inspec icon indicating copy to clipboard operation
inspec copied to clipboard
verified publisher icon inspec

Update rubyzip requirement from >= 1.2.2, < 3.0 to >= 1.2.2, < 4.0

Open dependabot[bot] opened this issue 4 months ago • 2 comments

Updates the requirements on rubyzip to permit the latest version.

Changelog

Sourced from rubyzip's changelog.

2.4.1 (2025-01-05)

This is a re-release of version 2.4 with a full version number string. We need to move to version 2.4.1 due to the canonical version number 2.4 now being taken in Rubygems.

Tooling:

  • Opt-in for MFA requirement explicitly on 2.4 branch.

2.4 (2025-01-04) - Yanked

Yanked due to incorrect version number format (2.4 vs 2.4.0).

  • Ensure compatibility with --enable-frozen-string-literal.
  • Ensure File.open_buffer doesn't rewrite unchanged data. This is a backport of the fix on the 3.x branch.
  • Enable use of the version 3 calling style (mainly named parameters) wherever possible, while retaining version 2.x compatibility.
  • Add (switchable) warning messages to methods that are changed or removed in version 3.x.

Tooling:

  • Switch to using GitHub Actions (from Travis).
  • Update Rubocop versions and configuration.
  • Update actions with latest rubies.

2.3.2 (2021-07-05)

  • A "dummy" release to warn about breaking changes coming in version 3.0. This updated version uses the Gem post_install_message instead of printing to STDERR.

2.3.1 (2021-07-03)

  • A "dummy" release to warn about breaking changes coming in version 3.0.

2.3.0 (2020-03-14)

  • Fix frozen string literal error #431
  • Set OutputStream.write_buffer's buffer to binmode #439
  • Upgrade rubocop and fix various linting complaints #437 #440

Tooling:

  • Add a bin/console script for development #420
  • Update rake requirement (development dependency only) to fix a security alert.

2.2.0 (2020-02-01)

  • Add support for decompression plugin gems #427

2.1.0 (2020-01-25)

  • Fix (at least partially) the restore_times and restore_permissions options to Zip::File.new #413
    • Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to false to preserve the current behavior, for the time being. If you have explicitly set either to true, it will now have an effect.

... (truncated)

Commits
  • 6c4b7a9 Move to version 2.4.1 due to clash with 2.4.
  • 3b4c2bf Opt-in for MFA requirement explicitly on 2.4
  • e3eb624 Make sure version number is 2.4.0.
  • c09352b Bump version and Changelog for release.
  • 71bb069 Update actions with latest rubies.
  • bb06f99 Update actions dependencies.
  • 3d95a82 Update earliest Ruby version for MacOS builds in CI.
  • 56954b0 Suppress "literal string will be frozen in the future" warning
  • 6ff40f7 Fix setting and restoring RUBYZIP_V3_API_WARN in tests.
  • e05dc9b Improve version 3 API messages.
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Jul 29 '25 05:07 dependabot[bot]

Deploy Preview for chef-inspec canceled.

Name Link
Latest commit 0028c94262e12acdce8c743e3c452effe98bbbf1
Latest deploy log https://app.netlify.com/projects/chef-inspec/deploys/6888603245834600085873ad

netlify[bot] avatar Jul 29 '25 05:07 netlify[bot]

Hello dependabot[bot]! Thanks for the pull request!

Here is what will happen next:

  1. Your PR will be reviewed by the maintainers.
  2. Possible Outcomes a. If everything looks good, one of them will approve it, and your PR will be merged. b. The maintainer may request follow-on work (e.g. code fix, linting, etc). We would encourage you to address this work in 2-3 business days to keep the conversation going and to get your contribution in sooner. c. Cases exist where a PR is neither aligned to Chef InSpec's product roadmap, or something the team can own or maintain long-term. In these cases, the maintainer will provide justification and close out the PR.

Thank you for contributing!

chef-expeditor[bot] avatar Jul 29 '25 05:07 chef-expeditor[bot]