From 2b8a6f68ee7b1065cc78134b13451ebb3d9596e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 18:51:40 +0000 Subject: [PATCH 1/3] Bump mini_magick from 4.13.1 to 5.0.0 Bumps [mini_magick](https://github.com/minimagick/minimagick) from 4.13.1 to 5.0.0. - [Release notes](https://github.com/minimagick/minimagick/releases) - [Commits](https://github.com/minimagick/minimagick/compare/v4.13.1...v5.0.0) --- updated-dependencies: - dependency-name: mini_magick dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3574bdd0..07009bdd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -250,7 +250,7 @@ GEM mime-types (3.5.2) mime-types-data (~> 3.2015) mime-types-data (3.2024.0604) - mini_magick (4.13.1) + mini_magick (5.0.0) mini_mime (1.1.5) mini_portile2 (2.8.7) minitest (5.24.1) From 1da320b54d718f278cbf390642cbd05606136d79 Mon Sep 17 00:00:00 2001 From: ChrisBAshton Date: Mon, 22 Jul 2024 16:24:00 +0100 Subject: [PATCH 2/3] Use Rails' Marcel gem to detect mimetype This is [recommended by MiniMagick](https://github.com/minimagick/minimagick/releases/tag/v5.0.0): > MIME type from file content should be determined either using > Marcel or MimeMagic, or mime-types or MiniMime using Image#type. Removes the `rescue MiniMagick::Error, MiniMagick::Invalid` block as we're no longer opening the image with MiniMagick. Also fixes up the `record.errors[attribute] <<` syntax, which no longer works. --- app/validators/image_validator.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/validators/image_validator.rb b/app/validators/image_validator.rb index 02e248bd..faea2136 100644 --- a/app/validators/image_validator.rb +++ b/app/validators/image_validator.rb @@ -1,3 +1,5 @@ +require "marcel" + class ImageValidator < ActiveModel::EachValidator MIME_TYPES = { "image/jpeg" => /(\.jpeg|\.jpg)$/, @@ -8,15 +10,13 @@ class ImageValidator < ActiveModel::EachValidator def validate_each(record, attribute, value) return unless value.present? && File.exist?(value.path) - image = MiniMagick::Image.open(value.path) + mime_type = Marcel::MimeType.for(Pathname.new(value.path)) - valid_extension = MIME_TYPES[image.mime_type] + valid_extension = MIME_TYPES[mime_type] if valid_extension.nil? - record.errors[attribute] << "is not an allowed image format" + record.errors.add(attribute, message: "is not an allowed image format") elsif !value.path.downcase.match?(valid_extension) - record.errors.add(attribute, message: "is of type '#{image.mime_type}', but has the extension '#{File.extname(value.path)}'") + record.errors.add(attribute, message: "is of type '#{mime_type}', but has the extension '#{File.extname(value.path)}'") end - rescue MiniMagick::Error, MiniMagick::Invalid - record.errors.add(attribute, message: "is not an image") end end From 7ffce06084b59f58b7994cecc8104ea8612782ac Mon Sep 17 00:00:00 2001 From: ChrisBAshton Date: Mon, 22 Jul 2024 16:28:43 +0100 Subject: [PATCH 3/3] Remove MiniMagick dependency Now that we're using Marcel for mimetype detection, we no longer have a use case for MiniMagick. --- Gemfile | 1 - Gemfile.lock | 2 -- 2 files changed, 3 deletions(-) diff --git a/Gemfile b/Gemfile index 47665b1b..1ab17174 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,6 @@ gem "govspeak" gem "govuk_app_config" gem "govuk_publishing_components" gem "govuk_sidekiq" -gem "mini_magick" gem "mongo" gem "mongoid" gem "pdf-reader" diff --git a/Gemfile.lock b/Gemfile.lock index 07009bdd..ec717b3c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -250,7 +250,6 @@ GEM mime-types (3.5.2) mime-types-data (~> 3.2015) mime-types-data (3.2024.0604) - mini_magick (5.0.0) mini_mime (1.1.5) mini_portile2 (2.8.7) minitest (5.24.1) @@ -763,7 +762,6 @@ DEPENDENCIES govuk_sidekiq govuk_test listen - mini_magick mongo mongoid pdf-reader