We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bumps rubyzip from 1.2.2 to 1.3.0.
Sourced from rubyzip's releases.
v1.3.0 Security Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403 This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0. New Feature Add add_stored method to simplify adding entries without compression #366 Tooling / Documentation Add more gem metadata links #402 v1.2.4 Do not rewrite zip files opened with open_buffer that have not changed #360 Tooling / Documentation Update example_recursive.rb in README #397 Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399 v1.2.3 Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376) Support frozen string literals in more files #390 Require pathname explicitly #388 (fixes regression in 1.2.2 from #376) Tooling / Documentation: CI updates #392, #394 Bump supported ruby versions and add 2.6 JRuby failures are no longer ignored (reverts #375 / part of #371) Add changelog entry that was missing for last release #387 Comment cleanup #385 Since the GitHub release information for 1.2.2 is missing, I will also include it here: 1.2.2 NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See rubyzip/rubyzip#376 for details. Fix CVE-2018-1000544 #376 / #371 Fix NoMethodError: undefined method `glob' #363 Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set #358 Fix close on StringIO-backed zip file #353 Add Zip.force_entry_names_encoding option #340 Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes #332, #355 Save temporary files to temporary directory (rather than current directory) #325 Tooling / Documentation:
Security
validate_entry_sizes
extract
false
true
New Feature
add_stored
Tooling / Documentation
open_buffer
example_recursive.rb
trusty
pathname
Tooling / Documentation:
Since the GitHub release information for 1.2.2 is missing, I will also include it here:
NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See rubyzip/rubyzip#376 for details.
close
Zip.force_entry_names_encoding
... (truncated)
Sourced from rubyzip's changelog.
1.3.0 (2019-09-25) Security Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403 This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0. New Feature Add add_stored method to simplify adding entries without compression #366 Tooling / Documentation Add more gem metadata links #402 1.2.4 (2019-09-06) Do not rewrite zip files opened with open_buffer that have not changed #360 Tooling / Documentation Update example_recursive.rb in README #397 Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399 1.2.3 Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376) Support frozen string literals in more files #390 Require pathname explicitly #388 (fixes regression in 1.2.2 from #376) Tooling / Documentation: CI updates #392, #394 Bump supported ruby versions and add 2.6 JRuby failures are no longer ignored (reverts #375 / part of #371) Add changelog entry that was missing for last release #387 Comment cleanup #385
e79d9ea
7c65e1e
d65fe7b
97cb6ae
7849f73
4167f0c
94b7fa2
93505ca
6619bf3
ecb2776
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
@dependabot rebase
You can trigger Dependabot actions by commenting on this PR:
@dependabot recreate
@dependabot merge
@dependabot squash and merge
@dependabot cancel merge
@dependabot reopen
@dependabot close
@dependabot ignore this major version
@dependabot ignore this minor version
@dependabot ignore this dependency
@dependabot use these labels
@dependabot use these reviewers
@dependabot use these assignees
@dependabot use this milestone
You can disable automated security fix PRs for this repo from the Security Alerts page.
Sorry, something went wrong.
Bump rubyzip from 1.2.2 to 1.3.0 in /www/NeuroML-DB.org
8e34b27
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 1.2.2 to 1.3.0. - [Release notes](https://github.com/rubyzip/rubyzip/releases) - [Changelog](https://github.com/rubyzip/rubyzip/blob/master/Changelog.md) - [Commits](rubyzip/rubyzip@v1.2.2...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>
Successfully merging this pull request may close these issues.