Our team would love to see this merged and released as well. This has started to show up in our automated vulnerability analysis (https://hakiri.io/technologies/rubyzip/issues/1e6c19ff65e713) and our builds are red as a result.
Happy to help get this over the line if any additional work is needed. Please let me know!
Tests are in: jdleesmiller@9c468f3
Good news: most pass.
Bad news: two don't pass:
I have not yet attempted to fix the bugs, and I'm not sure I know enough about this library to do that, but I thought I should at least report the test results.
Edit: Tried out a (rather drastic) fix in #376