Changelog
*Sourced from [minitar's changelog](https://github.com/halostatue/minitar/blob/master/History.md).*
> ## 0.9 / 2019-09-04
>
> * jtappa added the ability to skip fsync with a new option to Minitar.unpack
> and Minitar::Input#extract_entry. Provide `:fsync => false` as the last
> parameter to enable. Merged from a modified version of PR [#37](https://github-redirect.dependabot.com/halostatue/minitar/issues/37)[].
>
> ## 0.8 / 2019-01-05
>
> * inkstak resolved an issue introduced in the fix for [#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[] by allowing
> spaces to be considered valid characters in strict octal handling. Octal
> conversion ignores leading spaces. Merged from a slightly modified version
> of PR [#35](https://github-redirect.dependabot.com/halostatue/minitar/issues/35)[].
>
> * dearblue contributed PR [#32](https://github-redirect.dependabot.com/halostatue/minitar/issues/32)[] providing an explicit call to #bytesize for
> strings that include multibyte characters. The PR has been modified to be
> compatible with older versions of Ruby and extend tests.
>
> * Akinori MUSHA (knu) contributed PR [#36](https://github-redirect.dependabot.com/halostatue/minitar/issues/36)[] that treats certain badly
> encoded regular files (with names ending in `/`) as if they were
> directories on decode.
>
> ## 0.7 / 2018-02-19
>
> * Fixed issue [#28](https://github-redirect.dependabot.com/halostatue/minitar/issues/28)[] with a modified version of PR [#29](https://github-redirect.dependabot.com/halostatue/minitar/issues/29)[] covering the
> security policy and position for Minitar. Thanks so much to ooooooo\_q for
> the report and an initial patch. Additional information was added as
> [#30](https://github-redirect.dependabot.com/halostatue/minitar/issues/30)[].
>
> * dearblue contributed PR [#33](https://github-redirect.dependabot.com/halostatue/minitar/issues/33)[] providing a fix for Minitar::Reader when
> the IO-like object does not have a `#pos` method.
>
> * Kevin McDermott contributed PR [#34](https://github-redirect.dependabot.com/halostatue/minitar/issues/34)[] so that an InvalidTarStream is
> raised if the tar header is not valid, preventing incorrect streaming of
> files from a non-tarfile. This is a minor breaking change, so the version
> has been bumped accordingly.
>
> * Kazuyoshi Kato contributed PR [#26](https://github-redirect.dependabot.com/halostatue/minitar/issues/26)[] providing support for the GNU tar
> long filename extension.
>
> * Addressed a potential DOS with negative size fields in tar headers
> ([#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[]). This has been handled in two ways: the size field in a tar
> header is interpreted as a strict octal value and the Minitar reader will
> raise an InvalidTarStream if the size ends up being negative anyway.
>
> ## 0.6.1 / 2017-02-07
>
> * Fixed issue [#24](https://github-redirect.dependabot.com/halostatue/minitar/issues/24)[] where streams were being improperly closed immediately
> on open unless there was a block provided.
>
> * Hopefully fixes issue [#23](https://github-redirect.dependabot.com/halostatue/minitar/issues/23)[] by releasing archive-tar-minitar after
> ... (truncated)
Commits
- See full diff in [compare view](https://github.com/halostatue/minitar/commits/v0.9)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/18F/azure-sandbox/network/alerts).
Bumps minitar from 0.5.4 to 0.9.
Changelog
*Sourced from [minitar's changelog](https://github.com/halostatue/minitar/blob/master/History.md).* > ## 0.9 / 2019-09-04 > > * jtappa added the ability to skip fsync with a new option to Minitar.unpack > and Minitar::Input#extract_entry. Provide `:fsync => false` as the last > parameter to enable. Merged from a modified version of PR [#37](https://github-redirect.dependabot.com/halostatue/minitar/issues/37)[]. > > ## 0.8 / 2019-01-05 > > * inkstak resolved an issue introduced in the fix for [#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[] by allowing > spaces to be considered valid characters in strict octal handling. Octal > conversion ignores leading spaces. Merged from a slightly modified version > of PR [#35](https://github-redirect.dependabot.com/halostatue/minitar/issues/35)[]. > > * dearblue contributed PR [#32](https://github-redirect.dependabot.com/halostatue/minitar/issues/32)[] providing an explicit call to #bytesize for > strings that include multibyte characters. The PR has been modified to be > compatible with older versions of Ruby and extend tests. > > * Akinori MUSHA (knu) contributed PR [#36](https://github-redirect.dependabot.com/halostatue/minitar/issues/36)[] that treats certain badly > encoded regular files (with names ending in `/`) as if they were > directories on decode. > > ## 0.7 / 2018-02-19 > > * Fixed issue [#28](https://github-redirect.dependabot.com/halostatue/minitar/issues/28)[] with a modified version of PR [#29](https://github-redirect.dependabot.com/halostatue/minitar/issues/29)[] covering the > security policy and position for Minitar. Thanks so much to ooooooo\_q for > the report and an initial patch. Additional information was added as > [#30](https://github-redirect.dependabot.com/halostatue/minitar/issues/30)[]. > > * dearblue contributed PR [#33](https://github-redirect.dependabot.com/halostatue/minitar/issues/33)[] providing a fix for Minitar::Reader when > the IO-like object does not have a `#pos` method. > > * Kevin McDermott contributed PR [#34](https://github-redirect.dependabot.com/halostatue/minitar/issues/34)[] so that an InvalidTarStream is > raised if the tar header is not valid, preventing incorrect streaming of > files from a non-tarfile. This is a minor breaking change, so the version > has been bumped accordingly. > > * Kazuyoshi Kato contributed PR [#26](https://github-redirect.dependabot.com/halostatue/minitar/issues/26)[] providing support for the GNU tar > long filename extension. > > * Addressed a potential DOS with negative size fields in tar headers > ([#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[]). This has been handled in two ways: the size field in a tar > header is interpreted as a strict octal value and the Minitar reader will > raise an InvalidTarStream if the size ends up being negative anyway. > > ## 0.6.1 / 2017-02-07 > > * Fixed issue [#24](https://github-redirect.dependabot.com/halostatue/minitar/issues/24)[] where streams were being improperly closed immediately > on open unless there was a block provided. > > * Hopefully fixes issue [#23](https://github-redirect.dependabot.com/halostatue/minitar/issues/23)[] by releasing archive-tar-minitar after > ... (truncated)Commits
- See full diff in [compare view](https://github.com/halostatue/minitar/commits/v0.9)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/18F/azure-sandbox/network/alerts).