Skip to content

chore(deps): bump rubyzip from 3.3.0 to 3.4.0#63

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubyzip-3.4.0
Open

chore(deps): bump rubyzip from 3.3.0 to 3.4.0#63
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/rubyzip-3.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Bumps rubyzip from 3.3.0 to 3.4.0.

Release notes

Sourced from rubyzip's releases.

v3.4.0

Version 3.4.0

3.4.0 adds lib/rubyzip.rb to make including rubyzip in your Gemfile easier. See README.md for details.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.1

Version 3.3.1

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.4.0 (2026-06-14)

  • Prevent entries from being extracted outside specified directory. #664. Thanks to @​connorshea for additional reporting on this.
  • Use SecureRandom in place of insecure Random.
  • Stop reading the central directory on first error.
  • Add a check on number of declared entries in a zip file. Thanks to @​connorshea for reporting this.
  • Add note to README re reporting security issues privately.
  • Add lib/rubyzip.rb for Bundler auto-require. #660

Tooling/internal:

  • Replace the test Excel spreadsheet fixture.
  • Use assert_silent shorthand when expecting no output from a test.
  • Clean up CentralDirectory instance variables.
  • Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
  • List ZIP docs that we store here and link to online versions. #657

3.3.1 (2026-05-30)

  • Reinstate default param for InputStream#sysread. #663
Commits
  • 93f9e6f Update version number and Changelog for release.
  • 17edfbf Prevent entries from being extracted outside specified directory.
  • c590916 Replace the test Excel spreadsheet fixture.
  • d07ee79 Use SecureRandom in place of insecure Random.
  • ef5af4f Use assert_silent shorthand when expecting no output from a test.
  • 31dfe7a Stop reading the central directory on first error.
  • 8637792 Add a check on number of declared entries in a zip file.
  • 73b4455 Clean up CentralDirectory instance variables.
  • 033d0cf Add note to README re reporting security issues privately.
  • c1ba5b3 Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Jun 15, 2026
@dependabot dependabot Bot mentioned this pull request Jun 15, 2026
Closed
@dependabot
chore(deps): bump rubyzip from 3.3.0 to 3.4.0
622f878 
Bumps [rubyzip](https://github.com/rubyzip/rubyzip) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md)
- [Commits](rubyzip/rubyzip@v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: rubyzip
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/rubyzip-3.4.0 branch from 65c9d58 to 622f878 Compare June 18, 2026 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants