Title: Directory Traversal in rubyzip
Solution: remove or disable this gem until a patch is available!
As of Aug 28, 2018 there's no patch for this vulnerability. The gem is used only by selenium-webdriver, which is a test-only dependency (for AO3-4787), so we can remove both rubyzip and selenium-webdriver for now.
How to test: none, it's just tests.