Merge branch '50930-update-rubyzip-to-1-2-2' into 'master'

Update rubyzip gem to 1.2.2 (CVE-2018-1000544)

Closes #50930

See merge request gitlab-org/gitlab-ce!21460

4 files changed, 9 insertions, 4 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index b9fa9c74919..91cd360e708 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -801,7 +801,7 @@ GEM
       sexp_processor (~> 4.1)
     rubyntlm (0.6.2)
     rubypants (0.2.0)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     rufus-scheduler (3.4.0)
       et-orbi (~> 1.0)
     rugged (0.27.4)
diff --git a/Gemfile.rails5.lock b/Gemfile.rails5.lock
index 0171c3564e3..ba9b06a08cb 100644
--- a/Gemfile.rails5.lock
+++ b/Gemfile.rails5.lock
@@ -809,7 +809,7 @@ GEM
       sexp_processor (~> 4.1)
     rubyntlm (0.6.2)
     rubypants (0.2.0)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     rufus-scheduler (3.4.0)
       et-orbi (~> 1.0)
     rugged (0.27.4)
diff --git a/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml b/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml
new file mode 100644
index 00000000000..be5cc60df64
--- /dev/null
+++ b/changelogs/unreleased/50930-update-rubyzip-to-1-2-2.yml
@@ -0,0 +1,5 @@
+---
+title: Update rubyzip to 1.2.2 (CVE-2018-1000544)
+merge_request: 21460
+author: Takuya Noguchi
+type: security
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 1bc424335f8..8f523e55adc 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -77,7 +77,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.0)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     selenium-webdriver (3.8.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.0)
@@ -103,4 +103,4 @@ DEPENDENCIES
   selenium-webdriver (~> 3.8.0)
 
 BUNDLED WITH
-   1.16.1
+   1.16.4