From e8c23f99c5097199b7d955268e1c97314d25480b Mon Sep 17 00:00:00 2001 From: Stefan Sundin Date: Wed, 6 Nov 2019 20:37:56 -0800 Subject: [PATCH 14/15] Bump rubyzip version to fix CVE-2019-16892. --- vagrant.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vagrant.gemspec b/vagrant.gemspec index 04561f9c9..58b4cb7ad 100644 --- a/vagrant.gemspec +++ b/vagrant.gemspec @@ -29,7 +29,7 @@ Gem::Specification.new do |s| s.add_dependency "net-scp", "~> 1.2.0" s.add_dependency "rb-kqueue", "~> 0.2.0" s.add_dependency "rest-client", ">= 1.6.0", "< 3.0" - s.add_dependency "rubyzip", "~> 1.2.2" + s.add_dependency "rubyzip", "~> 1.3" s.add_dependency "winrm", "~> 2.1" s.add_dependency "winrm-fs", "~> 1.0" s.add_dependency "winrm-elevated", "~> 1.1" -- 2.24.0