3 @@
 module CarrierWave
-  VERSION = "3.1.2".freeze
+  VERSION = "3.1.3".freeze
 end

data/lib/generators/templates/uploader.rb.erb

@@ -40,6 +40,14 @@ class <%= class_name %>Uploader < CarrierWave::Uploader::Base
   #   %w(jpg jpeg gif png)
   # end
 
+  # Add a content_type_allowlist to restrict uploads by MIME type.
+  # Without it, a user could upload a harmful file
+  # with a safe extension (content-type spoofing).
+  # For the previous extension_allowlist you might use something like this:
+  # def content_type_allowlist
+  #   /image\//
+  # end
+
   # Override the filename of the uploaded files:
   # Avoid using model.id or version_name here, see uploader/store.rb for details.
   # def filename

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: carrierwave
 version: !ruby/object:Gem::Version
-  version: 3.1.2
+  version: 3.1.3
 platform: ruby
 authors:
 - Jonas Nicklas
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-13 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -369,8 +368,8 @@ files:
 homepage: https://github.com/carrierwaveuploader/carrierwave
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  changelog_uri: https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md
 rdoc_options:
 - "--main"
 require_paths:
@@ -386,8 +385,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Ruby file upload library
 test_files: []