dependabot[bot]
commented
4 years ago Looks like rubyzip is up-to-date now, so this is no longer needed.
Closed dependabot[bot] closed 4 years ago
dependabot[bot]
commented
4 years ago Looks like rubyzip is up-to-date now, so this is no longer needed.
Bumps rubyzip from 1.2.3 to 2.1.0.
Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v2.1.0 > - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413) > - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect. > - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421) > - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423) > - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`. > - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418) > - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416) > - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > > Tooling > > - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files) > > ## v2.0.0 > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > ## v1.3.0 > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > ## v1.2.4 > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399)Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 2.1.0 (2020-01-25) > > - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413) > - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect. > - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421) > - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423) > - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`. > - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418) > - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416) > - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > > Tooling > > - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files) > > # 2.0.0 (2019-09-25) > > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > # 1.3.0 (2019-09-25) > > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > # 1.2.4 (2019-09-06) > > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > ... (truncated)Commits
- [`0b79104`](https://github.com/rubyzip/rubyzip/commit/0b791046d4aa632d1857eab6f415afa041077c95) Merge pull request [#428](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/428) from rubyzip/v2-1-0 - [`f6639f9`](https://github.com/rubyzip/rubyzip/commit/f6639f9b55ab611c8e414a8b5592316e14504b42) Bump version to 2.1.0 - [`76cf229`](https://github.com/rubyzip/rubyzip/commit/76cf2290c355d6f4b78f76bb869383e6a9a6b348) Update changelog for [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/421) - [`7bc4905`](https://github.com/rubyzip/rubyzip/commit/7bc4905a434f4770f3258da89769dc8a3489bec6) Merge pull request [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/421) from hainesr/universal-time - [`ee028d2`](https://github.com/rubyzip/rubyzip/commit/ee028d27463e0f4261d0d149d5f7a038ab81d58b) UniversalTime: more ruby-like (readable) code. - [`d0b4d41`](https://github.com/rubyzip/rubyzip/commit/d0b4d41ff11a3aa08b02ead2f09e52d4f6c799cf) UniversalTime: tests. - [`9849500`](https://github.com/rubyzip/rubyzip/commit/9849500d73bae26498546aff2e42fdb5e43d3300) UniversalTime: correctly parse included timestamps. - [`a5e785c`](https://github.com/rubyzip/rubyzip/commit/a5e785c73708415af8f43216f20919f345cf1c21) UniversalTime: better check for size on parse. - [`65cfd8a`](https://github.com/rubyzip/rubyzip/commit/65cfd8a9a5982c5fa1dd059e2c688d1242041c19) UniversalTime: correctly pack/unpack the timestamps. - [`b58b97f`](https://github.com/rubyzip/rubyzip/commit/b58b97fe23a0725f2de9943ad72634aed3d5073f) UniversalTime: correctly set the flags. - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.3...v2.1.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bridgefoundry/bridgefoundry.github.io/network/alerts).