Skip to content

Bump rubyzip from 3.0.2 to 3.4.0#905

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubyzip-3.4.0
Open

Bump rubyzip from 3.0.2 to 3.4.0#905
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubyzip-3.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps rubyzip from 3.0.2 to 3.4.0.

Release notes

Sourced from rubyzip's releases.

v3.4.0

Version 3.4.0

3.4.0 adds lib/rubyzip.rb to make including rubyzip in your Gemfile easier. See README.md for details.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.1

Version 3.3.1

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.0

Version 3.3.0

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.2.2

Version 3.2.2

The 3.2.x line adds the ability to suppress extra fields when creating new Zip files.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.2.1

Version 3.2.1

The 3.2.x line adds the ability to suppress extra fields when creating new Zip files.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.2.0

Version 3.2.0

The 3.2.x line adds the ability to suppress extra fields when creating new Zip files.

... (truncated)

Changelog

Sourced from rubyzip's changelog.

3.4.0 (2026-06-14)

  • Prevent entries from being extracted outside specified directory. #664. Thanks to @​connorshea for additional reporting on this.
  • Use SecureRandom in place of insecure Random.
  • Stop reading the central directory on first error.
  • Add a check on number of declared entries in a zip file. Thanks to @​connorshea for reporting this.
  • Add note to README re reporting security issues privately.
  • Add lib/rubyzip.rb for Bundler auto-require. #660

Tooling/internal:

  • Replace the test Excel spreadsheet fixture.
  • Use assert_silent shorthand when expecting no output from a test.
  • Clean up CentralDirectory instance variables.
  • Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
  • List ZIP docs that we store here and link to online versions. #657

3.3.1 (2026-05-30)

  • Reinstate default param for InputStream#sysread. #663

3.3.0 (2026-05-02)

  • Refactor InputStream and AbstractInputStream. #661

Tooling/internal:

  • Update Actions to use checkout@v5.
  • Add Ruby4.0 to the CI matrix. #659

3.2.2 (2025-11-02)

  • Fix reading EOCDs when header signatures are in an Entry payload. #656

Tooling/internal:

  • Stop using macos-13 runners in GitHub Actions.
  • Update YJIT GitHub Actions runners.

3.2.1 (2025-10-24)

  • Fix Entry#gather_fileinfo_from_srcpath error messages. #654

Tooling/internal:

  • Add some simple benchmarks for reading the cdir.

3.2.0 (2025-10-14)

... (truncated)

Commits
  • 93f9e6f Update version number and Changelog for release.
  • 17edfbf Prevent entries from being extracted outside specified directory.
  • c590916 Replace the test Excel spreadsheet fixture.
  • d07ee79 Use SecureRandom in place of insecure Random.
  • ef5af4f Use assert_silent shorthand when expecting no output from a test.
  • 31dfe7a Stop reading the central directory on first error.
  • 8637792 Add a check on number of declared entries in a zip file.
  • 73b4455 Clean up CentralDirectory instance variables.
  • 033d0cf Add note to README re reporting security issues privately.
  • c1ba5b3 Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump rubyzip from 3.0.2 to 3.4.0
848d20a 
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 3.0.2 to 3.4.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md)
- [Commits](rubyzip/rubyzip@v3.0.2...v3.4.0)

---
updated-dependencies:
- dependency-name: rubyzip
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 30, 2026
Copilot AI review requested due to automatic review settings June 30, 2026 09:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 30, 2026
Copilot AI reviewed Jun 30, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@cla-bot cla-bot Bot added the cla-signed label Jun 30, 2026
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

Test coverage

92.04% line coverage reported by SimpleCov.
Run: https://github.com/RaspberryPiFoundation/editor-api/actions/runs/28434082452

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cla-signed dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raspberrypiherokubot