Skip to content

chore(deps): bump zip from 7.1.0 to 7.2.0 in the minor-and-patch group#40

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/cargo/minor-and-patch-4b7d7483b1
Jan 26, 2026
Merged

chore(deps): bump zip from 7.1.0 to 7.2.0 in the minor-and-patch group#40
github-actions[bot] merged 1 commit intomainfrom
dependabot/cargo/minor-and-patch-4b7d7483b1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026
edited
Loading

Bumps the minor-and-patch group with 1 update: zip.

Updates zip from 7.1.0 to 7.2.0

Release notes

Sourced from zip's releases.

v7.2.0

🚀 Features

  • add read_zipfile_from_stream_with_compressed_size (#70)
  • Allow choosing bzip2 rust backend (#329)

🐛 Bug Fixes

  • Need to include zip64 extra field in central directory (fix #353) (#360)
  • Fails to extract file which might or might not be malformed (#376) (#426)
  • (aes) Allow AES encryption while streaming (#463)
  • Default "platform" field in zip files should be set to the local platform, rather than always "Unix" (#470) (#471)

🚜 Refactor

  • Define cfg_if! and cfg_if_expr! internal macros (#438)

⚡ Performance

  • Change an assert to debug_assert when encrypting/decrypting AES, and eliminate a fallible operation (#521)
  • eliminate a String clone per new file added to archive, and other related refactors (#522)

⚙️ Miscellaneous Tasks

  • Fix another merge error, this one affecting only builds with flate2 and not zopfli
  • Fix more merge issues
  • Fix merge
  • Fix write_dir build errors on specific feature configs
  • Fix clippy warning
  • Fix --all-features build error
  • Fix merge
Changelog

Sourced from zip's changelog.

7.2.0 - 2026-01-20

🚀 Features

  • add read_zipfile_from_stream_with_compressed_size (#70)
  • Allow choosing bzip2 rust backend (#329)

🐛 Bug Fixes

  • Need to include zip64 extra field in central directory (fix #353) (#360)
  • Fails to extract file which might or might not be malformed (#376) (#426)
  • (aes) Allow AES encryption while streaming (#463)
  • Default "platform" field in zip files should be set to the local platform, rather than always "Unix" (#470) (#471)

🚜 Refactor

  • Define cfg_if! and cfg_if_expr! internal macros (#438)

⚡ Performance

  • Change an assert to debug_assert when encrypting/decrypting AES, and eliminate a fallible operation (#521)
  • eliminate a String clone per new file added to archive, and other related refactors (#522)
Commits
  • 46dc29c chore: release v7.2.0 (#526)
  • 8a586c6 test: Move a test that was in wrong folder and was using main() instead of `#...
  • cfbb476 docs(examples): Fix remaining log-injection alerts, and simplify writeln to e...
  • d905296 ci: Disable trigger on non-master push (#538)
  • a3a8696 chore(deps): Increase zstd minimum version to 0.13.3 (#539)
  • abd8bc8 ci: Add wasm tests and restore conditional wasm-bindgen dependency (#525)
  • c10c339 doc(examples): add delete/update examples (#56)
  • 9c1a9c7 docs(examples): Fix code scanning alert no. 228: Uncontrolled data used in pa...
  • a12eaaf ci: Combine rename invocations (#533)
  • e86d376 fix: Need to include zip64 extra field in central directory (fix #353) (#360)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Dependency updates rust Rust crate labels Jan 26, 2026
@github-actions github-actions bot added the core Changes to exarch-core label Jan 26, 2026
@bug-ops
Copy link
Copy Markdown
Owner

bug-ops commented Jan 26, 2026

@dependabot recreate

@dependabot
chore(deps): bump zip from 7.1.0 to 7.2.0 in the minor-and-patch group
65925bf 
Bumps the minor-and-patch group with 1 update: [zip](https://github.com/zip-rs/zip2).


Updates `zip` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](zip-rs/zip2@v7.1.0...v7.2.0)

---
updated-dependencies:
- dependency-name: zip
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/minor-and-patch-4b7d7483b1 branch from f8a8a93 to 65925bf Compare January 26, 2026 16:45
@github-actions github-actions bot merged commit aae3653 into main Jan 26, 2026
16 checks passed
@dependabot dependabot bot deleted the dependabot/cargo/minor-and-patch-4b7d7483b1 branch January 26, 2026 16:47
@bug-ops bug-ops mentioned this pull request Feb 6, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core Changes to exarch-core dependencies Dependency updates rust Rust crate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bug-ops