Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use MiniMime for MIME type lookup by filename/extension #25

Merged
merged 4 commits into from
Mar 24, 2021
Merged

Use MiniMime for MIME type lookup by filename/extension #25

merged 4 commits into from
Mar 24, 2021

Conversation

georgeclaghorn
Copy link
Contributor

No description provided.

@georgeclaghorn georgeclaghorn marked this pull request as ready for review March 24, 2021 20:39
@georgeclaghorn
Copy link
Contributor Author

Will fix CI on Ruby 2.2 separately.

@georgeclaghorn georgeclaghorn merged commit 5040f48 into master Mar 24, 2021
@georgeclaghorn georgeclaghorn deleted the minimime branch March 24, 2021 20:40
Cruikshanks added a commit to DEFRA/sroc-tcm-admin that referenced this pull request Mar 25, 2021
@Cruikshanks
Remove dependence on mimemagic gem
08c2f50 
First, scan [Dependency on mimemagic 0.3.x no longer valid](rails/rails#41750) for context!

In summary, **rails** depends on **activestorage** which depends on **marcel** which depends on **mimemagic**. Yesterday, the author of **mimemagic** was informed it was in violation of the GPL license. So, they chose to

- yank all versions up to and including 0.3.5 from rubygems
- release a new version under the GPL
- archive the project for all further changes/issues/pr's etc

Via the dependency chain Rails relies on **mimemagic 0.3.5** so new installs of Rails are now broken. It also can't just pull in the new version due to the clash with the GPL license.

Efforts are afoot to resolve the issue.

- A [fork of mimemagic](https://github.com/jellybob/mimemagic) which relies on the GPL source data being already installed and read at run time
- Updating **marcel** to use [MiniMime](rails/marcel#25) and [ruby-magic](rails/marcel#26) instead of **mimemagic**

Till the community has settled on a solution though, we need a fix in the short term. Ours is based on

- What the Dept. for Education team have done in [early-careers-framework](DFE-Digital/early-careers-framework#178)
- What Sentry are doing [in their app](getsentry/sentry-ruby#1362)

Instead of referencing `rails` in the `Gemfile` they are referencing just the parts needed and excluding `activestorage` and anything with a dependency on it.

This change does exactly the same thing.
@Cruikshanks Cruikshanks mentioned this pull request Mar 25, 2021
Merged
@dnalbach dnalbach mentioned this pull request Mar 25, 2021
Closed
Cruikshanks added a commit to DEFRA/sroc-tcm-admin that referenced this pull request Mar 26, 2021
@Cruikshanks
Remove dependence on mimemagic gem (#405)
5cf7246 
First, scan [Dependency on mimemagic 0.3.x no longer valid](rails/rails#41750) for context!

In summary, **Rails** depends on **activestorage** which depends on **marcel** which depends on **mimemagic**. Yesterday, the author of **mimemagic** was informed it was in violation of the [GPL license](https://choosealicense.com/licenses/gpl-3.0/). So, they chose to

- yank all versions up to and including 0.3.5 from rubygems
- release a new version under the GPL
- archive the project for all further changes/issues/pr's etc

Via the dependency chain **Rails** relies on **mimemagic 0.3.5** so new installs of **Rails** are now broken. It also can't just pull in the new version due to the clash with the GPL license.

Efforts are afoot to resolve the issue.

- A [fork of mimemagic](https://github.com/jellybob/mimemagic) which relies on the GPL source data being already installed and read at run time
- Updating **marcel** to use [MiniMime](rails/marcel#25) and [ruby-magic](rails/marcel#26) instead of **mimemagic**

Till the community has settled on a solution though, we need a fix in the short term. Ours is based on

- What the Dept. for Education team have done in [early-careers-framework](DFE-Digital/early-careers-framework#178)
- What Sentry are doing [in their app](getsentry/sentry-ruby#1362)

Instead of referencing `rails` in the `Gemfile` they are referencing just the parts needed and excluding `activestorage` and anything with a dependency on it.

This change does exactly the same thing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@georgeclaghorn @jhawthorn