Bump zlib from 3.2.1 to 3.2.3 by dependabot[bot] · Pull Request #2155 · chicago-tool-library/circulate

dependabot · 2026-04-16T20:42:16Z

Bumps zlib from 3.2.1 to 3.2.3.

Release notes

v3.2.3

What's Changed

CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader

Full Changelog: ruby/zlib@v3.2.2...v3.2.3

v3.2.2

What's Changed

Test with ppc64le and s390x by @hsbt in ruby/zlib#101

CI: Skip ppc64le/s390x cases in forked repositories. by @junaruga in ruby/zlib#102

CI: test.yml: build-ibm: Use nproc instead of hard-coded number 2. by @junaruga in ruby/zlib#106

Add a workflow to sync commits to ruby/ruby by @k0kubun in ruby/zlib#107

Load the same loaded zlib by @nobu in ruby/zlib#108

Initialize const member by @nobu in ruby/zlib#110

Totally disable the DFLTCC extension before tests by @nobu in ruby/zlib#111

Full Changelog: ruby/zlib@v3.2.1...v3.2.2

Commits

899f9fd Merge branch 'CVE-2026-27820-3-4-4-0' into 3-2-stable
d9c7876 Bump up to 3.2.3
608d2be Fix buffer overflow at ungetc
5d50b22 Bump up v3.2.2
7be618d Update the latest versions of actions
6035c53 Merge pull request #111 from nobu/dfltcc-s390x
099b87b Totally disable the DFLTCC extension before tests
c4549d0 Merge pull request #110 from nobu/const-member
dfa1fcb Initialize const member
e2578be Merge pull request #108 from nobu/loaded_zlib
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [zlib](https://github.com/ruby/zlib) from 3.2.1 to 3.2.3. - [Release notes](https://github.com/ruby/zlib/releases) - [Commits](ruby/zlib@v3.2.1...v3.2.3) --- updated-dependencies: - dependency-name: zlib dependency-version: 3.2.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Apr 16, 2026

crismali approved these changes Apr 16, 2026

View reviewed changes

crismali merged commit 923196d into main Apr 16, 2026
7 checks passed

crismali deleted the dependabot/bundler/zlib-3.2.3 branch April 16, 2026 21:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump zlib from 3.2.1 to 3.2.3#2155

Bump zlib from 3.2.1 to 3.2.3#2155
crismali merged 1 commit intomainfrom
dependabot/bundler/zlib-3.2.3

dependabot Bot commented on behalf of github Apr 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 16, 2026

v3.2.3

What's Changed

v3.2.2

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant