[Security] Bump rubyzip from 1.2.1 to 1.2.2

[greysteil]

Bumps rubyzip from 1.2.1 to 1.2.2. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Ruby Advisory Database.

Directory Traversal in rubyzip
rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability
in Zip::File component that can result in write arbitrary files to the filesystem.
If a site allows uploading of .zip files, an attacker can upload a malicious file
which contains symlinks or files with absolute pathnames "../" to write arbitrary
files to the filesystem.

Patched versions: >= 1.2.2
Unaffected versions: none

Commits

• d07b13a Merge pull request #376 from jdleesmiller/fix-cve-2018-1000544
• fd81bd5 Bump version to 1.2.2
• cf35774 Bump version to 1.3.0
• ffb374c Bump version to 2.0.0
• 8a1de58 Expand from root rather than current working directory
• 3dd165b Disable symlinks and check for path traversal
• ffebfa3 Consolidate path traversal tests
• 9c468f3 Add jwilk's path traversal tests
• 0586329 Trigger CI again
• cf71583 Move jruby to allow failures matrix till crc uint 32 issues are resolved
• Additional commits viewable in compare view

[greysteil]

@devton / @thiagocatarse - did you have a chance to think about switching Dependabot on? I'd love you to use it, and if I can help out with the initial work of getting everything up-to-date I'm more than happy to.

(You definitely want to merge this either way - this vulnerability looks quite serious.)