Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-activestorage-8.0 for
openSUSE:Factory checked in at 2025-10-10 17:12:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-activestorage-8.0 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-activestorage-8.0.new.5300 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activestorage-8.0"
Fri Oct 10 17:12:18 2025 rev:5 rq:1310576 version:8.0.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-activestorage-8.0/rubygem-activestorage-8.0.changes
2025-08-22 17:50:58.107860487 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-activestorage-8.0.new.5300/rubygem-activestorage-8.0.changes
2025-10-10 17:13:51.732638133 +0200
@@ -1,0 +2,6 @@
+Tue Sep 23 00:16:34 UTC 2025 - Marcus Rueckert <[email protected]>
+
+- Update to version 8.0.3:
+ https://rubyonrails.org/2025/9/22/Rails-Version-8-0-3-has-been-released
+
+-------------------------------------------------------------------
Old:
----
activestorage-8.0.2.1.gem
New:
----
activestorage-8.0.3.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-activestorage-8.0.spec ++++++
--- /var/tmp/diff_new_pack.KFnbQy/_old 2025-10-10 17:13:53.048693530 +0200
+++ /var/tmp/diff_new_pack.KFnbQy/_new 2025-10-10 17:13:53.048693530 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-activestorage-8.0
-Version: 8.0.2.1
+Version: 8.0.3
Release: 0
%define mod_name activestorage
%define mod_full_name %{mod_name}-%{version}
++++++ activestorage-8.0.2.1.gem -> activestorage-8.0.3.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 1980-01-02 01:00:00.000000000 +0100
+++ new/CHANGELOG.md 1980-01-02 01:00:00.000000000 +0100
@@ -1,15 +1,21 @@
-## Rails 8.0.2.1 (August 13, 2025) ##
+## Rails 8.0.3 (September 22, 2025) ##
- Remove dangerous transformations
+* Address deprecation of `Aws::S3::Object#upload_stream` in
`ActiveStorage::Service::S3Service`.
- [CVE-2025-24293]
+ *Joshua Young*
- *Zack Deveau*
+* Fix `config.active_storage.touch_attachment_records` to work with eager
loading.
+
+ *fatkodima*
-## Rails 8.0.2 (March 12, 2025) ##
-* No changes.
+## Rails 8.0.2.1 (August 13, 2025) ##
+
+* Remove dangerous transformations
+ [CVE-2025-24293]
+
+ *Zack Deveau*
## Rails 8.0.2 (March 12, 2025) ##
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 1980-01-02 01:00:00.000000000 +0100
+++ new/README.md 1980-01-02 01:00:00.000000000 +0100
@@ -203,6 +203,6 @@
* https://github.com/rails/rails/issues
-Feature requests should be discussed on the rails-core mailing list here:
+Feature requests should be discussed on the rubyonrails-core forum here:
* https://discuss.rubyonrails.org/c/rubyonrails-core
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/app/controllers/active_storage/disk_controller.rb
new/app/controllers/active_storage/disk_controller.rb
--- old/app/controllers/active_storage/disk_controller.rb 1980-01-02
01:00:00.000000000 +0100
+++ new/app/controllers/active_storage/disk_controller.rb 1980-01-02
01:00:00.000000000 +0100
@@ -25,13 +25,13 @@
named_disk_service(token[:service_name]).upload token[:key],
request.body, checksum: token[:checksum]
head :no_content
else
- head :unprocessable_entity
+ head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
end
else
head :not_found
end
rescue ActiveStorage::IntegrityError
- head :unprocessable_entity
+ head ActionDispatch::Constants::UNPROCESSABLE_CONTENT
end
private
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/app/models/active_storage/blob/representable.rb
new/app/models/active_storage/blob/representable.rb
--- old/app/models/active_storage/blob/representable.rb 1980-01-02
01:00:00.000000000 +0100
+++ new/app/models/active_storage/blob/representable.rb 1980-01-02
01:00:00.000000000 +0100
@@ -25,12 +25,78 @@
#
# <%= image_tag Current.user.avatar.variant(resize_to_limit: [100, 100]) %>
#
- # This will create a URL for that specific blob with that specific variant,
which the ActiveStorage::RepresentationsController
- # can then produce on-demand.
+ # This will create a URL for that specific blob with that specific variant,
which the ActiveStorage::Representations::ProxyController
+ # or ActiveStorage::Representations::RedirectController can then produce
on-demand.
#
# Raises ActiveStorage::InvariableError if the variant processor cannot
# transform the blob. To determine whether a blob is variable, call
# ActiveStorage::Blob#variable?.
+ #
+ # ==== Options
+ #
+ # Options are defined by the {image_processing
gem}[https://github.com/janko/image_processing],
+ # and depend on which variant processor you are using:
+ # {Vips}[https://github.com/janko/image_processing/blob/master/doc/vips.md]
or
+ #
{MiniMagick}[https://github.com/janko/image_processing/blob/master/doc/minimagick.md].
+ # However, both variant processors support the following options:
+ #
+ # [+:resize_to_limit+]
+ # Downsizes the image to fit within the specified dimensions while
retaining
+ # the original aspect ratio. Will only resize the image if it's larger than
+ # the specified dimensions.
+ #
+ # user.avatar.variant(resize_to_limit: [100, 100])
+ #
+ # [+:resize_to_fit+]
+ # Resizes the image to fit within the specified dimensions while retaining
+ # the original aspect ratio. Will downsize the image if it's larger than
the
+ # specified dimensions or upsize if it's smaller.
+ #
+ # user.avatar.variant(resize_to_fit: [100, 100])
+ #
+ # [+:resize_to_fill+]
+ # Resizes the image to fill the specified dimensions while retaining the
+ # original aspect ratio. If necessary, will crop the image in the larger
+ # dimension.
+ #
+ # user.avatar.variant(resize_to_fill: [100, 100])
+ #
+ # [+:resize_and_pad+]
+ # Resizes the image to fit within the specified dimensions while retaining
+ # the original aspect ratio. If necessary, will pad the remaining area with
+ # transparent color if source image has alpha channel, black otherwise.
+ #
+ # user.avatar.variant(resize_and_pad: [100, 100])
+ #
+ # [+:crop+]
+ # Extracts an area from an image. The first two arguments are the left and
+ # top edges of area to extract, while the last two arguments are the width
+ # and height of the area to extract.
+ #
+ # user.avatar.variant(crop: [20, 50, 300, 300])
+ #
+ # [+:rotate+]
+ # Rotates the image by the specified angle.
+ #
+ # user.avatar.variant(rotate: 90)
+ #
+ # Some options, including those listed above, can accept additional
+ # processor-specific values which can be passed as a trailing hash:
+ #
+ # <!-- Vips supports configuring `crop` for many of its transformations
-->
+ # <%= image_tag user.avatar.variant(resize_to_fill: [100, 100, { crop:
:centre }]) %>
+ #
+ # If migrating an existing application between MiniMagick and Vips, you will
+ # need to update processor-specific options:
+ #
+ # <!-- MiniMagick -->
+ # <%= image_tag user.avatar.variant(resize_to_limit: [100, 100], format:
:jpeg,
+ # sampling_factor: "4:2:0", strip: true, interlace: "JPEG",
colorspace: "sRGB", quality: 80) %>
+ #
+ # <!-- Vips -->
+ # <%= image_tag user.avatar.variant(resize_to_limit: [100, 100], format:
:jpeg,
+ # saver: { subsample_mode: "on", strip: true, interlace: true,
quality: 80 }) %>
+ #
def variant(transformations)
if variable?
variant_class.new(self,
ActiveStorage::Variation.wrap(transformations).default_to(default_variant_transformations))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/app/models/active_storage/variant.rb
new/app/models/active_storage/variant.rb
--- old/app/models/active_storage/variant.rb 1980-01-02 01:00:00.000000000
+0100
+++ new/app/models/active_storage/variant.rb 1980-01-02 01:00:00.000000000
+0100
@@ -22,15 +22,15 @@
# Note that to create a variant it's necessary to download the entire blob
file from the service. Because of this process,
# you also want to be considerate about when the variant is actually
processed. You shouldn't be processing variants inline
# in a template, for example. Delay the processing to an on-demand controller,
like the one provided in
-# ActiveStorage::RepresentationsController.
+# ActiveStorage::Representations::ProxyController and
ActiveStorage::Representations::RedirectController.
#
# To refer to such a delayed on-demand variant, simply link to the variant
through the resolved route provided
# by Active Storage like so:
#
# <%= image_tag Current.user.avatar.variant(resize_to_limit: [100, 100]) %>
#
-# This will create a URL for that specific blob with that specific variant,
which the ActiveStorage::RepresentationsController
-# can then produce on-demand.
+# This will create a URL for that specific blob with that specific variant,
which the ActiveStorage::Representations::ProxyController
+# or ActiveStorage::Representations::RedirectController can then produce
on-demand.
#
# When you do want to actually produce the variant needed, call +processed+.
This will check that the variant
# has already been processed and uploaded to the service, and, if so, just
return that. Otherwise it will perform
@@ -74,11 +74,11 @@
"variants/#{blob.key}/#{OpenSSL::Digest::SHA256.hexdigest(variation.key)}"
end
- # Returns the URL of the blob variant on the service. See
{ActiveStorage::Blob#url} for details.
+ # Returns the URL of the blob variant on the service. See
ActiveStorage::Blob#url for details.
#
# Use <tt>url_for(variant)</tt> (or the implied form, like <tt>link_to
variant</tt> or <tt>redirect_to variant</tt>) to get the stable URL
- # for a variant that points to the ActiveStorage::RepresentationsController,
which in turn will use this +service_call+ method
- # for its redirection.
+ # for a variant that points to the
ActiveStorage::Representations::ProxyController or
ActiveStorage::Representations::RedirectController,
+ # which in turn will use this +service_call+ method for its redirection.
def url(expires_in: ActiveStorage.service_urls_expire_in, disposition:
:inline)
service.url key, expires_in: expires_in, disposition: disposition,
filename: filename, content_type: content_type
end
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_storage/attached/model.rb
new/lib/active_storage/attached/model.rb
--- old/lib/active_storage/attached/model.rb 1980-01-02 01:00:00.000000000
+0100
+++ new/lib/active_storage/attached/model.rb 1980-01-02 01:00:00.000000000
+0100
@@ -61,8 +61,8 @@
# There is no column defined on the model side, Active Storage takes
# care of the mapping between your records and the attachment.
#
- # Under the covers, this relationship is implemented as a +has_one+
association to a
- # ActiveStorage::Attachment record and a +has_one-through+ association
to a
+ # Under the covers, this relationship is implemented as a +has_one+
association to an
+ # ActiveStorage::Attachment record and a +has_one-through+ association
to an
# ActiveStorage::Blob record. These associations are available as
+avatar_attachment+
# and +avatar_blob+. But you shouldn't need to work with these
associations directly in
# most circumstances.
@@ -163,8 +163,8 @@
# There are no columns defined on the model side, Active Storage takes
# care of the mapping between your records and the attachments.
#
- # Under the covers, this relationship is implemented as a +has_many+
association to a
- # ActiveStorage::Attachment record and a +has_many-through+ association
to a
+ # Under the covers, this relationship is implemented as a +has_many+
association to an
+ # ActiveStorage::Attachment record and a +has_many-through+ association
to an
# ActiveStorage::Blob record. These associations are available as
+photos_attachments+
# and +photos_blobs+. But you shouldn't need to work with these
associations directly in
# most circumstances.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_storage/engine.rb
new/lib/active_storage/engine.rb
--- old/lib/active_storage/engine.rb 1980-01-02 01:00:00.000000000 +0100
+++ new/lib/active_storage/engine.rb 1980-01-02 01:00:00.000000000 +0100
@@ -84,6 +84,10 @@
end
initializer "active_storage.configs" do
+ config.before_initialize do |app|
+ ActiveStorage.touch_attachment_records =
app.config.active_storage.touch_attachment_records != false
+ end
+
config.after_initialize do |app|
ActiveStorage.logger = app.config.active_storage.logger ||
Rails.logger
ActiveStorage.variant_processor =
app.config.active_storage.variant_processor || :mini_magick
@@ -112,7 +116,6 @@
ActiveStorage.variable_content_types =
app.config.active_storage.variable_content_types || []
ActiveStorage.web_image_content_types =
app.config.active_storage.web_image_content_types || []
ActiveStorage.content_types_to_serve_as_binary =
app.config.active_storage.content_types_to_serve_as_binary || []
- ActiveStorage.touch_attachment_records =
app.config.active_storage.touch_attachment_records != false
ActiveStorage.service_urls_expire_in =
app.config.active_storage.service_urls_expire_in || 5.minutes
ActiveStorage.urls_expire_in = app.config.active_storage.urls_expire_in
ActiveStorage.content_types_allowed_inline =
app.config.active_storage.content_types_allowed_inline || []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_storage/fixture_set.rb
new/lib/active_storage/fixture_set.rb
--- old/lib/active_storage/fixture_set.rb 1980-01-02 01:00:00.000000000
+0100
+++ new/lib/active_storage/fixture_set.rb 1980-01-02 01:00:00.000000000
+0100
@@ -50,7 +50,7 @@
# by ActiveSupport::Testing::FileFixtures.file_fixture, and upload
# the file to the Service
#
- # === Examples
+ # ==== Examples
#
# # tests/fixtures/active_storage/blobs.yml
# second_thumbnail_blob: <%= ActiveStorage::FixtureSet.blob(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_storage/gem_version.rb
new/lib/active_storage/gem_version.rb
--- old/lib/active_storage/gem_version.rb 1980-01-02 01:00:00.000000000
+0100
+++ new/lib/active_storage/gem_version.rb 1980-01-02 01:00:00.000000000
+0100
@@ -9,8 +9,8 @@
module VERSION
MAJOR = 8
MINOR = 0
- TINY = 2
- PRE = "1"
+ TINY = 3
+ PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/active_storage/service/s3_service.rb
new/lib/active_storage/service/s3_service.rb
--- old/lib/active_storage/service/s3_service.rb 1980-01-02
01:00:00.000000000 +0100
+++ new/lib/active_storage/service/s3_service.rb 1980-01-02
01:00:00.000000000 +0100
@@ -16,6 +16,7 @@
def initialize(bucket:, upload: {}, public: false, **options)
@client = Aws::S3::Resource.new(**options)
+ @transfer_manager = Aws::S3::TransferManager.new(client: @client.client)
if defined?(Aws::S3::TransferManager)
@bucket = @client.bucket(bucket)
@multipart_upload_threshold = upload.delete(:multipart_threshold) ||
100.megabytes
@@ -100,7 +101,8 @@
def compose(source_keys, destination_key, filename: nil, content_type:
nil, disposition: nil, custom_metadata: {})
content_disposition = content_disposition_with(type: disposition,
filename: filename) if disposition && filename
- object_for(destination_key).upload_stream(
+ upload_stream(
+ key: destination_key,
content_type: content_type,
content_disposition: content_disposition,
part_size: MINIMUM_UPLOAD_PART_SIZE,
@@ -116,6 +118,14 @@
end
private
+ def upload_stream(key:, **options, &block)
+ if @transfer_manager
+ @transfer_manager.upload_stream(key: key, bucket: bucket.name,
**options, &block)
+ else
+ object_for(key).upload_stream(**options, &block)
+ end
+ end
+
def private_url(key, expires_in:, filename:, disposition:,
content_type:, **client_opts)
object_for(key).presigned_url :get, expires_in: expires_in.to_i,
response_content_disposition: content_disposition_with(type:
disposition, filename: filename),
@@ -126,7 +136,6 @@
object_for(key).public_url(**client_opts)
end
-
MAXIMUM_UPLOAD_PARTS_COUNT = 10000
MINIMUM_UPLOAD_PART_SIZE = 5.megabytes
@@ -139,12 +148,18 @@
def upload_with_multipart(key, io, content_type: nil,
content_disposition: nil, custom_metadata: {})
part_size = [ io.size.fdiv(MAXIMUM_UPLOAD_PARTS_COUNT).ceil,
MINIMUM_UPLOAD_PART_SIZE ].max
- object_for(key).upload_stream(content_type: content_type,
content_disposition: content_disposition, part_size: part_size, metadata:
custom_metadata, **upload_options) do |out|
+ upload_stream(
+ key: key,
+ content_type: content_type,
+ content_disposition: content_disposition,
+ part_size: part_size,
+ metadata: custom_metadata,
+ **upload_options
+ ) do |out|
IO.copy_stream(io, out)
end
end
-
def object_for(key)
bucket.object(key)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 1980-01-02 01:00:00.000000000 +0100
+++ new/metadata 1980-01-02 01:00:00.000000000 +0100
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: activestorage
version: !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
platform: ruby
authors:
- David Heinemeier Hansson
@@ -15,56 +15,56 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
- !ruby/object:Gem::Dependency
name: actionpack
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
- !ruby/object:Gem::Dependency
name: activejob
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
- !ruby/object:Gem::Dependency
name: activerecord
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 8.0.2.1
+ version: 8.0.3
- !ruby/object:Gem::Dependency
name: marcel
requirement: !ruby/object:Gem::Requirement
@@ -189,10 +189,10 @@
- MIT
metadata:
bug_tracker_uri: https://github.com/rails/rails/issues
- changelog_uri:
https://github.com/rails/rails/blob/v8.0.2.1/activestorage/CHANGELOG.md
- documentation_uri: https://api.rubyonrails.org/v8.0.2.1/
+ changelog_uri:
https://github.com/rails/rails/blob/v8.0.3/activestorage/CHANGELOG.md
+ documentation_uri: https://api.rubyonrails.org/v8.0.3/
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
- source_code_uri: https://github.com/rails/rails/tree/v8.0.2.1/activestorage
+ source_code_uri: https://github.com/rails/rails/tree/v8.0.3/activestorage
rubygems_mfa_required: 'true'
rdoc_options: []
require_paths:
