Unverified Commit 56bb4be9 authored Oct 05, 2018 by Benjamin Neff Committed by Dennis Schubert Oct 08, 2018

Bump rubyzip

Fixes CVE-2018-1000544

parent fc6893d4

Gemfile

+1 −1

Original line number	Diff line number	Diff line
		@@ -199,7 +199,7 @@ gem "logging-rails", "0.6.0", require: "logging/rails"

		# Reading and writing zip files

		gem "rubyzip", "1.2.1", require: "zip"
		gem "rubyzip", "1.2.2", require: "zip"

		# Prevent occasions where minitest is not bundled in
		# packaged versions of ruby. See following issues/prs:

Gemfile.lock

+3 −3

Original line number	Diff line number	Diff line
		@@ -618,7 +618,7 @@ GEM
		ruby-oembed (0.12.0)
		ruby-progressbar (1.9.0)
		ruby_dep (1.5.0)
		rubyzip (1.2.1)
		rubyzip (1.2.2)
		rufus-scheduler (3.4.2)
		et-orbi (~> 1.0)
		rugged (0.27.0)
		@@ -872,7 +872,7 @@ DEPENDENCIES
		rspec-rails (= 3.7.2)
		rubocop (= 0.54.0)
		ruby-oembed (= 0.12.0)
		rubyzip (= 1.2.1)
		rubyzip (= 1.2.2)
		sass-rails (= 5.0.7)
		secure_headers (= 5.0.5)
		shoulda-matchers (= 3.1.2)
		@@ -900,4 +900,4 @@ DEPENDENCIES
		will_paginate (= 3.1.6)

		BUNDLED WITH
		1.16.4
		1.16.5