Skip to content
This repository has been archived by the owner on May 10, 2023. It is now read-only.

Bump minitar from 0.5.3 to 0.6 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump minitar from 0.5.3 to 0.6 #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 17, 2019

Bumps minitar from 0.5.3 to 0.6.

Changelog

Sourced from minitar's changelog.

0.6 / 2017-02-07

  • Breaking Changes:

    • Extracted bin/minitar into a new gem, minitar-cli. No, I am not
      going to bump the major version for this. As far as I can tell, few
      people use the command-line utility anyway. (Installing
      archive-tar-minitar will install both minitar and minitar-cli, at
      least until version 1.0.)

    • Minitar extraction before 0.6 traverses directories if the tarball
      includes a relative directory reference, as reported in #16[] by
      @​ecneladis. This has been disallowed entirely and will throw a
      SecureRelativePathError when found. Additionally, if the final
      destination of an entry is an already-existing symbolic link, the
      existing symbolic link will be removed and the file will be written
      correctly (on platforms that support symblic links).

  • Enhancements:

    • Licence change. After speaking with Mauricio Fernández, we have changed
      the licensing of this library to Ruby and Simplified BSD and have
      dropped the GNU GPL license. This takes effect from the 0.6 release.
    • Printing a deprecation warning for including Archive::Tar to put
      Minitar in the top-level namespace.
    • Printing a deprecation warning for including Archive::Tar::Minitar into
      a class (Minitar will be a class for version 1.0).
    • Moved Archive::Tar::PosixHeader to Archive::Tar::Minitar::PosixHeader
      with a deprecation warning. Do not depend on
      Archive::Tar::Minitar::PosixHeader, as it will be moving to
      ::Minitar::PosixHeader in a future release.
    • Added an alias, ::Minitar, for Archive::Tar::Minitar, opted in with
      require 'minitar'. In future releases, this alias will be enabled by
      default, and the Archive::Tar namespace will be removed entirely for
      version 1.0.
    • Modified the handling of mtime in PosixHeader to do an integer
      conversion (#to_i) so that a Time object can be used instead of the
      integer value of the time object.
    • Writer::RestrictedStream was renamed to Writer::WriteOnlyStream for
      clarity. No alias or deprecation warning was provided for this as it is
      an internal implementation detail.
    • Writer::BoundedStream was renamed to Writer::BoundedWriteStream for
      clarity. A deprecation warning is provided on first use because a
      BoundedWriteStream may raise a BoundedWriteStream::FileOverflow
      exception.
    • Writer::BoundedWriteStream::FileOverflow has been renamed to
      Writer::WriteBoundaryOverflow and inherits from StandardError instead
      of RuntimeError. Note that for Ruby 2.0 or higher, an error will be
      raised when specifying Writer::BoundedWriteStream::FileOverflow because
      Writer::BoundedWriteStream has been declared a private constant.
... (truncated)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants