Bump rubyzip from 3.2.2 to 3.4.0

[dependabot]

Bumps rubyzip from 3.2.2 to 3.4.0.

Release notes

Sourced from rubyzip's releases.

v3.4.0

Version 3.4.0

3.4.0 adds lib/rubyzip.rb to make including rubyzip in your Gemfile easier. See README.md for details.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.1

Version 3.3.1

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

v3.3.0

Version 3.3.0

The 3.3.x line ensures that Zip::InputStream behaves more like standard Ruby IO classes.

⚠️ There are breaking changes in the 3.x series ⚠️

Please see the README and Updating to version 3.x in the wiki for help upgrading from version 2.4.x to version 3.x.

Changelog

Sourced from rubyzip's changelog.

3.4.0 (2026-06-14)

• Prevent entries from being extracted outside specified directory. #664. Thanks to @​connorshea for additional reporting on this.
• Use SecureRandom in place of insecure Random.
• Stop reading the central directory on first error.
• Add a check on number of declared entries in a zip file. Thanks to @​connorshea for reporting this.
• Add note to README re reporting security issues privately.
• Add lib/rubyzip.rb for Bundler auto-require. #660

Tooling/internal:

• Replace the test Excel spreadsheet fixture.
• Use assert_silent shorthand when expecting no output from a test.
• Clean up CentralDirectory instance variables.
• Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
• List ZIP docs that we store here and link to online versions. #657

3.3.1 (2026-05-30)

• Reinstate default param for InputStream#sysread. #663

3.3.0 (2026-05-02)

• Refactor InputStream and AbstractInputStream. #661

Tooling/internal:

• Update Actions to use checkout@v5.
• Add Ruby4.0 to the CI matrix. #659

Commits

• 93f9e6f Update version number and Changelog for release.
• 17edfbf Prevent entries from being extracted outside specified directory.
• c590916 Replace the test Excel spreadsheet fixture.
• d07ee79 Use SecureRandom in place of insecure Random.
• ef5af4f Use assert_silent shorthand when expecting no output from a test.
• 31dfe7a Stop reading the central directory on first error.
• 8637792 Add a check on number of declared entries in a zip file.
• 73b4455 Clean up CentralDirectory instance variables.
• 033d0cf Add note to README re reporting security issues privately.
• c1ba5b3 Add Ruby 4.0 to the Windows CI and update CI matrix in the README.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)