paperclip 4.2.4 → 5.2.0

data/.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: .hound.yml

data/.travis.yml

@@ -1,23 +1,25 @@
-rvm:
-  - 1.9.3
-  - jruby-19mode
-  - rbx-2
-  - 2.0.0
-  - 2.1.1
+language: ruby
+sudo: false
 
-install:
-  - "travis_retry bundle install"
+rvm:
+  - 2.1
+  - 2.2
+  - 2.3
+  - 2.4
 
-before_script: "sudo ntpdate -ub ntp.ubuntu.com pool.ntp.org; true"
 script: "bundle exec rake clean spec cucumber"
 
+addons:
+  apt:
+    packages:
+    - ghostscript
+
 gemfile:
-  - gemfiles/3.2.gemfile
-  - gemfiles/4.0.gemfile
-  - gemfiles/4.1.gemfile
+  - gemfiles/4.2.gemfile
+  - gemfiles/5.0.gemfile
 
 matrix:
   fast_finish: true
-  allow_failures:
-    - rvm: jruby-19mode
-    - rvm: rbx-2
+  exclude:
+    - gemfile: gemfiles/5.0.gemfile
+      rvm: 2.1

data/Appraisals

@@ -1,19 +1,7 @@
-appraise "3.2" do
-  gem "rails", "~> 3.2.0"
-  gem "paperclip", :path => "../"
-end
-
-appraise "4.0" do
-  gem "rails", "~> 4.0.0"
-  gem "paperclip", :path => "../"
-end
-
-appraise "4.1" do
-  gem "rails", "~> 4.1.0"
-  gem "paperclip", :path => "../"
+appraise "4.2" do
+  gem "rails", "~> 4.2.0"
 end
 
-appraise "4.2" do
-  gem "rails", "~> 4.2.0.rc2"
-  gem "paperclip", :path => "../"
+appraise "5.0" do
+  gem "rails", "~> 5.0.0"
 end

data/CONTRIBUTING.md

@@ -1,20 +1,31 @@
 Contributing
 ============
 
-We love pull requests. Here's a quick guide:
+We love pull requests from everyone. By participating in this project, you agree
+to abide by the thoughtbot [code of conduct].
+
+[code of conduct]: https://thoughtbot.com/open-source-code-of-conduct
+
+Here's a quick guide for contributing:
 
 1. Fork the repo.
 
-2. Run the tests. We only take pull requests with passing tests, and it's great
-to know that you have a clean slate: `bundle && rake`
+1. Make sure you have ImageMagick and Ghostscript installed. See [this section]
+(./README.md#image-processor) of the README.
 
-3. Add a test for your change. Only refactoring and documentation changes
+1. Run the tests. We only take pull requests with passing tests, and it's great
+to know that you have a clean slate: `bundle && bundle exec rake`
+
+1. Add a test for your change. Only refactoring and documentation changes
 require no new tests. If you are adding functionality or fixing a bug, we need
 a test!
 
-4. Make the test pass.
+1. Make the test pass.
+
+1. Mention how your changes affect the project to other developers and users in
+   the `NEWS.md` file.
 
-5. Push to your fork and submit a pull request.
+1. Push to your fork and submit a pull request.
 
 At this point you're waiting on us. We like to at least comment on, if not
 accept, pull requests within seven business days (most of the work on Paperclip
@@ -43,14 +54,14 @@ will be asked to rewrite them before we'll accept.
 ### Bootstrapping your test suite:
 
     bundle install
-    bundle exec rake appraisal:install
+    bundle exec appraisal install
 
 This will install all the required gems that requires to test against each
 version of Rails, which defined in `gemfiles/*.gemfile`.
 
 ### To run a full test suite:
 
-    bundle exec rake
+    bundle exec appraisal rake
 
 This will run RSpec and Cucumber against all version of Rails
 

data/Gemfile

@@ -3,18 +3,14 @@ source "https://rubygems.org"
 gemspec
 
 gem 'sqlite3', '~> 1.3.8', :platforms => :ruby
-
-gem 'jruby-openssl', :platforms => :jruby
-gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
-
-gem 'rubysl', :platforms => :rbx
-gem 'racc', :platforms => :rbx
-
 gem 'pry'
 
 # Hinting at development dependencies
 # Prevents bundler from taking a long-time to resolve
 group :development, :test do
-  gem 'mime-types', '~> 1.16'
+  gem 'activerecord-import'
+  gem 'mime-types'
   gem 'builder'
+  gem 'rubocop', require: false
+  gem 'rspec'
 end

data/LICENSE

@@ -3,7 +3,7 @@ LICENSE
 
 The MIT License
 
-Copyright (c) 2008-2014 Jon Yurek and thoughtbot, inc.
+Copyright (c) 2008-2016 Jon Yurek and thoughtbot, inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/NEWS

@@ -1,4 +1,107 @@
-4.2.4:
+5.2.0 (2018-01-23):
+
+* Security: Remove the automatic loading of URI adapters. Some of these
+  adapters can be specially crafted to expose your network topology. (#2435)
+* Bugfix: The rake task no longer rescues `Exception`. (#2476)
+* Bugfix: Handle malformed `Content-Disposition` headers (#2283)
+* Bugfix: The `:only_process` option works when passed a lambda again. (#2289)
+* Improvement: Added `:use_accelerate_endpoint` option when using S3 to enable
+  [Amazon S3 Transfer Acceleration](http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+  (#2291)
+* Improvement: Make the fingerprint digest configurable per attachment. The
+  default remains MD5. Making this configurable means it can change in a future
+  version because it is not considered secure anymore against intentional file
+  corruption. For more info, see https://en.wikipedia.org/wiki/MD5#Security
+
+  You can change the digest used for an attachment by adding the
+  `:adapter_options` parameter to the `has_attached_file` options like this:
+  `has_attached_file :avatar, adapter_options: { hash_digest: Digest::SHA256 }`
+
+  Use the rake task to regenerate fingerprints with the new digest for a given
+  class. Note that this does **not** check the file integrity using the old
+  fingerprint. Run the following command to regenerate fingerprints for all
+  User attachments:
+  `CLASS=User rake paperclip:refresh:fingerprints`
+  You can optionally limit the attachment that will be processed, e.g:
+  `CLASS=User ATTACHMENT=avatar rake paperclip:refresh:fingerprints` (#2229)
+* Improvement: The new `frame_index` option on the thumbnail processor allows
+  you to select a specific frame from an animated upload to use as a thumbnail.
+  Initial support is for mkv, avi, MP4, mov, MPEG, and GIF. (#2155)
+* Improvement: Instead of copying files, use hard links. This is an
+  optimization. (#2120)
+* Improvement: S3 storage option `:s3_prefixes_in_alias`. (#2287)
+* Improvement: Fog option `:fog_public` can be a lambda. (#2302)
+* Improvement: One fewer warning on JRuby. (#2352)
+
+5.1.0 (2016-08-19):
+
+* Add default `content_type_detector` to `UploadedFileAdapter` (#2270)
+* Default S3 protocol to empty string (#2038)
+* Don't write original file if it wasn't reprocessed (#1993)
+* Disallow trailing newlines in regular expressions (#2266)
+* Support for readbyte in Paperclip attachments (#2034)
+* (port from 4.3) Uri io adapter uses the content-disposition filename (#2250)
+* General refactors and documentation improvements
+
+5.0.0 (2016-07-01):
+
+* Improvement: Add `read_timeout` configuration for URI Adapter download_content method.
+* README adjustments for Ruby beginners (add links, elucidate model in Quick Start)
+* Bugfix: Now it's possible to save images from URLs with special characters [#1932]
+* Bugfix: Return false when file to copy is not present in cloud storage [#2173]
+* Automatically close file while checking mime type [#2016]
+* Add `read_timeout` option to `UriAdapter#download_content` method [#2232]
+* Fix a nil error in content type validation matcher [#1910]
+* Documentation improvements
+
+5.0.0.beta2 (2016-04-01):
+
+* Bugfix: Dynamic fog directory option is now respected
+* Bugfix: Fixes cocaine duplicated paths [#2169]
+* Removal of dead code (older versions of Rails and AWS SDK)
+* README adjustments
+
+5.0.0.beta1 (2016-03-13):
+
+* Bug Fix: megabytes of mime-types info in logs when a spoofed media type is detected.
+* Drop support to end-of-life'd ruby 2.0.
+* Drop support for end-of-life'd Rails 3.2 and 4.1
+* Drop support for AWS v1
+* Remove tests for JRuby and Rubinius from Travis CI (they were failing)
+* Improvement: Add `fog_options` configuration to send options to fog when
+  storing files.
+* Extracted repository for locales only:  https://github.com/thoughtbot/paperclip-i18n
+* Bugfix: Original file could be unlinked during `post_process_style`, producing failures
+* Bugfix for image magick scaling images up
+* Memory consumption improvements
+* `url` on a unpersisted record returns `default_url` rather than `nil`
+* Improvement: aws-sdk v2 support
+  https://github.com/thoughtbot/paperclip/pull/1903
+
+  If your Gemfile contains aws-sdk (>= 2.0.0) and aws-sdk-v1, paperclip will use
+  aws-sdk v2. With aws-sdk v2, S3 storage requires you to set the s3_region.
+  s3_region may be nested in s3_credentials, and (if not nested in
+  s3_credentials) it may be a Proc.
+
+4.3
+
+See patch versions in v4.3 NEWS:
+https://github.com/thoughtbot/paperclip/blob/v4.3/NEWS
+
+4.3.0 (2015-06-18):
+
+* Improvement: Update aws-sdk and cucumber gem versions.
+* Improvement: Add `length` alias for `size` method in AbstractAdapter.
+* Improvement: Removed some cruft
+* Improvement: deep_merge! Attachment definitions
+* Improvement: Switch to mimemagic gem for content-type detection
+* Improvement: Allows multiple content types for spoof detector
+* Bug Fix: Don't assume we have Rails.env if we have Rails
+* Performance: Decrease Memory footprint
+* Ruby Versioning: Drop support for 1.9.3 (EOL'ed)
+* Rails Versioning: Drop support for 4.0.0 (EOL'ed)
+
+4.2.4 (2015-06-05):
 
 * Rollback backwards incompatible change, allowing paperclip to run on
   Ruby >= 1.9.2.
@@ -22,7 +125,7 @@
 * Improvement: Better escaping for characters in URLs
 * Improvement: Honor `fog_credentials[:scheme]`
 * Improvement: Also look for custom processors in lib/paperclip
-* Improvement: id partitioning for string IDs works liks integer id
+* Improvement: id partitioning for string IDs works like integer id
 * Improvement: Can pass options to DB adapters in migrations
 * Improvement: Update expiring_url creation for later versions of fog
 * Improvement: `path` can be a Proc in S3 attachments