SECURITY: update rubyzip dependency

SECURITY: update rubyzip dependency

This updates rubyzip library so that callers can trust entries when extracting files avoiding situations where a rogues zip imported by a rogue admin could cause a disk space issue.

diff --git a/Gemfile.lock b/Gemfile.lock
index 28c1dfe..e859be9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -353,7 +353,7 @@ GEM
       guess_html_encoding (>= 0.0.4)
       nokogiri (>= 1.6.0)
     ruby_dep (1.5.0)
-    rubyzip (1.2.3)
+    rubyzip (2.0.0)
     safe_yaml (1.0.5)
     sanitize (5.0.0)
       crass (~> 1.0.2)

GitHub sha: 0420e814

1 Like