Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).*
> 1.2.2
> =====
>
> * Expand from root rather than current working directory
> * Disable symlinks and check for path traversal
> * Consolidate path traversal tests
> * Add jwilk's path traversal tests
> * Trigger CI again
> * Move jruby to allow failures matrix till crc uint 32 issues are resolved
> * Fix CVE-2018-1000544 symlink path traversal
> * Fix CVE-2018-1000544 absolute path traversal
> * Fix jruby version
> * When globbing in ZipFSDir, take CWD into account.
> * Pass glob through from ZipFileNameMapper.
> * Turn off all terminal output in all tests.
> * Handle stored files with general purpose bit 3 set
> * Fix regression caused by Rubocop cleanup
> * Added fix for calling 'close' on a StringIO-backed zip file, and specs
> * Bump Ruby versions on Travis CI
> * Travis: Typo
> * Travis: Workaround a rbx-3 autoload issue
> * CI against Ruby 2.2.8, 2.3.5, and 2.4.2
> * Travis: typo
> * Travis: Try using rbx-3
> * Travis: update RubyGems
> * Travis: drop oraclejdk-7
> * Travis: use JRUBY_OPTS="--debug"
> * Travis: use pre-installed Travis rubies
> * README: Use a blockquote to make text readable
> * add option to force entry names encoding
> * Make naming on README more consistent
> * Apply automatic correction by rubocop
> * Disable Style/MutableConstant because existent code relies on it
> * Add rubocop dependency and correct settings
> * Save temporary files to a temporary directory
> * File.join() is our friend for joining paths
Commits
- [`d07b13a`](https://github.com/rubyzip/rubyzip/commit/d07b13a6cf0a413e010c48879aebd9576bfb5f68) Merge pull request [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/376) from jdleesmiller/fix-cve-2018-1000544
- [`fd81bd5`](https://github.com/rubyzip/rubyzip/commit/fd81bd523cd53096c1a1dce1e950ef0b7658a02c) Bump version to 1.2.2
- [`cf35774`](https://github.com/rubyzip/rubyzip/commit/cf35774ed686057d8cc17aa4b015a2a850cc2bce) Bump version to 1.3.0
- [`ffb374c`](https://github.com/rubyzip/rubyzip/commit/ffb374c6b1757f6b5eb93e68b8b37ebc7df3f310) Bump version to 2.0.0
- [`8a1de58`](https://github.com/rubyzip/rubyzip/commit/8a1de5828658bfa0350c2325f311bd6acad261a2) Expand from root rather than current working directory
- [`3dd165b`](https://github.com/rubyzip/rubyzip/commit/3dd165b494f29d410184b2a135ed99527d4b4aa8) Disable symlinks and check for path traversal
- [`ffebfa3`](https://github.com/rubyzip/rubyzip/commit/ffebfa34189a46a766bf6630796c93d81b5ef7ed) Consolidate path traversal tests
- [`9c468f3`](https://github.com/rubyzip/rubyzip/commit/9c468f30f38d09451e5a65edfff277cfe381fd49) Add jwilk's path traversal tests
- [`0586329`](https://github.com/rubyzip/rubyzip/commit/0586329d3be19728c20941faa401cb838f461dc3) Trigger CI again
- [`cf71583`](https://github.com/rubyzip/rubyzip/commit/cf7158344c65a67dc5f18bf589a6b742e3452f45) Move jruby to allow failures matrix till crc uint 32 issues are resolved
- Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.1...v1.2.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
Bumps rubyzip from 1.2.1 to 1.2.2.
Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > 1.2.2 > ===== > > * Expand from root rather than current working directory > * Disable symlinks and check for path traversal > * Consolidate path traversal tests > * Add jwilk's path traversal tests > * Trigger CI again > * Move jruby to allow failures matrix till crc uint 32 issues are resolved > * Fix CVE-2018-1000544 symlink path traversal > * Fix CVE-2018-1000544 absolute path traversal > * Fix jruby version > * When globbing in ZipFSDir, take CWD into account. > * Pass glob through from ZipFileNameMapper. > * Turn off all terminal output in all tests. > * Handle stored files with general purpose bit 3 set > * Fix regression caused by Rubocop cleanup > * Added fix for calling 'close' on a StringIO-backed zip file, and specs > * Bump Ruby versions on Travis CI > * Travis: Typo > * Travis: Workaround a rbx-3 autoload issue > * CI against Ruby 2.2.8, 2.3.5, and 2.4.2 > * Travis: typo > * Travis: Try using rbx-3 > * Travis: update RubyGems > * Travis: drop oraclejdk-7 > * Travis: use JRUBY_OPTS="--debug" > * Travis: use pre-installed Travis rubies > * README: Use a blockquote to make text readable > * add option to force entry names encoding > * Make naming on README more consistent > * Apply automatic correction by rubocop > * Disable Style/MutableConstant because existent code relies on it > * Add rubocop dependency and correct settings > * Save temporary files to a temporary directory > * File.join() is our friend for joining pathsCommits
- [`d07b13a`](https://github.com/rubyzip/rubyzip/commit/d07b13a6cf0a413e010c48879aebd9576bfb5f68) Merge pull request [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/376) from jdleesmiller/fix-cve-2018-1000544 - [`fd81bd5`](https://github.com/rubyzip/rubyzip/commit/fd81bd523cd53096c1a1dce1e950ef0b7658a02c) Bump version to 1.2.2 - [`cf35774`](https://github.com/rubyzip/rubyzip/commit/cf35774ed686057d8cc17aa4b015a2a850cc2bce) Bump version to 1.3.0 - [`ffb374c`](https://github.com/rubyzip/rubyzip/commit/ffb374c6b1757f6b5eb93e68b8b37ebc7df3f310) Bump version to 2.0.0 - [`8a1de58`](https://github.com/rubyzip/rubyzip/commit/8a1de5828658bfa0350c2325f311bd6acad261a2) Expand from root rather than current working directory - [`3dd165b`](https://github.com/rubyzip/rubyzip/commit/3dd165b494f29d410184b2a135ed99527d4b4aa8) Disable symlinks and check for path traversal - [`ffebfa3`](https://github.com/rubyzip/rubyzip/commit/ffebfa34189a46a766bf6630796c93d81b5ef7ed) Consolidate path traversal tests - [`9c468f3`](https://github.com/rubyzip/rubyzip/commit/9c468f30f38d09451e5a65edfff277cfe381fd49) Add jwilk's path traversal tests - [`0586329`](https://github.com/rubyzip/rubyzip/commit/0586329d3be19728c20941faa401cb838f461dc3) Trigger CI again - [`cf71583`](https://github.com/rubyzip/rubyzip/commit/cf7158344c65a67dc5f18bf589a6b742e3452f45) Move jruby to allow failures matrix till crc uint 32 issues are resolved - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.1...v1.2.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language