search

jasonknight / salor-retail

Rails Based Point of Sale and Store Management Software
82 stars 63 forks source link

Bump rubyzip from 0.9.9 to 1.2.2 in /rails_version/salor-retail #33

Open dependabot[bot] opened 4 years ago

dependabot[bot] commented 4 years ago

Bumps rubyzip from 0.9.9 to 1.2.2.

Release notes *Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.2.1 > - Add accessor to [@​internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > ## v1.2.0 > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > - Accept StringIO in Zip.open_buffer [#238](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/238) > - Do something more expected with new file permissions [#237](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/237) > - Case insensitivity option for #find_entry [#222](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/222) > - Fixes in documentation and examples > > ## v1.1.0 > - StringIO Support > - Zip64 Support > - Better jRuby Support > - Order of files in the archive can be sorted > - Other small fixes > > ## v1.0.0 > Changed the API for gem. Now it can be used without require param in Gemfile. > Added read-only support for Zip64 files. > Added support for setting Unicode file names. > > ## v1.0.0.beta1 > Beta release for new API.
Changelog *Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > # 1.2.1 > > - Add accessor to [@​internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > - Allow open_buffer to work without a given block [#314](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/314) > > # 1.2.0 > > - Don't enable JRuby objectspace [#252](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/252) > - Fixes an exception thrown when decoding some weird .zip files [#248](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/248) > - Use duck typing with IO methods [#244](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/244) > - Added error for empty (zero bit) zip file [#242](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/242) > - Accept StringIO in Zip.open_buffer [#238](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/238) > - Do something more expected with new file permissions [#237](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/237) > - Case insensitivity option for #find_entry [#222](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/222) > - Fixes in documentation and examples > > # 1.1.7 > > - Fix UTF-8 support for comments > - `Zip.sort_entries` working for zip output > - Prevent tempfile path from being unlinked by garbage collection > - NTFS Extra Field (0x000a) support > - Use String#tr instead of String#gsub > - Ability to not show warning about incorrect date > - Be smarter about handling buffer file modes. > ... (truncated)
Commits - [`d07b13a`](https://github.com/rubyzip/rubyzip/commit/d07b13a6cf0a413e010c48879aebd9576bfb5f68) Merge pull request [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/376) from jdleesmiller/fix-cve-2018-1000544 - [`fd81bd5`](https://github.com/rubyzip/rubyzip/commit/fd81bd523cd53096c1a1dce1e950ef0b7658a02c) Bump version to 1.2.2 - [`cf35774`](https://github.com/rubyzip/rubyzip/commit/cf35774ed686057d8cc17aa4b015a2a850cc2bce) Bump version to 1.3.0 - [`ffb374c`](https://github.com/rubyzip/rubyzip/commit/ffb374c6b1757f6b5eb93e68b8b37ebc7df3f310) Bump version to 2.0.0 - [`8a1de58`](https://github.com/rubyzip/rubyzip/commit/8a1de5828658bfa0350c2325f311bd6acad261a2) Expand from root rather than current working directory - [`3dd165b`](https://github.com/rubyzip/rubyzip/commit/3dd165b494f29d410184b2a135ed99527d4b4aa8) Disable symlinks and check for path traversal - [`ffebfa3`](https://github.com/rubyzip/rubyzip/commit/ffebfa34189a46a766bf6630796c93d81b5ef7ed) Consolidate path traversal tests - [`9c468f3`](https://github.com/rubyzip/rubyzip/commit/9c468f30f38d09451e5a65edfff277cfe381fd49) Add jwilk's path traversal tests - [`0586329`](https://github.com/rubyzip/rubyzip/commit/0586329d3be19728c20941faa401cb838f461dc3) Trigger CI again - [`cf71583`](https://github.com/rubyzip/rubyzip/commit/cf7158344c65a67dc5f18bf589a6b742e3452f45) Move jruby to allow failures matrix till crc uint 32 issues are resolved - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/0.9.9...v1.2.2)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jasonknight/salor-retail/network/alerts).