coveralls
commented
5 years ago Coverage decreased (-0.04%) to 80.142% when pulling da0938c8a8b88919ef48d44e343aa03d51d6f9e9 on dependabot/bundler/rubyzip-1.2.3 into 51083465802838c6a14e84a360e330af367ef4b0 on master.
Bumps rubyzip from 1.1.7 to 1.2.3.
Release notes
*Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.2.3 > * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > * Bump supported ruby versions and add 2.6 > * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > Since the GitHub release information for 1.2.2 is missing, I will also include it here: > > ### 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > * Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > * Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > * Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > * Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > * Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > * Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > * Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > * Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > * Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > * Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > ## v1.2.1 > - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > ## v1.2.0 > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > - Accept StringIO in Zip.open_buffer [#238](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/238) > ... (truncated)Changelog
*Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 1.2.3 > > - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > - Bump supported ruby versions and add 2.6 > - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > # 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > # 1.2.1 > > - Add accessor to [@internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > # 1.2.0 > > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > ... (truncated)Commits
- [`9d891f7`](https://github.com/rubyzip/rubyzip/commit/9d891f7353e66052283562d3e252fe380bb4b199) Fix link typo in changelog - [`6f0b219`](https://github.com/rubyzip/rubyzip/commit/6f0b21926582272ba7903ebce36ab8c062040258) Merge pull request [#393](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/393) from rubyzip/v1-2-3 - [`ef516bd`](https://github.com/rubyzip/rubyzip/commit/ef516bdc81da246ae03c0fea679457c5eb301913) Merge pull request [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/391) from jdleesmiller/fix-expand-path - [`ada408d`](https://github.com/rubyzip/rubyzip/commit/ada408d60a7d3aa708c8560bbab5f6d32694a45a) Add [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/394) to changelog - [`249775f`](https://github.com/rubyzip/rubyzip/commit/249775f5637e6d65112574b3ac1763dc2393c7f6) Merge pull request [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/394) from olleolleolle/patch-1 - [`a8609e1`](https://github.com/rubyzip/rubyzip/commit/a8609e1e2ba306dbfc5c17e2837315577f376d15) CI: update to latest MRI, drop a setting - [`fb1c230`](https://github.com/rubyzip/rubyzip/commit/fb1c230cac322d776bb010748e5e1ac87f15100a) Bump version to 1.2.3 - [`ad15c3c`](https://github.com/rubyzip/rubyzip/commit/ad15c3c49464097390248220fd93ce4caa8f43e3) Allow tilde in zip entry names - [`8ece5c9`](https://github.com/rubyzip/rubyzip/commit/8ece5c9988eb1ac75a49ffbd0670f1cb1cb4fa1f) Merge pull request [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/392) from rubyzip/update-ci - [`0f36838`](https://github.com/rubyzip/rubyzip/commit/0f36838981669a6242fc579a3579294b274ff6ed) Update ruby dependencies - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.1.7...v1.2.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/holderdeord/hdo-site/network/alerts).