nfreear / nfreear-blog

My (re-developed) personal blog. A work-in-progress! —
https://nick.freear.org.uk
MIT License
0 stars 1 forks source link

Bump rubyzip from 1.2.1 to 1.2.3 #33

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 5 years ago

Bumps rubyzip from 1.2.1 to 1.2.3.

Release notes *Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.2.3 > * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > * Bump supported ruby versions and add 2.6 > * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > Since the GitHub release information for 1.2.2 is missing, I will also include it here: > > ### 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > * Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > * Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > * Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > * Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > * Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > * Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > * Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > * Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > * Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > * Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321)
Changelog *Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 1.2.3 > > - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > - Bump supported ruby versions and add 2.6 > - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > # 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321)
Commits - [`9d891f7`](https://github.com/rubyzip/rubyzip/commit/9d891f7353e66052283562d3e252fe380bb4b199) Fix link typo in changelog - [`6f0b219`](https://github.com/rubyzip/rubyzip/commit/6f0b21926582272ba7903ebce36ab8c062040258) Merge pull request [#393](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/393) from rubyzip/v1-2-3 - [`ef516bd`](https://github.com/rubyzip/rubyzip/commit/ef516bdc81da246ae03c0fea679457c5eb301913) Merge pull request [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/391) from jdleesmiller/fix-expand-path - [`ada408d`](https://github.com/rubyzip/rubyzip/commit/ada408d60a7d3aa708c8560bbab5f6d32694a45a) Add [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/394) to changelog - [`249775f`](https://github.com/rubyzip/rubyzip/commit/249775f5637e6d65112574b3ac1763dc2393c7f6) Merge pull request [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/394) from olleolleolle/patch-1 - [`a8609e1`](https://github.com/rubyzip/rubyzip/commit/a8609e1e2ba306dbfc5c17e2837315577f376d15) CI: update to latest MRI, drop a setting - [`fb1c230`](https://github.com/rubyzip/rubyzip/commit/fb1c230cac322d776bb010748e5e1ac87f15100a) Bump version to 1.2.3 - [`ad15c3c`](https://github.com/rubyzip/rubyzip/commit/ad15c3c49464097390248220fd93ce4caa8f43e3) Allow tilde in zip entry names - [`8ece5c9`](https://github.com/rubyzip/rubyzip/commit/8ece5c9988eb1ac75a49ffbd0670f1cb1cb4fa1f) Merge pull request [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/392) from rubyzip/update-ci - [`0f36838`](https://github.com/rubyzip/rubyzip/commit/0f36838981669a6242fc579a3579294b274ff6ed) Update ruby dependencies - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.2.1...v1.2.3)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nfreear/nfreear.github.io/network/alerts).
dependabot[bot] commented 4 years ago

Superseded by #40.