Bump tzinfo from 1.2.5 to 1.2.10#8

Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tzinfo/tzinfo/releases">tzinfo's releases</a>.</em></p> <blockquote> <h2>v1.2.10</h2> <ul> <li>Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with <code>RubyDataSource</code>. Please refer to <a href="https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx">https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx</a> for details. CVE-2022-31163.</li> <li>Ignore the SECURITY file from Arch Linux's tzdata package. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/134">#134</a>.</li> </ul> <p><a href="https://rubygems.org/gems/tzinfo/versions/1.2.10">TZInfo v1.2.10 on RubyGems.org</a></p> <h2>v1.2.9</h2> <ul> <li>Fixed an incorrect <code>InvalidTimezoneIdentifier</code> exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/123">#123</a>.</li> </ul> <p><a href="https://rubygems.org/gems/tzinfo/versions/1.2.9">TZInfo v1.2.9 on RubyGems.org</a></p> <h2>v1.2.8</h2> <ul> <li>Added support for handling &quot;slim&quot; format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/120">#120</a>.</li> <li>Rubinius is no longer supported.</li> </ul> <p><a href="https://rubygems.org/gems/tzinfo/versions/1.2.8">TZInfo v1.2.8 on RubyGems.org</a></p> <h2>v1.2.7</h2> <ul> <li>Fixed 'wrong number of arguments' errors when running on JRuby 9.0. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/114">#114</a>.</li> <li>Fixed warnings when running on Ruby 2.8. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/112">#112</a>.</li> </ul> <p><a href="https://rubygems.org/gems/tzinfo/versions/1.2.7">TZInfo v1.2.7 on RubyGems.org</a></p> <h2>v1.2.6</h2> <ul> <li><code>Timezone#strftime('%s', time)</code> will now return the correct number of seconds since the epoch. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/91">#91</a>.</li> <li>Removed the unused <code>TZInfo::RubyDataSource::REQUIRE_PATH</code> constant.</li> <li>Fixed &quot;SecurityError: Insecure operation - require&quot; exceptions when loading data with recent Ruby releases in safe mode.</li> <li>Fixed warnings when running on Ruby 2.7. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/106">#106</a> and <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/111">#111</a>.</li> </ul> <p><a href="https://rubygems.org/gems/tzinfo/versions/1.2.6">TZInfo v1.2.6 on RubyGems.org</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md">tzinfo's changelog</a>.</em></p> <blockquote> <h2>Version 1.2.10 - 19-Jul-2022</h2> <ul> <li>Fixed a relative path traversal bug that could cause arbitrary files to be loaded with <code>require</code> when used with <code>RubyDataSource</code>. Please refer to <a href="https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx">https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx</a> for details. CVE-2022-31163.</li> <li>Ignore the SECURITY file from Arch Linux's tzdata package. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/134">#134</a>.</li> </ul> <h2>Version 1.2.9 - 16-Dec-2020</h2> <ul> <li>Fixed an incorrect <code>InvalidTimezoneIdentifier</code> exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/123">#123</a>.</li> </ul> <h2>Version 1.2.8 - 8-Nov-2020</h2> <ul> <li>Added support for handling &quot;slim&quot; format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/120">#120</a>.</li> <li>Rubinius is no longer supported.</li> </ul> <h2>Version 1.2.7 - 2-Apr-2020</h2> <ul> <li>Fixed 'wrong number of arguments' errors when running on JRuby 9.0. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/114">#114</a>.</li> <li>Fixed warnings when running on Ruby 2.8. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/112">#112</a>.</li> </ul> <h2>Version 1.2.6 - 24-Dec-2019</h2> <ul> <li><code>Timezone#strftime('%s', time)</code> will now return the correct number of seconds since the epoch. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/91">#91</a>.</li> <li>Removed the unused <code>TZInfo::RubyDataSource::REQUIRE_PATH</code> constant.</li> <li>Fixed &quot;SecurityError: Insecure operation - require&quot; exceptions when loading data with recent Ruby releases in safe mode.</li> <li>Fixed warnings when running on Ruby 2.7. <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/106">#106</a> and <a href="https://github-redirect.dependabot.com/tzinfo/tzinfo/issues/111">#111</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tzinfo/tzinfo/commit/0814dcd6195f247cc90e62a46b86ff0b76e08ed6"><code>0814dcd</code></a> Fix the release date.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/fd05e2a61cc569cef81ebd1a90d0b57f69e401bd"><code>fd05e2a</code></a> Preparing v1.2.10.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/b98c32efd61289fe6f00a50ab8061e95962ea983"><code>b98c32e</code></a> Merge branch 'fix-directory-traversal-1.2' into 1.2</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/ac3ee6828afd67e6a8ee981cba791ee34d20e9fb"><code>ac3ee68</code></a> Remove unnecessary escaping of + within regex character classes.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/9d49bf9728a6d42e55f822c497ebf362e86a65a6"><code>9d49bf9</code></a> Fix relative path loading tests.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/394c381eb6a16eaeafb81196270c363234cf1956"><code>394c381</code></a> Remove <code>private_constant</code> for consistency and compatibility.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/5e9f99086f820573eb43ffe242e074b9a8295027"><code>5e9f990</code></a> Exclude Arch Linux's SECURITY file from the time zone index.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/17fc9e1fa918c24ca8c1915419d4cc15f56b6729"><code>17fc9e1</code></a> Workaround for 'Permission denied - NUL' errors with JRuby on Windows.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/6bd7a5191d9c1ca48a97420652460b8c4dec865d"><code>6bd7a51</code></a> Update copyright years.</li> <li><a href="https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7"><code>9905ca9</code></a> Fix directory traversal in Timezone.get when using Ruby data source</li> <li>Additional commits viewable in <a href="https://github.com/tzinfo/tzinfo/compare/v1.2.5...v1.2.10">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jkarneges/blog/network/alerts). </details>