Update RubyZip version - including licensefinder and metasploit-credential#21487
Merged
adfoster-r7 merged 1 commit intoMay 26, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the development/test-time license_finder dependency to a Rapid7 fork to allow a newer rubyzip constraint, and refreshes generated gem license inventory output accordingly.
Changes:
- Switch
license_finderto a git-sourced Rapid7 fork (7.2.1) and updateGemfile.lockto match. - Regenerate
LICENSE_GEMSwith the updated LicenseFinder output (license string formatting and some gem/version entries change).
Impact Analysis:
- Blast radius: medium—affects developer/CI bundler installs for the
:development, :testgroups and thetools/dev/update_gem_licenses.shrelease/support workflow; Unknown downstream consumers ofLICENSE_GEMS. - Data and contract effects: no runtime schema/contract changes;
LICENSE_GEMScontent is a compliance artifact and must match the locked bundle. - Rollback and test focus: rollback is straightforward (revert Gemfile/Gemfile.lock/LICENSE_GEMS); validate
bundle installproduces the same resolved gems andbundle exec ./tools/dev/update_gem_licenses.shreproduces the committedLICENSE_GEMS.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Gemfile | Moves license_finder from a pinned gem version to a Rapid7 git fork (temporary until upstream PR merges). |
| Gemfile.lock | Adds a git-sourced license_finder (7.2.1) and replaces toml with tomlrb as part of the updated dependency tree. |
| LICENSE_GEMS | Updates the generated license inventory output produced by tools/dev/update_gem_licenses.sh. |
Contributor
Author
Release NotesUpdates to a newer version of RubyZip to support Zip files larger than 4GB |
adfoster-r7
force-pushed
the
update-licensefinder-dependency
branch
from
4bfe958 to
172712f
Compare
adfoster-r7
force-pushed
the
update-licensefinder-dependency
branch
from
172712f to
6281eda
Compare
adfoster-r7
changed the title
cgranleese-r7
approved these changes
May 26, 2026
adfoster-r7
added
rn-fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update the LicenseFinder dependency. We point at a custom Rapid7 fork, which can be deleted in the future once the referenced PR is merged upstream. This pattern will allow us to bump to a newer version of RubyZip too for supporting >4gb ZipFiles
Required: rapid7/metasploit-credential#194
Verification
Script ran locally: