From 56bb4be9d31f9fed4fefe77b7eeabea886e77a75 Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Fri, 5 Oct 2018 01:19:38 +0200
Subject: [PATCH] Bump rubyzip

Fixes CVE-2018-1000544
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 559a40581..d265f5794 100644
--- a/Gemfile
+++ b/Gemfile
@@ -199,7 +199,7 @@ gem "logging-rails", "0.6.0", require: "logging/rails"
 
 # Reading and writing zip files
 
-gem "rubyzip", "1.2.1", require: "zip"
+gem "rubyzip", "1.2.2", require: "zip"
 
 # Prevent occasions where minitest is not bundled in
 # packaged versions of ruby. See following issues/prs:
diff --git a/Gemfile.lock b/Gemfile.lock
index 1af644261..3d47603c1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -618,7 +618,7 @@ GEM
     ruby-oembed (0.12.0)
     ruby-progressbar (1.9.0)
     ruby_dep (1.5.0)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     rufus-scheduler (3.4.2)
       et-orbi (~> 1.0)
     rugged (0.27.0)
@@ -872,7 +872,7 @@ DEPENDENCIES
   rspec-rails (= 3.7.2)
   rubocop (= 0.54.0)
   ruby-oembed (= 0.12.0)
-  rubyzip (= 1.2.1)
+  rubyzip (= 1.2.2)
   sass-rails (= 5.0.7)
   secure_headers (= 5.0.5)
   shoulda-matchers (= 3.1.2)
@@ -900,4 +900,4 @@ DEPENDENCIES
   will_paginate (= 3.1.6)
 
 BUNDLED WITH
-   1.16.4
+   1.16.5