Fix rubyzip vuln. and upgrade to Optimist

cblackburn-ajla · cblackburn-ajla · commit 1681a03b08f5 · 2019-01-11T13:26:10.000-07:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -4,10 +4,10 @@ PATH
     free_zipcode_data (1.0.1)
       colored (~> 1.2)
       kiba (~> 2.0)
+      optimist (~> 3.0)
       ruby-progressbar (~> 1.9)
-      rubyzip (~> 1.2)
+      rubyzip (>= 1.2.2)
       sqlite3 (~> 1.3)
-      trollop (~> 2.1)
 
 GEM
   remote: https://rubygems.org/
@@ -20,6 +20,7 @@ GEM
     json (2.1.0)
     kiba (2.0.0)
     method_source (0.8.2)
+    optimist (3.0.0)
     parallel (1.12.1)
     parser (2.5.1.0)
       ast (~> 2.4.0)
@@ -54,15 +55,14 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-prof (0.17.0)
     ruby-progressbar (1.9.0)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     simplecov (0.16.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
     slop (3.6.0)
     sqlite3 (1.3.13)
-    trollop (2.1.2)
     unicode-display_width (1.3.2)
 
 PLATFORMS
@@ -79,4 +79,4 @@ DEPENDENCIES
   simplecov (~> 0.16)
 
 BUNDLED WITH
-   1.16.1
+   1.17.1
diff --git a/free_zipcode_data.gemspec b/free_zipcode_data.gemspec
@@ -35,9 +35,9 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency 'colored', '~> 1.2'
   spec.add_runtime_dependency 'kiba', '~> 2.0'
+  spec.add_runtime_dependency 'optimist', '~> 3.0'
   spec.add_runtime_dependency 'ruby-progressbar', '~> 1.9'
-  spec.add_runtime_dependency 'rubyzip', '~> 1.2'
+  spec.add_runtime_dependency 'rubyzip', '>= 1.2.2'
   spec.add_runtime_dependency 'sqlite3', '~> 1.3'
-  spec.add_runtime_dependency 'trollop', '~> 2.1'
 end
 # rubocop:enable Metrics/BlockLength
diff --git a/lib/free_zipcode_data/runner.rb b/lib/free_zipcode_data/runner.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'colored'
-require 'trollop'
+require 'optimist'
 require 'kiba'
 
 require_relative '../etl/free_zipcode_data_job'
@@ -104,7 +104,7 @@ def extract_transform_load(datasource, database)
     # rubocop:disable Metrics/BlockLength
     # rubocop:disable Metrics/MethodLength
     def collect_args
-      Trollop.options do
+      Optimist.options do
         opt(
           :work_dir,
           'REQUIRED: Specify your work/build directory, where the SQLite and .csv files will be built',
