fix vulnerability CVE-2019-16892

Name: rubyzip Version: 1.2.2 Advisory: CVE-2019-16892 Criticality: Unknown URL: rubyzip/rubyzip#403 Title: Denial of Service in rubyzip ("zip bombs") Solution: upgrade to >= 1.3.0
senid231 · Oct 1, 2019 · 687e3f9 · 687e3f9
1 parent 64f594b
commit 687e3f9
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -56,12 +56,12 @@ GIT
 
 GIT
   remote: https://github.com/yeti-switch/odf-report.git
-  revision: 3e956a60c0ed9eaeff53350707b36e48da7e13d6
+  revision: a7cb56247741ad907813ff363c3dc4e985e92903
   branch: master-2018
   specs:
     odf-report (0.5.2)
       nokogiri (>= 1.5.0)
-      rubyzip (~> 1.2.0)
+      rubyzip (~> 1.2)
 
 GIT
   remote: https://github.com/yeti-switch/secondbase.git
@@ -446,7 +446,7 @@ GEM
       sexp_processor (~> 4.6)
     ruby_parser (3.11.0)
       sexp_processor (~> 4.9)
-    rubyzip (1.2.2)
+    rubyzip (1.3.0)
     safe_yaml (1.0.4)
     sass (3.4.25)
     sass-globbing (1.1.5)