Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).*
> ## v2.2.0
> - Add support for decompression plugin gems [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427)
>
> ## v2.1.0
> - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413)
> - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect.
> - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421)
> - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423)
> - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`.
> - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418)
> - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416)
> - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411)
> - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411)
>
> Tooling
>
> - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files)
>
> ## v2.0.0
> Security
>
> - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`.
>
> Tooling / Documentation
>
> - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384)
> - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
>
> ## v1.3.0
> Security
>
> - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0.
>
> New Feature
>
> - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366)
>
> Tooling / Documentation
>
> - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402)
>
> ## v1.2.4
> - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360)
>
> Tooling / Documentation
>
> - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397)
> - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399)
> ... (truncated)
Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).*
> # 2.2.0 (2020-02-01)
>
> - Add support for decompression plugin gems [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427)
>
> # 2.1.0 (2020-01-25)
>
> - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413)
> - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect.
> - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421)
> - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423)
> - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`.
> - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418)
> - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416)
> - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411)
> - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411)
>
> Tooling
>
> - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files)
>
> # 2.0.0 (2019-09-25)
>
> Security
>
> - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`.
>
> Tooling / Documentation
>
> - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384)
> - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
>
> # 1.3.0 (2019-09-25)
>
> Security
>
> - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403)
> - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0.
>
> New Feature
>
> - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366)
>
> Tooling / Documentation
>
> - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402)
>
> # 1.2.4 (2019-09-06)
>
> - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360)
> ... (truncated)
Commits
- [`ecd641e`](https://github.com/rubyzip/rubyzip/commit/ecd641e459c7d132db62adf5e9bb4ab28696fca0) Merge pull request [#429](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/429) from rubyzip/v2-2-0
- [`f42827e`](https://github.com/rubyzip/rubyzip/commit/f42827e99c7018aba05a99965a64531f830e4e8b) Bump version to 2.2.0
- [`040962a`](https://github.com/rubyzip/rubyzip/commit/040962a59fd0170ef1e993a1fd2634cf039e7897) Remove unused error argument
- [`666fb8c`](https://github.com/rubyzip/rubyzip/commit/666fb8c03f67762f02edd1360973350ff839dd85) Merge pull request [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/427) from jspanjers/refactor-decompressor
- [`0b9433c`](https://github.com/rubyzip/rubyzip/commit/0b9433c3b26c8695376eb3751c26731b8f0839f0) Add test for unsupported decompression, e.g bzip2
- [`a5d068d`](https://github.com/rubyzip/rubyzip/commit/a5d068d3e8c8eb4dc9ce38ee2f6e9cb3e5dee796) Support Decompressor plugins
- [`2b72683`](https://github.com/rubyzip/rubyzip/commit/2b7268373a5d9110993212c13fba03e1f8c0b532) Define compression methods
- [`456bd4d`](https://github.com/rubyzip/rubyzip/commit/456bd4d92c995dd92cd74286bd6bdde7cc3057ef) Mimic IO#read return values in Decompressor#read
- [`c66277d`](https://github.com/rubyzip/rubyzip/commit/c66277db5885749ee9ef1594df1a9b31fdeb94e0) Rename Decompressor#sysread to #read
- [`00b525d`](https://github.com/rubyzip/rubyzip/commit/00b525d76e295bab19b69c6f3481d60cfda9ca0f) Fix returned outbuf for Inflater#sysread
- Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.3...v2.2.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/garethrees/garethrees.github.com/network/alerts).
Bumps rubyzip from 1.2.3 to 2.2.0.
Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v2.2.0 > - Add support for decompression plugin gems [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427) > > ## v2.1.0 > - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413) > - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect. > - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421) > - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423) > - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`. > - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418) > - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416) > - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > > Tooling > > - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files) > > ## v2.0.0 > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > ## v1.3.0 > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > ## v1.2.4 > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399) > ... (truncated)Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 2.2.0 (2020-02-01) > > - Add support for decompression plugin gems [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427) > > # 2.1.0 (2020-01-25) > > - Fix (at least partially) the `restore_times` and `restore_permissions` options to `Zip::File.new` [#413](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413) > - Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to `false` to preserve the current behavior, for the time being. If you have explicitly set either to `true`, it will now have an effect. > - Fix handling of UniversalTime (`mtime`, `atime`, `ctime`) fields. [#421](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421) > - Previously, `Zip::File` did not pass the options to `Zip::Entry` in some cases. [#423](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423) > - Note that `restore_times` in this release does nothing on Windows and only restores `mtime`, not `atime` or `ctime`. > - Allow `Zip::File.open` to take an options hash like `Zip::File.new` [#418](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418) > - Always print warnings with `warn`, instead of a mix of `puts` and `warn` [#416](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416) > - Create temporary files in the system temporary directory instead of the directory of the zip file [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > - Drop unused `tmpdir` requirement [#411](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411) > > Tooling > > - Move CI to xenial and include jruby on JDK11 [#419](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files) > > # 2.0.0 (2019-09-25) > > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406) > > # 1.3.0 (2019-09-25) > > Security > > - Add `validate_entry_sizes` option so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaults to `false` for backward compatibility in this release, but you are strongly encouraged to set it to `true`. It will default to `true` in rubyzip 2.0. > > New Feature > > - Add `add_stored` method to simplify adding entries without compression [#366](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366) > > Tooling / Documentation > > - Add more gem metadata links [#402](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402) > > # 1.2.4 (2019-09-06) > > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > ... (truncated)Commits
- [`ecd641e`](https://github.com/rubyzip/rubyzip/commit/ecd641e459c7d132db62adf5e9bb4ab28696fca0) Merge pull request [#429](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/429) from rubyzip/v2-2-0 - [`f42827e`](https://github.com/rubyzip/rubyzip/commit/f42827e99c7018aba05a99965a64531f830e4e8b) Bump version to 2.2.0 - [`040962a`](https://github.com/rubyzip/rubyzip/commit/040962a59fd0170ef1e993a1fd2634cf039e7897) Remove unused error argument - [`666fb8c`](https://github.com/rubyzip/rubyzip/commit/666fb8c03f67762f02edd1360973350ff839dd85) Merge pull request [#427](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/427) from jspanjers/refactor-decompressor - [`0b9433c`](https://github.com/rubyzip/rubyzip/commit/0b9433c3b26c8695376eb3751c26731b8f0839f0) Add test for unsupported decompression, e.g bzip2 - [`a5d068d`](https://github.com/rubyzip/rubyzip/commit/a5d068d3e8c8eb4dc9ce38ee2f6e9cb3e5dee796) Support Decompressor plugins - [`2b72683`](https://github.com/rubyzip/rubyzip/commit/2b7268373a5d9110993212c13fba03e1f8c0b532) Define compression methods - [`456bd4d`](https://github.com/rubyzip/rubyzip/commit/456bd4d92c995dd92cd74286bd6bdde7cc3057ef) Mimic IO#read return values in Decompressor#read - [`c66277d`](https://github.com/rubyzip/rubyzip/commit/c66277db5885749ee9ef1594df1a9b31fdeb94e0) Rename Decompressor#sysread to #read - [`00b525d`](https://github.com/rubyzip/rubyzip/commit/00b525d76e295bab19b69c6f3481d60cfda9ca0f) Fix returned outbuf for Inflater#sysread - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.3...v2.2.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/garethrees/garethrees.github.com/network/alerts).