Merge commit from fork

* Refactor `PrivateAddressCheck`

Also ensures IPv4-mapped IPv6 addresses get properly checked no matter the version of `ipaddr`.

* Add some missing IPv6 ranges from `PrivateAddressCheck`

app/lib/private_address_check.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 module PrivateAddressCheck
-  IP4_CIDR_LIST = [
+  CIDR_LIST = [
+    # IPv4 addresses
     IPAddr.new('0.0.0.0/8'),       # Current network (only valid as source address)
     IPAddr.new('100.64.0.0/10'),   # Shared Address Space
     IPAddr.new('172.16.0.0/12'),   # Private network
@@ -14,10 +15,11 @@ module PrivateAddressCheck
     IPAddr.new('224.0.0.0/4'),     # IP multicast (former Class D network)
     IPAddr.new('240.0.0.0/4'),     # Reserved (former Class E network)
     IPAddr.new('255.255.255.255'), # Broadcast
-  ].freeze
 
-  CIDR_LIST = (IP4_CIDR_LIST + IP4_CIDR_LIST.map(&:ipv4_mapped) + [
+    # IPv6 addresses
+    IPAddr.new('::/128'),          # Unspecified
     IPAddr.new('64:ff9b::/96'),    # IPv4/IPv6 translation (RFC 6052)
+    IPAddr.new('64:ff9b:1::/48'),  # IPv4/IPv6 translation (RFC 8215)
     IPAddr.new('100::/64'),        # Discard prefix (RFC 6666)
     IPAddr.new('2001::/32'),       # Teredo tunneling
     IPAddr.new('2001:10::/28'),    # Deprecated (previously ORCHID)
@@ -25,12 +27,14 @@ module PrivateAddressCheck
     IPAddr.new('2001:db8::/32'),   # Addresses used in documentation and example source code
     IPAddr.new('2002::/16'),       # 6to4
     IPAddr.new('fc00::/7'),        # Unique local address
+    IPAddr.new('3fff::/20'),       # Addresses used in documentation and example source code
     IPAddr.new('ff00::/8'),        # Multicast
-  ]).freeze
+  ].freeze
 
   module_function
 
   def private_address?(address)
+    address = address.native if address.ipv6? && address.ipv4_mapped?
     address.private? || address.loopback? || address.link_local? || CIDR_LIST.any? { |cidr| cidr.include?(address) }
   end
 end