iron_worker_ruby_ng icon indicating copy to clipboard operation
iron_worker_ruby_ng copied to clipboard

Published 20 hours ago verified publisher icon iron-io

Upgrade to RubyZip 1.1.0 to resolve installation problems with newer gems.

Open akshayrawat opened this issue 10 years ago • 4 comments

IronWorker uses an ancient and exact version of RubyZip 0.9.9 (released June 17, 2012). Most recent gems need RubyZip 1.0.x (released Aug, 2013) or higher. This results in installation problems when the IronWorker gem is to be used with such gems.

Lets upgrade this gem to use the RubyZip ~> 1.1.0

akshayrawat avatar Jun 05 '14 08:06 akshayrawat

I'm not sure why the RubyZip version was downgraded - https://github.com/iron-io/iron_worker_ruby_ng/commit/2d2d62ab8e749d8a38c8a59a47fb5224c178d2d1

akshayrawat avatar Jun 05 '14 08:06 akshayrawat

Ya, we need to figure this out, I can't remember why we reverted it.

treeder avatar Jun 06 '14 15:06 treeder

I made pull request #185 to upgrade rubyzip, but I'm a little weary since I don't know the reason why it was downgraded in the first place.

treeder avatar Jun 23 '14 22:06 treeder

FWIW, rubyzip <= 1.2.0 has a serious security vulnerability: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5946

gtd avatar Mar 03 '17 18:03 gtd