Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(deps): Bump zip from 0.6.6 to 1.2.3 in /rust (#4970)
Bumps [zip](https://github.com/zip-rs/zip2) from 0.6.6 to 1.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zip-rs/zip2/releases">zip's releases</a>.</em></p> <blockquote> <h2>v1.2.3</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Remove a window when an extracted directory might be unexpectedly listable and/or <code>cd</code>able by non-owners</li> <li>Extract directory contents on Unix even if the directory doesn't have write permission (<a href="https://redirect.github.com/zip-rs/zip-old/issues/423">zip-rs/zip-old#423</a>)</li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <ul> <li>More conditionally-unused imports</li> </ul> <h2>v1.2.2</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Failed to clear "writing_raw" before finishing a symlink, leading to dropped extra fields</li> </ul> <h3><!-- raw HTML omitted -->⚡ Performance</h3> <ul> <li>Use boxed slice for archive comment, since it can't be concatenated</li> <li>Optimize for the fact that false signatures can't overlap with real ones</li> </ul> <h2>v1.2.1</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Prevent panic when trying to read a file with an unsupported compression method</li> <li>Prevent panic after reading an invalid LZMA file</li> <li>Make <code>Stored</code> the default compression method if <code>Deflated</code> isn't available, so that zip files are readable by as much software as possible</li> <li>version_needed was wrong when e.g. cfg(bzip2) but current file wasn't bzip2 (<a href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li> <li>file paths shouldn't start with slashes (<a href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Overhaul <code>impl Arbitrary for FileOptions</code></li> <li>Remove unused <code>atomic</code> module</li> </ul> <h2>v1.2.0</h2> <h3><!-- raw HTML omitted -->🚀 Features</h3> <ul> <li>Add method <code>decompressed_size()</code> so non-recursive ZIP bombs can be detected</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Make <code>ZipWriter::finish()</code> consume the <code>ZipWriter</code></li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <ul> <li>Use panic! rather than abort to ensure the fuzz harness can process the failure</li> <li>Update fuzz_write to use replace_with</li> <li>Remove a drop that can no longer be explicit</li> <li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li> </ul> <h2>v1.1.4</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Rare bug where find_and_parse would give up prematurely on detecting a false end-of-CDR header</li> </ul> <h2>v1.1.3</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Alignment was previously handled incorrectly (<a href="https://redirect.github.com/Pr0methean/zip/pull/33">#33</a>)</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md">zip's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/zip-rs/zip2/compare/v1.2.2...v1.2.3">1.2.3</a> - 2024-05-10</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Remove a window when an extracted directory might be unexpectedly listable and/or <code>cd</code>able by non-owners</li> <li>Extract directory contents on Unix even if the directory doesn't have write permission (<a href="https://redirect.github.com/zip-rs/zip-old/issues/423">zip-rs/zip-old#423</a>)</li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <ul> <li>More conditionally-unused imports</li> </ul> <h2><a href="https://github.com/zip-rs/zip2/compare/v1.2.1...v1.2.2">1.2.2</a> - 2024-05-09</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Failed to clear "writing_raw" before finishing a symlink, leading to dropped extra fields</li> </ul> <h3><!-- raw HTML omitted -->⚡ Performance</h3> <ul> <li>Use boxed slice for archive comment, since it can't be concatenated</li> <li>Optimize for the fact that false signatures can't overlap with real ones</li> </ul> <h2><a href="https://github.com/zip-rs/zip2/compare/v1.2.0...v1.2.1">1.2.1</a> - 2024-05-06</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Prevent panic when trying to read a file with an unsupported compression method</li> <li>Prevent panic after reading an invalid LZMA file</li> <li>Make <code>Stored</code> the default compression method if <code>Deflated</code> isn't available, so that zip files are readable by as much software as possible</li> <li>version_needed was wrong when e.g. cfg(bzip2) but current file wasn't bzip2 (<a href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li> <li>file paths shouldn't start with slashes (<a href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Overhaul <code>impl Arbitrary for FileOptions</code></li> <li>Remove unused <code>atomic</code> module</li> </ul> <h2><a href="https://github.com/zip-rs/zip2/compare/v1.1.4...v1.2.0">1.2.0</a> - 2024-05-06</h2> <h3><!-- raw HTML omitted -->🚀 Features</h3> <ul> <li>Add method <code>decompressed_size()</code> so non-recursive ZIP bombs can be detected</li> </ul> <h3><!-- raw HTML omitted -->🚜 Refactor</h3> <ul> <li>Make <code>ZipWriter::finish()</code> consume the <code>ZipWriter</code></li> </ul> <h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3> <ul> <li>Use panic! rather than abort to ensure the fuzz harness can process the failure</li> <li>Update fuzz_write to use replace_with</li> <li>Remove a drop that can no longer be explicit</li> <li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li> </ul> <h2><a href="https://github.com/zip-rs/zip2/compare/v1.1.3...v1.1.4">1.1.4</a> - 2024-05-04</h2> <h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3> <ul> <li>Build was failing with bzip2 enabled</li> <li>use is_dir in more places where Windows paths might be handled incorrectly</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/zip-rs/zip2/commits/v1.2.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zip&package-manager=cargo&previous-version=0.6.6&new-version=1.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Not Applicable <ReactorScram@users.noreply.github.com>
- Loading branch information