Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).*
> ## v2.0.0
> Security
>
> - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`.
>
> Tooling / Documentation
>
> - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384)
> - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
>
> ## v1.3.0
> Security
>
> - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0.
>
> New Feature
>
> - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366)
>
> Tooling / Documentation
>
> - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402)
>
> ## v1.2.4
> - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360)
>
> Tooling / Documentation
>
> - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397)
> - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399)
>
> ## v1.2.3
> * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
> * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390)
> * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
>
> Tooling / Documentation:
>
> * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394)
> * Bump supported ruby versions and add 2.6
> * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371))
> * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387)
> * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385)
>
> Since the GitHub release information for 1.2.2 is missing, I will also include it here:
>
> ### 1.2.2
>
> ... (truncated)
Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).*
> # 2.0.0 (2019-09-25)
>
> Security
>
> - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`.
>
> Tooling / Documentation
>
> - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384)
> - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
>
> # 1.3.0 (2019-09-25)
>
> Security
>
> - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0.
>
> New Feature
>
> - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366)
>
> Tooling / Documentation
>
> - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402)
>
> # 1.2.4 (2019-09-06)
>
> - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360)
>
> Tooling / Documentation
>
> - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397)
> - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399)
>
> # 1.2.3
>
> - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
> - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390)
> - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376))
>
> Tooling / Documentation:
>
> - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394)
> - Bump supported ruby versions and add 2.6
> - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371))
> - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387)
> - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385)
Commits
- [`2825898`](https://github.com/rubyzip/rubyzip/commit/2825898f69fbf1efe4e43452adae6ac5d074ec1c) Merge pull request [#408](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/408) from rubyzip/v2-0-0
- [`cb407b1`](https://github.com/rubyzip/rubyzip/commit/cb407b106541c345329a017d6eb34026cb372872) Bump version to 2.0.0
- [`e1d9af6`](https://github.com/rubyzip/rubyzip/commit/e1d9af6e46f7eb0d0b728958a57f7e28d60301a4) Merge pull request [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/406) from rubyzip/bump-supported-ruby
- [`3641a96`](https://github.com/rubyzip/rubyzip/commit/3641a963ea0c34275562250d7e67380c85fc2570) Merge pull request [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/405) from rubyzip/remove-test-files
- [`e79d9ea`](https://github.com/rubyzip/rubyzip/commit/e79d9ea2922be12db121c20f5dc55bba8a35418a) Merge pull request [#407](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/407) from rubyzip/v1-3-0
- [`7c65e1e`](https://github.com/rubyzip/rubyzip/commit/7c65e1e3595031392f1050b81fb2b95b0f2ee764) Bump version to 1.3.0
- [`d65fe7b`](https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e) Merge pull request [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/403) from rubyzip/check-size
- [`35446f4`](https://github.com/rubyzip/rubyzip/commit/35446f467b739d05790356ab86915de76f0120f1) Drop old ruby and JDK versions from CI
- [`74d4bec`](https://github.com/rubyzip/rubyzip/commit/74d4bec371158c4c2a9fe965302dc9649c941a73) Remove test files from gem
- [`97cb6ae`](https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d) Warn when an entry size is invalid
- Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v2.0.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Financial-Times/engineering-progression/network/alerts).
Bumps rubyzip from 1.2.2 to 2.0.0.
Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v2.0.0 > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > ## v1.3.0 > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > ## v1.2.4 > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399) > > ## v1.2.3 > * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > * Bump supported ruby versions and add 2.6 > * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > Since the GitHub release information for 1.2.2 is missing, I will also include it here: > > ### 1.2.2 > > ... (truncated)Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 2.0.0 (2019-09-25) > > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > # 1.3.0 (2019-09-25) > > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > # 1.2.4 (2019-09-06) > > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399) > > # 1.2.3 > > - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > - Bump supported ruby versions and add 2.6 > - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385)Commits
- [`2825898`](https://github.com/rubyzip/rubyzip/commit/2825898f69fbf1efe4e43452adae6ac5d074ec1c) Merge pull request [#408](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/408) from rubyzip/v2-0-0 - [`cb407b1`](https://github.com/rubyzip/rubyzip/commit/cb407b106541c345329a017d6eb34026cb372872) Bump version to 2.0.0 - [`e1d9af6`](https://github.com/rubyzip/rubyzip/commit/e1d9af6e46f7eb0d0b728958a57f7e28d60301a4) Merge pull request [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/406) from rubyzip/bump-supported-ruby - [`3641a96`](https://github.com/rubyzip/rubyzip/commit/3641a963ea0c34275562250d7e67380c85fc2570) Merge pull request [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/405) from rubyzip/remove-test-files - [`e79d9ea`](https://github.com/rubyzip/rubyzip/commit/e79d9ea2922be12db121c20f5dc55bba8a35418a) Merge pull request [#407](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/407) from rubyzip/v1-3-0 - [`7c65e1e`](https://github.com/rubyzip/rubyzip/commit/7c65e1e3595031392f1050b81fb2b95b0f2ee764) Bump version to 1.3.0 - [`d65fe7b`](https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e) Merge pull request [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/403) from rubyzip/check-size - [`35446f4`](https://github.com/rubyzip/rubyzip/commit/35446f467b739d05790356ab86915de76f0120f1) Drop old ruby and JDK versions from CI - [`74d4bec`](https://github.com/rubyzip/rubyzip/commit/74d4bec371158c4c2a9fe965302dc9649c941a73) Remove test files from gem - [`97cb6ae`](https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d) Warn when an entry size is invalid - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.2...v2.0.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Financial-Times/engineering-progression/network/alerts).