Remove rubyzip 1.2.1

Description

Name: rubyzip
Version: 1.2.1
Advisory: CVE-2018-1000544
Criticality: Unknown
URL: https://github.com/rubyzip/rubyzip/issues/369
Title: Directory Traversal in rubyzip
Solution: remove or disable this gem until a patch is available!

As of Aug 28, 2018 there's no patch for this vulnerability. The gem is used only by selenium-webdriver, which is a test-only dependency (for AO3-4787), so we can remove both rubyzip and selenium-webdriver for now.

How to test: none, it's just tests.

Environment

None

Status

Assignee

redsummernight

Reporter

redsummernight

Roadmap

Misc

Priority

Medium

Affects versions

0.9.220

Fix versions

Components

AutomatedTests

Difficulty

Medium

Required Access Level

None

Epic Link

Milestone

Internal 0.9