pdrlps / arii

Automated Real-time Integration and Interoperability
MIT License
0 stars 0 forks source link

Bump rubyzip from 1.1.7 to 1.2.4 #119

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps rubyzip from 1.1.7 to 1.2.4.

Release notes *Sourced from [rubyzip's releases](https://github.com/rubyzip/rubyzip/releases).* > ## v1.2.4 > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399) > > ## v1.2.3 > * Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > * Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > * Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > * CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > * Bump supported ruby versions and add 2.6 > * JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > * Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > * Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > Since the GitHub release information for 1.2.2 is missing, I will also include it here: > > ### 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > * Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > * Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > * Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > * Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > * Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > * Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > * Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > * Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > * Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > * Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > ## v1.2.1 > - Add accessor to [@​internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > - Fix Directory traversal vulnerability [#315](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/315) > ... (truncated)
Changelog *Sourced from [rubyzip's changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md).* > # 1.2.4 (2019-09-06) > > - Do not rewrite zip files opened with `open_buffer` that have not changed [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360) > > Tooling / Documentation > > - Update `example_recursive.rb` in README [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397) > - Hold CI at `trusty` for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399) > > # 1.2.3 > > - Allow tilde in zip entry names [#391](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > - Support frozen string literals in more files [#390](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390) > - Require `pathname` explicitly [#388](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388) (fixes regression in 1.2.2 from [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376)) > > Tooling / Documentation: > > - CI updates [#392](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392), [#394](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394) > - Bump supported ruby versions and add 2.6 > - JRuby failures are no longer ignored (reverts [#375](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375) / part of [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371)) > - Add changelog entry that was missing for last release [#387](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387) > - Comment cleanup [#385](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385) > > # 1.2.2 > > NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555 for details. > > - Fix CVE-2018-1000544 [#376](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376) / [#371](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371) > - Fix NoMethodError: undefined method `glob' [#363](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363) > - Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set [#358](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358) > - Fix `close` on StringIO-backed zip file [#353](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353) > - Add `Zip.force_entry_names_encoding` option [#340](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340) > - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes [#332](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332), [#355](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355) > - Save temporary files to temporary directory (rather than current directory) [#325](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325) > > Tooling / Documentation: > > - Turn off all terminal output in all tests [#361](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/361) > - Several CI updates [#346](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/346), [#347](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/347), [#350](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/350), [#352](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/352) > - Several README improvements [#345](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/345), [#326](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/326), [#321](https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/321) > > # 1.2.1 > > - Add accessor to [@​internal](https://github.com/internal)_file_attributes [#304](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/304) > - Extended globbing [#303](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/303) > - README updates [#283](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/283), [#289](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/289) > - Cleanup after tests [#298](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/298), [#306](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/306) > - Fix permissions on new zip files [#294](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/294), [#300](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/300) > - Fix examples [#297](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/297) > - Support cp932 encoding [#308](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/308) > ... (truncated)
Commits - [`0d85cb6`](https://github.com/rubyzip/rubyzip/commit/0d85cb6a49cce7ef51186e64c8f3f147d0fd2b72) Bump to 1.2.4 - [`9a41ce6`](https://github.com/rubyzip/rubyzip/commit/9a41ce65c432bf90e30824d7a6b60f9a75ccfe0d) Add more explicit test for [#280](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/280) - [`eeef507`](https://github.com/rubyzip/rubyzip/commit/eeef5073d58253e2044dbf81d1b205efd590b59a) Add test case based on [#146](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/146) - [`7fbaf1e`](https://github.com/rubyzip/rubyzip/commit/7fbaf1e6c07379a4c29a83ad87be91855131b884) Merge pull request [#360](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/360) from hainesr/fix-open-buffer - [`ee6fb82`](https://github.com/rubyzip/rubyzip/commit/ee6fb82958d63ee508c8ea9d35bc376b4c19186f) Merge pull request [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/399) from rubyzip/rbx-4 - [`8dfc95d`](https://github.com/rubyzip/rubyzip/commit/8dfc95dc79c93c0a4c10cf9407784bc736600564) Hold jruby at 9.1 on JDK 7 - [`fc23db2`](https://github.com/rubyzip/rubyzip/commit/fc23db2efc8ba7b39e5ef94ddbd0bf23a4d5ba5e) Update changelog for [#399](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/399) - [`b2573f6`](https://github.com/rubyzip/rubyzip/commit/b2573f6069ef1eecb440d23c93015dfa011d283a) Use rbx-4 in CI - [`5152f6f`](https://github.com/rubyzip/rubyzip/commit/5152f6f7a0f5515d0fe1717d0c3dcb40c26ab2c9) Put CI back to trusty - [`2ffbc3b`](https://github.com/rubyzip/rubyzip/commit/2ffbc3b169115e4ecd8a82af9e4f798aa480f3cf) Merge pull request [#397](https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/397) from rubyzip/tidy-examples - Additional commits viewable in [compare view](https://github.com/rubyzip/rubyzip/compare/v1.1.7...v1.2.4)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pdrlps/arii/network/alerts).
dependabot[bot] commented 5 years ago

Superseded by #124.