Bump carrierwave from 2.2.7 to 3.1.3

[dependabot]

Bumps carrierwave from 2.2.7 to 3.1.3.

Release notes

Sourced from carrierwave's releases.

3.1.2

Fixed

• Fix failing to remove existing files on updating by #remove_#{column}=, ##{column}_cache=, and #remote_#{column}_url= (@​mshibuya 7b2ce50, #2778, #2779)

3.1.1

Fixed

• Stop calling #mb_chars, as it is no longer necessary (@​chaadow #2773)
• Fix to raise error when imagemagick is missing on Alpine >= 3.19 (@​danwilliams-fl #2772)
• Fix #dup with custom serialisation (@​nassim-platogo #2771)
• Fix SanitizedFile#read to behave in the same way with IO#read with arguments (@​mshibuya 9eace1c, #2770)

3.1.0

Added

• Support for AWS S3 FIPS endpoints (@​matt-domsch-sp #2763, 04bfab3, #2762)
• Add CarrierWave::Storage::Fog::File#empty? (@​mshibuya 2d1af56, #1926)
• Add support for the crop processing method (@​clickworkorange #2721)
• Add global skip_ssrf_protection configuration (@​rajyan #2696, #2695)

Changed

• Show warning when conditionals are used with :convert (@​mshibuya fb287f3, #2723)
• Rename #version_exists? to #version_active?, to reduce confusion (@​mshibuya 21ca90a, #1926)
• Show warning if #filename is safeguarded as in the pre-3.x style (@​mshibuya #2718, #2708)

Fixed

• Fix incompatibility with MiniMagick >= 5.0 (@​mshibuya a60d8d8, #2761)
• Fix incompatibility with uri gem >= 1.0 (@​ollym #2760, #2759)
• Clear download errors on reassigning remote urls (@​mshibuya bb8c6e1, #2725)
• Fix version names starting with a non-alphabet character lead to NameError (@​r7kamura #2748, #2722)
• Fix Rails 7.2 incompatibility due to incorrect use of ActiveSupport::Deprecation (@​mshibuya b25477d, 8761240, #2751)
• Fix assigning a file with the same name not marking the column as changed (@​mshibuya 47f1737, #2719)
• Fix content type magic detection for files packaged in .zip (@​dzhikvas #2705, #2704)

3.1.0.rc

Added

• Support for AWS S3 FIPS endpoints (@​matt-domsch-sp #2763, 04bfab3, #2762)
• Add CarrierWave::Storage::Fog::File#empty? (@​mshibuya 2d1af56, #1926)

Changed

• Show warning when conditionals are used with :convert (@​mshibuya fb287f3, #2723)
• Rename #version_exists? to #version_active?, to reduce confusion (@​mshibuya 21ca90a, #1926)

Fixed

• Fix incompatibility with MiniMagick >= 5.0 (@​mshibuya a60d8d8, #2761)
• Fix incompatibility with uri gem >= 1.0 (@​ollym #2760, #2759)
• Clear download errors on reassigning remote urls (@​mshibuya bb8c6e1, #2725)

3.1.0.beta

Added

• Add support for the crop processing method (@​clickworkorange #2721)
• Add global skip_ssrf_protection configuration (@​rajyan #2696, #2695)

... (truncated)

Changelog

Sourced from carrierwave's changelog.

3.1.3 - 2026-05-23

Security

• Fix bypass in content_type_denylist via unescaped RegExp chars (@​mshibuya 21221cc, GHSA-7g26-2qgj-chfg)

3.1.2 - 2025-04-13

Fixed

• Fix failing to remove existing files on updating by #remove_#{column}=, ##{column}_cache=, and #remote_#{column}_url= (@​mshibuya 7b2ce50, #2778, #2779)

3.1.1 - 2025-01-12

Fixed

• Stop calling #mb_chars, as it is no longer necessary (@​chaadow #2773)
• Fix to raise error when imagemagick is missing on Alpine >= 3.19 (@​danwilliams-fl #2772)
• Fix #dup with custom serialisation (@​nassim-platogo #2771)
• Fix SanitizedFile#read to behave in the same way with IO#read with arguments (@​mshibuya 9eace1c, #2770)

3.1.0 - 2024-12-14

No changes.

3.1.0.rc - 2024-12-07

Added

• Support for AWS S3 FIPS endpoints (@​matt-domsch-sp #2763, 04bfab3, #2762)
• Add CarrierWave::Storage::Fog::File#empty? (@​mshibuya 2d1af56, #1926)

Changed

• Show warning when conditionals are used with :convert (@​mshibuya fb287f3, #2723)
• Rename #version_exists? to #version_active?, to reduce confusion (@​mshibuya 21ca90a, #1926)

Fixed

• Fix incompatibility with MiniMagick >= 5.0 (@​mshibuya a60d8d8, #2761)
• Fix incompatibility with uri gem >= 1.0 (@​ollym #2760, #2759)
• Clear download errors on reassigning remote urls (@​mshibuya bb8c6e1, #2725)

3.1.0.beta - 2024-09-01

Added

• Add support for the crop processing method (@​clickworkorange #2721)
• Add global skip_ssrf_protection configuration (@​rajyan #2696, #2695)

Changed

• Show warning if #filename is safeguarded as in the pre-3.x style (@​mshibuya #2718, #2708)

Fixed

• Fix version names starting with a non-alphabet character lead to NameError (@​r7kamura #2748, #2722)
• Fix Rails 7.2 incompatibility due to incorrect use of ActiveSupport::Deprecation (@​mshibuya b25477d, 8761240, #2751)
• Fix assigning a file with the same name not marking the column as changed (@​mshibuya 47f1737, #2719)

... (truncated)

Commits

• 5effe4e Version 3.1.3
• 21221cc Security: Fix bypass in content_type_denylist via unescaped RegExp chars
• 7023b89 CI against Ruby 4.0 (#2815)
• fee4fb7 Bump actions/checkout from 5 to 6 (#2797)
• a56bb0e Fix broken CI (#2816)
• a015f02 Update build matrix
• b53a725 Bump actions/checkout from 4 to 5 (#2790)
• 2d14664 Add content_type_allowlist example to uploader template (#2785)
• 4b797ef Cope with the change in MiniMagick 5.3
• a51a970 Provide a 'Changelog' link on rubygems.org/gems/carrierwave (#2774)
• Additional commits viewable in compare view