Allow newer versions of rubyzip
ioanatia opened this issue · 4 comments
Because of rubyzip/rubyzip#384 when rubyzip is one of the bundled gems, some anti-virus solutions will flag the package as a security issue.
The issue was fixed in rubyzip 2.0.0, however because warbler requires rubyzip with ['~> 1.0', '< 1.4']
, upgrading rubyzip to a newer version is not an option AFAICS.
rubyzip is used in ZipSupport which looks like it should still work with the latest version of the gem.
In this case just relaxing the requirement in warbler.gemspec to allow for newer versions of rubyzip
might suffice.
This was the commit which introduced the limitation: #362
Let's make an attempt! @ioanatia Would you like to offer a PR?
Sure, I can do that.
Go for it! Thank you for reporting and attempting a PR!