Update rubyzip dependency for CVE

[repeatedly]

rubyzip 1.2.x serise has a problem. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16892