Bump rubyzip dependency to ~> 3.0#194
Merged
Merged
Conversation
Contributor
Author
|
Do not merge. |
This was referenced Oct 2, 2025
Closed
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the project to RubyZip 3.x to support reliable Zip64 read/write behavior (notably for backup/export), and adjusts call sites to comply with RubyZip 3.x API changes.
Changes:
- Bump
rubyzipruntime dependency from< 3.0.0to~> 3.0. - Update zip creation calls to use
Zip::File.open(..., create: true)in exporter code and factory helpers. - Update zip extraction to RubyZip 3.x’s
destination_directory:keyword argument.
Impact Analysis:
- Blast radius: medium—affects all consumers of zip import/export paths (
Metasploit::Credential::Importer::ZipandMetasploit::Credential::Exporter::Core) and the test suite factories; downstream effects depend on how this gem is used in larger apps (Unknown). - Data and contract effects: zip file read/write behavior may differ under RubyZip 3.x; gem dependency constraint currently allows 3.0.x despite PR text claiming 3.1.1 minimum.
- Rollback and test focus: rollback is straightforward (dependency + API call sites); focus validation on importing well-formed/malformed zips and exporting zips (including Zip64-sized archives if covered).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
spec/factories/metasploit/credential/importer/zips.rb |
Updates Zip::File open semantics for RubyZip 3.x in factory-generated zips. |
metasploit-credential.gemspec |
Bumps RubyZip dependency constraint to the 3.x series. |
lib/metasploit/credential/importer/zip.rb |
Updates extraction API usage for RubyZip 3.x. |
lib/metasploit/credential/exporter/core.rb |
Updates zip creation API usage for RubyZip 3.x. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| def input_is_well_formed | ||
| begin | ||
| Zip::File.open input.path do |archive| | ||
| Zip::File.open(input.path) do |archive| |
adfoster-r7
force-pushed
the
bump-ruby-zip-to-3_1_1
branch
3 times, most recently
from
d337d37 to
a516640
Compare
adfoster-r7
force-pushed
the
bump-ruby-zip-to-3_1_1
branch
from
a516640 to
17d71e9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps RubyZip to 3.1.1
This is needed to be able to reliably read and write Zip64 zip files, particularly in the backup routine.
Following changes made to to comply with breaking changes in RubyZip 3.x
Metasploit::Credential::Importer::ZipMetasploit::Credential::Importer::ZipAutomated test suite passing again.