Allow newer versions of rubyzip

Question

Allow newer versions of rubyzip

ioanatia opened this issue 4 years ago · 4 comments

Because of rubyzip/rubyzip#384 when rubyzip is one of the bundled gems, some anti-virus solutions will flag the package as a security issue.

The issue was fixed in rubyzip 2.0.0, however because warbler requires rubyzip with ['~> 1.0', '< 1.4'], upgrading rubyzip to a newer version is not an option AFAICS.

rubyzip is used in ZipSupport which looks like it should still work with the latest version of the gem.

In this case just relaxing the requirement in warbler.gemspec to allow for newer versions of rubyzip might suffice.

Answer 1 · 2021-03-24T11:52:57.000Z

This was the commit which introduced the limitation: #362

Answer 2 · 2021-03-24T11:55:34.000Z

Let's make an attempt! @ioanatia Would you like to offer a PR?

Answer 3 · 2021-03-24T15:10:58.000Z

Sure, I can do that.

Answer 4 · 2021-03-24T17:56:37.000Z

Go for it! Thank you for reporting and attempting a PR!