safe_image 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -12
- data/README.md +140 -287
- data/SECURITY.md +22 -11
- data/docs/architecture.md +63 -0
- data/ext/safe_image_vips_helper/extconf.rb +43 -0
- data/ext/safe_image_vips_helper/safe_image_vips_helper.c +1007 -0
- data/lib/safe_image/api/metadata.rb +85 -0
- data/lib/safe_image/api/transform.rb +152 -0
- data/lib/safe_image/backend_label.rb +24 -0
- data/lib/safe_image/formats.rb +96 -0
- data/lib/safe_image/ico.rb +42 -40
- data/lib/safe_image/image_magick_backend.rb +219 -162
- data/lib/safe_image/jpegli_backend.rb +64 -44
- data/lib/safe_image/metadata_operations.rb +155 -0
- data/lib/safe_image/native.rb +96 -290
- data/lib/safe_image/native_helper.rb +281 -0
- data/lib/safe_image/operation_backends/base.rb +83 -0
- data/lib/safe_image/operation_backends/image_magick.rb +123 -0
- data/lib/safe_image/operation_backends/vips.rb +251 -0
- data/lib/safe_image/operation_backends.rb +27 -0
- data/lib/safe_image/operation_set.rb +22 -0
- data/lib/safe_image/optimizer.rb +225 -98
- data/lib/safe_image/path_safety.rb +11 -0
- data/lib/safe_image/processor.rb +122 -85
- data/lib/safe_image/quality_defaults.rb +23 -0
- data/lib/safe_image/remote.rb +248 -144
- data/lib/safe_image/result.rb +71 -23
- data/lib/safe_image/runner.rb +60 -23
- data/lib/safe_image/sandbox.rb +44 -218
- data/lib/safe_image/staged_output.rb +44 -0
- data/lib/safe_image/svg_metadata.rb +74 -69
- data/lib/safe_image/transform_operations.rb +139 -0
- data/lib/safe_image/version.rb +1 -1
- data/lib/safe_image/vips_backend.rb +13 -12
- data/lib/safe_image.rb +62 -306
- metadata +43 -37
- data/lib/safe_image/discourse_compat.rb +0 -441
- data/lib/safe_image/svg_css.rb +0 -314
- data/lib/safe_image/svg_sanitizer.rb +0 -583
- data/lib/safe_image/vips_glue.rb +0 -361
- data/lib/safe_image/zygote.rb +0 -619
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1f73bfd1e95c6fbb93ad43254cbff0b2d14cf1d667b5af58daf3e7f2311e3240
|
|
4
|
+
data.tar.gz: 598bc5111672e82b922bfc134c168488ad9348b2b85cf5d6f3ac6d12c959ddfc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3dd059f65b1f5d5ad43290aaf3e654817eca8d5127f90717cbf91739c31b92c9674c5fcc73c5b61a5b2be724c5b8053e298a35f6063cd880959a3ccfb9916c8
|
|
7
|
+
data.tar.gz: 5eeb7da08494d4e76f6ba5e9aa6479b083c8e1cd8f40fa7779537c00884a0e5cb068714b6fbf6ece00fc82fcdc39919c458c2fadcc4740b1348786a88871fb7a
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.4.0 - 2026-06-18]
|
|
9
|
+
|
|
10
|
+
### Removed (breaking)
|
|
11
|
+
|
|
12
|
+
- Removed `SafeImage.sanitize_svg!` and the internal SVG/CSS sanitizer
|
|
13
|
+
implementation. Safe Image still supports bounded SVG metadata probing for
|
|
14
|
+
local and remote `.svg` files, but applications that need to clean or inline
|
|
15
|
+
user-supplied SVG content must use a dedicated sanitizer outside this gem.
|
|
16
|
+
- Removed the compatibility/in-place file-writing APIs. `resize`, `crop`,
|
|
17
|
+
`downsize`, `convert`, `fix_orientation`, `convert_favicon_to_png`, and
|
|
18
|
+
`optimize` now require explicit, distinct `input:` and `output:` paths;
|
|
19
|
+
`optimize_image!` and `convert_to_jpeg` are gone.
|
|
20
|
+
|
|
8
21
|
## [0.3.0 - 2026-06-12]
|
|
9
22
|
|
|
10
23
|
### Changed (breaking)
|
|
@@ -81,8 +94,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
81
94
|
allowlist, all TCP denied on ABI ≥ 4, abstract-unix-socket/signal scopes on
|
|
82
95
|
ABI ≥ 6), and — when the installed `landlock` gem exposes
|
|
83
96
|
`seccomp_deny_network!` — the helper's deny-all-network seccomp filter
|
|
84
|
-
(blocking sockets of every family,
|
|
85
|
-
Landlock policy alone leaves open), *before* touching untrusted input, and
|
|
97
|
+
(blocking sockets of every family), *before* touching untrusted input, and
|
|
86
98
|
exits after the operation. Workers are pooled so N threads run N sandboxed
|
|
87
99
|
operations at once (the single zygote would serialise them): the pool grows
|
|
88
100
|
on demand to `SAFE_IMAGE_ZYGOTE_WORKERS` (default 8) and offered concurrency
|
|
@@ -284,18 +296,15 @@ between backends.
|
|
|
284
296
|
- Graceful operation without libvips: the new `SafeImage::VipsUnavailableError`
|
|
285
297
|
(a subclass of `UnsupportedFormatError`) makes `backend: :auto` route through
|
|
286
298
|
ImageMagick on hosts without the library, while explicit `backend: :vips`
|
|
287
|
-
calls fail closed. `SafeImage::
|
|
299
|
+
calls fail closed. `SafeImage::Native.available?` reports the state.
|
|
288
300
|
- `docker/run.sh`: containerised validation against Debian bookworm's packaged
|
|
289
|
-
libvips 8.14
|
|
301
|
+
libvips 8.14 and native-helper build/install.
|
|
290
302
|
|
|
291
303
|
### Changed
|
|
292
304
|
|
|
293
|
-
- **The compiled C
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
only gem dependencies are `fiddle` and `rexml`. Minimum libvips is 8.13
|
|
297
|
-
(Debian bookworm's 8.14 package is tested); `SAFE_IMAGE_LIBVIPS` overrides
|
|
298
|
-
the library name.
|
|
305
|
+
- **The compiled C helper owns libvips execution.** libvips is initialized in
|
|
306
|
+
the bundled helper process, which exposes only the operations the gem invokes.
|
|
307
|
+
Minimum libvips is 8.13 (Debian bookworm's 8.14 package is tested).
|
|
299
308
|
- All transform defaults are now native-first: `resize`, `crop`, `downsize`,
|
|
300
309
|
`convert` and `thumbnail` default to `backend: :auto` (previously
|
|
301
310
|
ImageMagick for the first three and `:vips` fail-closed for `thumbnail`).
|
|
@@ -337,8 +346,8 @@ between backends.
|
|
|
337
346
|
untrusted-operation block: JPEG XL is part of the supported input surface,
|
|
338
347
|
and inputs still pass extension routing, pixel caps and (optionally) the
|
|
339
348
|
Landlock sandbox.
|
|
340
|
-
- The
|
|
341
|
-
guards
|
|
349
|
+
- The native helper doubles as an operation allowlist, and a leak-loop test
|
|
350
|
+
guards helper request handling.
|
|
342
351
|
|
|
343
352
|
## [0.1.0] - 2026-06-09
|
|
344
353
|
|