Bump minitar from 0.5.4 to 0.9

Bumps minitar from 0.5.4 to 0.9.

Changelog

*Sourced from [minitar's changelog](https://github.com/halostatue/minitar/blob/master/History.md).* > ## 0.9 / 2019-09-04 > > * jtappa added the ability to skip fsync with a new option to Minitar.unpack > and Minitar::Input#extract_entry. Provide `:fsync => false` as the last > parameter to enable. Merged from a modified version of PR [#37](https://github-redirect.dependabot.com/halostatue/minitar/issues/37)[]. > > ## 0.8 / 2019-01-05 > > * inkstak resolved an issue introduced in the fix for [#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[] by allowing > spaces to be considered valid characters in strict octal handling. Octal > conversion ignores leading spaces. Merged from a slightly modified version > of PR [#35](https://github-redirect.dependabot.com/halostatue/minitar/issues/35)[]. > > * dearblue contributed PR [#32](https://github-redirect.dependabot.com/halostatue/minitar/issues/32)[] providing an explicit call to #bytesize for > strings that include multibyte characters. The PR has been modified to be > compatible with older versions of Ruby and extend tests. > > * Akinori MUSHA (knu) contributed PR [#36](https://github-redirect.dependabot.com/halostatue/minitar/issues/36)[] that treats certain badly > encoded regular files (with names ending in `/`) as if they were > directories on decode. > > ## 0.7 / 2018-02-19 > > * Fixed issue [#28](https://github-redirect.dependabot.com/halostatue/minitar/issues/28)[] with a modified version of PR [#29](https://github-redirect.dependabot.com/halostatue/minitar/issues/29)[] covering the > security policy and position for Minitar. Thanks so much to ooooooo\_q for > the report and an initial patch. Additional information was added as > [#30](https://github-redirect.dependabot.com/halostatue/minitar/issues/30)[]. > > * dearblue contributed PR [#33](https://github-redirect.dependabot.com/halostatue/minitar/issues/33)[] providing a fix for Minitar::Reader when > the IO-like object does not have a `#pos` method. > > * Kevin McDermott contributed PR [#34](https://github-redirect.dependabot.com/halostatue/minitar/issues/34)[] so that an InvalidTarStream is > raised if the tar header is not valid, preventing incorrect streaming of > files from a non-tarfile. This is a minor breaking change, so the version > has been bumped accordingly. > > * Kazuyoshi Kato contributed PR [#26](https://github-redirect.dependabot.com/halostatue/minitar/issues/26)[] providing support for the GNU tar > long filename extension. > > * Addressed a potential DOS with negative size fields in tar headers > ([#31](https://github-redirect.dependabot.com/halostatue/minitar/issues/31)[]). This has been handled in two ways: the size field in a tar > header is interpreted as a strict octal value and the Minitar reader will > raise an InvalidTarStream if the size ends up being negative anyway. > > ## 0.6.1 / 2017-02-07 > > * Fixed issue [#24](https://github-redirect.dependabot.com/halostatue/minitar/issues/24)[] where streams were being improperly closed immediately > on open unless there was a block provided. > > * Hopefully fixes issue [#23](https://github-redirect.dependabot.com/halostatue/minitar/issues/23)[] by releasing archive-tar-minitar after > ... (truncated)

Commits

- See full diff in [compare view](https://github.com/halostatue/minitar/commits/v0.9)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/18F/azure-sandbox/network/alerts).

18F / azure-sandbox

Bump minitar from 0.5.4 to 0.9 #36