search

openreferral / hsds-transformer

Convert data into valid Human Service Data Specification (HSDS) datapackages. (Produced by the Open Referral Initiative.)
MIT License
11 stars 5 forks source link

Update rubyzip requirement from >= 1.3.0, ~> 1.3.0 to >= 1.3.0, < 2.1 #46

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Updates the requirements on rubyzip to permit the latest version.

Release notes *Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v2.0.0 > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
Changelog *Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 2.0.0 (2019-09-25) > > Security > > - Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403) > - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`. > > Tooling / Documentation > > - Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405) / [#384](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384) > - Drop support for unsupported ruby versions [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406)
Commits - [`2825898`](https://github.com/rubyzip/rubyzip/commit/2825898f69fbf1efe4e43452adae6ac5d074ec1c) Merge pull request [#408](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/408) from rubyzip/v2-0-0 - [`cb407b1`](https://github.com/rubyzip/rubyzip/commit/cb407b106541c345329a017d6eb34026cb372872) Bump version to 2.0.0 - [`e1d9af6`](https://github.com/rubyzip/rubyzip/commit/e1d9af6e46f7eb0d0b728958a57f7e28d60301a4) Merge pull request [#406](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/406) from rubyzip/bump-supported-ruby - [`3641a96`](https://github.com/rubyzip/rubyzip/commit/3641a963ea0c34275562250d7e67380c85fc2570) Merge pull request [#405](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/405) from rubyzip/remove-test-files - [`35446f4`](https://github.com/rubyzip/rubyzip/commit/35446f467b739d05790356ab86915de76f0120f1) Drop old ruby and JDK versions from CI - [`74d4bec`](https://github.com/rubyzip/rubyzip/commit/74d4bec371158c4c2a9fe965302dc9649c941a73) Remove test files from gem - See full diff in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.3.0...v2.0.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openreferral/hsds-transformer/network/alerts).
dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.