update rubyzip to address CVE-2019-16892 (#3355)

department-of-veterans-affairs · Sep 30, 2019 · f0c7430 · f0c7430
1 parent b329f7e
commit f0c7430
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Gemfile b/Gemfile
@@ -82,7 +82,7 @@ gem 'redis'
 gem 'redis-namespace'
 gem 'restforce'
 gem 'ruby-saml'
-gem 'rubyzip', '>= 1.0.0'
+gem 'rubyzip', '>= 1.3.0'
 gem 'savon'
 gem 'sentry-raven', '2.9.0' # don't change gem version unless sentry server is also upgraded
 gem 'shrine'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -530,7 +530,7 @@ GEM
     ruby-saml (1.7.0)
       nokogiri (>= 1.5.10)
     ruby_dep (1.5.0)
-    rubyzip (1.2.2)
+    rubyzip (2.0.0)
     rufus-scheduler (3.6.0)
       fugit (~> 1.1, >= 1.1.6)
     safe_shell (1.0.3)
@@ -744,7 +744,7 @@ DEPENDENCIES
   rubocop-rails
   rubocop-rspec
   ruby-saml
-  rubyzip (>= 1.0.0)
+  rubyzip (>= 1.3.0)
   savon
   seedbank
   sentry-raven (= 2.9.0)