Bump rubyzip from 1.2.4 to 2.3.0#3
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.4 to 2.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rubyzip/rubyzip/releases">rubyzip's releases</a>.</em></p> <blockquote> <h2>v2.3.0</h2> <ul> <li>Fix frozen string literal error <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/431">#431</a></li> <li>Set <code>OutputStream.write_buffer</code>'s buffer to binmode <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/439">#439</a></li> <li>Upgrade rubocop and fix various linting complaints <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/437">#437</a> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/440">#440</a></li> </ul> <p>Tooling:</p> <ul> <li>Add a <code>bin/console</code> script for development <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/420">#420</a></li> <li>Update rake requirement (development dependency only) to fix a security alert.</li> </ul> <h2>v2.2.0</h2> <ul> <li>Add support for decompression plugin gems <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427">#427</a></li> </ul> <h2>v2.1.0</h2> <ul> <li>Fix (at least partially) the <code>restore_times</code> and <code>restore_permissions</code> options to <code>Zip::File.new</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413">#413</a> <ul> <li>Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to <code>false</code> to preserve the current behavior, for the time being. If you have explicitly set either to <code>true</code>, it will now have an effect.</li> <li>Fix handling of UniversalTime (<code>mtime</code>, <code>atime</code>, <code>ctime</code>) fields. <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421">#421</a></li> <li>Previously, <code>Zip::File</code> did not pass the options to <code>Zip::Entry</code> in some cases. <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423">#423</a></li> <li>Note that <code>restore_times</code> in this release does nothing on Windows and only restores <code>mtime</code>, not <code>atime</code> or <code>ctime</code>.</li> </ul> </li> <li>Allow <code>Zip::File.open</code> to take an options hash like <code>Zip::File.new</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418">#418</a></li> <li>Always print warnings with <code>warn</code>, instead of a mix of <code>puts</code> and <code>warn</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416">#416</a></li> <li>Create temporary files in the system temporary directory instead of the directory of the zip file <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411">#411</a></li> <li>Drop unused <code>tmpdir</code> requirement <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411">#411</a></li> </ul> <p>Tooling</p> <ul> <li>Move CI to xenial and include jruby on JDK11 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files">#419</a></li> </ul> <h2>v2.0.0</h2> <p>Security</p> <ul> <li>Default the <code>validate_entry_sizes</code> option to <code>true</code>, so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaulted to <code>false</code> in 1.3.0 for backward compatibility, but it now defaults to <code>true</code>. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to <code>true</code>.</li> </ul> </li> </ul> <p>Tooling / Documentation</p> <ul> <li>Remove test files from the gem to avoid problems with antivirus detections on the test files <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405">#405</a> / <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384">#384</a></li> <li>Drop support for unsupported ruby versions <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406">#406</a></li> </ul> <h2>v1.3.0</h2> <p>Security</p> <ul> <li>Add <code>validate_entry_sizes</code> option so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaults to <code>false</code> for backward compatibility in this release, but you are strongly encouraged to set it to <code>true</code>. It will default to <code>true</code> in rubyzip 2.0.</li> </ul> </li> </ul> <p>New Feature</p> <ul> <li>Add <code>add_stored</code> method to simplify adding entries without compression <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366">#366</a></li> </ul> <p>Tooling / Documentation</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rubyzip/rubyzip/blob/master/Changelog.md">rubyzip's changelog</a>.</em></p> <blockquote> <h1>2.3.0 (2020-03-14)</h1> <ul> <li>Fix frozen string literal error <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/431">#431</a></li> <li>Set <code>OutputStream.write_buffer</code>'s buffer to binmode <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/439">#439</a></li> <li>Upgrade rubocop and fix various linting complaints <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/437">#437</a> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/440">#440</a></li> </ul> <p>Tooling:</p> <ul> <li>Add a <code>bin/console</code> script for development <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/420">#420</a></li> <li>Update rake requirement (development dependency only) to fix a security alert.</li> </ul> <h1>2.2.0 (2020-02-01)</h1> <ul> <li>Add support for decompression plugin gems <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/427">#427</a></li> </ul> <h1>2.1.0 (2020-01-25)</h1> <ul> <li>Fix (at least partially) the <code>restore_times</code> and <code>restore_permissions</code> options to <code>Zip::File.new</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/413">#413</a> <ul> <li>Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to <code>false</code> to preserve the current behavior, for the time being. If you have explicitly set either to <code>true</code>, it will now have an effect.</li> <li>Fix handling of UniversalTime (<code>mtime</code>, <code>atime</code>, <code>ctime</code>) fields. <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/421">#421</a></li> <li>Previously, <code>Zip::File</code> did not pass the options to <code>Zip::Entry</code> in some cases. <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/423">#423</a></li> <li>Note that <code>restore_times</code> in this release does nothing on Windows and only restores <code>mtime</code>, not <code>atime</code> or <code>ctime</code>.</li> </ul> </li> <li>Allow <code>Zip::File.open</code> to take an options hash like <code>Zip::File.new</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/418">#418</a></li> <li>Always print warnings with <code>warn</code>, instead of a mix of <code>puts</code> and <code>warn</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/416">#416</a></li> <li>Create temporary files in the system temporary directory instead of the directory of the zip file <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411">#411</a></li> <li>Drop unused <code>tmpdir</code> requirement <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/411">#411</a></li> </ul> <p>Tooling</p> <ul> <li>Move CI to xenial and include jruby on JDK11 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/419/files">#419</a></li> </ul> <h1>2.0.0 (2019-09-25)</h1> <p>Security</p> <ul> <li>Default the <code>validate_entry_sizes</code> option to <code>true</code>, so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaulted to <code>false</code> in 1.3.0 for backward compatibility, but it now defaults to <code>true</code>. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to <code>true</code>.</li> </ul> </li> </ul> <p>Tooling / Documentation</p> <ul> <li>Remove test files from the gem to avoid problems with antivirus detections on the test files <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/405">#405</a> / <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/384">#384</a></li> <li>Drop support for unsupported ruby versions <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/406">#406</a></li> </ul> <h1>1.3.0 (2019-09-25)</h1> <p>Security</p> <ul> <li>Add <code>validate_entry_sizes</code> option so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaults to <code>false</code> for backward compatibility in this release, but you are strongly encouraged to set it to <code>true</code>. It will default to <code>true</code> in rubyzip 2.0.</li> </ul> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rubyzip/rubyzip/commit/3bc55a5d9880827ddca76de41004b5a82eb7642e"><code>3bc55a5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/443">#443</a> from rubyzip/v2-3-0</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/69186f65cdaa69a46e32ab81661376d648f61566"><code>69186f6</code></a> Bump version to 2.3.0</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/516941bec56fbceaed8e75887247b74b97cbf341"><code>516941b</code></a> Update changelog for <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/439">#439</a> and <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/440">#440</a></li> <li><a href="https://github.com/rubyzip/rubyzip/commit/a64a14767dd458f8da6107721a428aa5e2b3f5c9"><code>a64a147</code></a> Bump rake version (development dependency)</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/4c789c28212f38216a88982ce52f0992b1853805"><code>4c789c2</code></a> Remove unused constant from <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/439">#439</a></li> <li><a href="https://github.com/rubyzip/rubyzip/commit/fabacf16333eb74a98f0cfa9b5a39e8d5b129304"><code>fabacf1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/440">#440</a> from hainesr/rubocop-names</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/b231b289987a595171aceedb941450e8620cf314"><code>b231b28</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/439">#439</a> from henkeinfo/binary-outstream-buffer</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/66324a711cc7311b9e022bfc0badcbbaebc7308e"><code>66324a7</code></a> Remove duplicate binmode call</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/e33c07a6e757eed653b56b045b8a0ecff40c1533"><code>e33c07a</code></a> Use existing constant for ASCII_8BIT</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/ce17c57e2d0d0f8c61c535a7045cbe7c0fc44a4c"><code>ce17c57</code></a> Fix Naming/AccessorMethodName in the tests.</li> <li>Additional commits viewable in <a href="https://github.com/rubyzip/rubyzip/compare/v1.2.4...v2.3.0">compare view</a></li> </ul> </details> <br /> [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/numoonchld/numoonchld.github.io/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 1 comments.
Add a comment
Comment form would go here