From f0c7430a7c4385796ddcd14fd43152f373848e40 Mon Sep 17 00:00:00 2001
From: Anna Carey <anna@adhocteam.us>
Date: Mon, 30 Sep 2019 14:21:22 -0400
Subject: [PATCH] update rubyzip to address CVE-2019-16892 (#3355)

---
 Gemfile      | 2 +-
 Gemfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index 76a6d6e2628..62852e0c645 100644
--- a/Gemfile
+++ b/Gemfile
@@ -82,7 +82,7 @@ gem 'redis'
 gem 'redis-namespace'
 gem 'restforce'
 gem 'ruby-saml'
-gem 'rubyzip', '>= 1.0.0'
+gem 'rubyzip', '>= 1.3.0'
 gem 'savon'
 gem 'sentry-raven', '2.9.0' # don't change gem version unless sentry server is also upgraded
 gem 'shrine'
diff --git a/Gemfile.lock b/Gemfile.lock
index 1fd6233362b..3947030d22c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -530,7 +530,7 @@ GEM
     ruby-saml (1.7.0)
       nokogiri (>= 1.5.10)
     ruby_dep (1.5.0)
-    rubyzip (1.2.2)
+    rubyzip (2.0.0)
     rufus-scheduler (3.6.0)
       fugit (~> 1.1, >= 1.1.6)
     safe_shell (1.0.3)
@@ -744,7 +744,7 @@ DEPENDENCIES
   rubocop-rails
   rubocop-rspec
   ruby-saml
-  rubyzip (>= 1.0.0)
+  rubyzip (>= 1.3.0)
   savon
   seedbank
   sentry-raven (= 2.9.0)