# bump rubyzip to 1.2.1, to address traversal CVE (rubyzip/rubyzip#315)

Josh Pencheon · Josh Pencheon · commit c84ea01ab925 · 2017-03-08T11:58:08.000Z
diff --git a/code_safety.yml b/code_safety.yml
@@ -175,7 +175,7 @@ file safety:
   ndr_import.gemspec:
     comments: 
     reviewed_by: josh.pencheon
-    safe_revision: 53cc0af4321b64746367231b65821fda0f8d8a0a
+    safe_revision: 9ce125b717abc3cc9b8f360ccf1651eef14212d4
   test/file/base_test.rb:
     comments: 
     reviewed_by: timgentry
diff --git a/ndr_import.gemspec b/ndr_import.gemspec
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'activesupport', '>= 3.2.18', '< 5.1'
   spec.add_dependency 'ndr_support', '>= 4.1.2', '< 6'
 
-  spec.add_dependency 'rubyzip', '~> 1.1'
+  spec.add_dependency 'rubyzip', '~> 1.2', '>= 1.2.1'
   spec.add_dependency 'roo', '~> 2.0'
 
   spec.add_dependency 'nokogiri', '~> 1.6'
