Skip to content
This repository has been archived by the owner on Feb 16, 2025. It is now read-only.

chore(deps): bump zip from 0.6.6 to 2.2.0 #1975

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump zip from 0.6.6 to 2.2.0 #1975

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 20, 2024
edited
Loading

Bumps zip from 0.6.6 to 2.2.0.

Release notes

Sourced from zip's releases.

v2.2.0

🚀 Features

  • Expose ZipArchive::central_directory_start (#232)

v2.1.6

🐛 Bug Fixes

  • (#33) Rare combination of settings could lead to writing a corrupt archive with overlength extra data, and data_start locations when reading the archive back were also wrong (#221)

🚜 Refactor

  • Eliminate some magic numbers and unnecessary path prefixes (#225)

v2.1.5

🚜 Refactor

  • change invalid_state() return type to io::Result

v2.1.4

🐛 Bug Fixes

  • fix(#215): Upgrade to deflate64 0.1.9
  • Panic when reading a file truncated in the middle of an XZ block header
  • Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
  • Check number of files when deciding whether a CDE is the real one
  • Could still select a fake CDE over a real one in some cases
  • May have to consider multiple CDEs before filtering for validity
  • We now keep searching for a real CDE header after read an invalid one from the file comment
  • Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
  • deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
  • File start position was wrong when extra data was present
  • Abort file if central extra data is too large
  • Overflow panic when central directory extra data is too large
  • ZIP64 header was being written twice when copying a file
  • ZIP64 header was being written to central header twice
  • Start position was incorrect when file had no extra data
  • Allow all reserved headers we can create
  • Fix a bug where alignment padding interacts with other extra-data fields
  • Fix bugs involving alignment padding and Unicode extra fields
  • Incorrect header when adding AES-encrypted files
  • Parse the extra field and reject it if invalid
  • Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
  • path_to_string now properly handles the case of an empty path
  • Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
  • Fix an issue where the central directory could be incorrectly detected
  • finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

  • Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
  • Use new do_or_abort_file method

⚡ Performance

  • Speed up CRC when encrypting small files
  • Limit the number of extra fields

... (truncated)

Changelog

Sourced from zip's changelog.

2.2.0 - 2024-08-11

🚀 Features

  • Expose ZipArchive::central_directory_start (#232)

2.1.6 - 2024-07-29

🐛 Bug Fixes

  • (#33) Rare combination of settings could lead to writing a corrupt archive with overlength extra data, and data_start locations when reading the archive back were also wrong (#221)

🚜 Refactor

  • Eliminate some magic numbers and unnecessary path prefixes (#225)

2.1.5 - 2024-07-20

🚜 Refactor

  • change invalid_state() return type to io::Result

2.1.4 - 2024-07-18

🐛 Bug Fixes

  • fix(#215): Upgrade to deflate64 0.1.9
  • Panic when reading a file truncated in the middle of an XZ block header
  • Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
  • Check number of files when deciding whether a CDE is the real one
  • Could still select a fake CDE over a real one in some cases
  • May have to consider multiple CDEs before filtering for validity
  • We now keep searching for a real CDE header after read an invalid one from the file comment
  • Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
  • deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
  • File start position was wrong when extra data was present
  • Abort file if central extra data is too large
  • Overflow panic when central directory extra data is too large
  • ZIP64 header was being written twice when copying a file
  • ZIP64 header was being written to central header twice
  • Start position was incorrect when file had no extra data
  • Allow all reserved headers we can create
  • Fix a bug where alignment padding interacts with other extra-data fields
  • Fix bugs involving alignment padding and Unicode extra fields
  • Incorrect header when adding AES-encrypted files
  • Parse the extra field and reject it if invalid
  • Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
  • path_to_string now properly handles the case of an empty path
  • Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
  • Fix an issue where the central directory could be incorrectly detected
  • finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

  • Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
  • Use new do_or_abort_file method

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Aug 20, 2024
@dependabot dependabot bot mentioned this pull request Aug 20, 2024
Closed
@dependabot dependabot bot force-pushed the dependabot/cargo/zip-2.2.0 branch from 82500e4 to 7ea1c1c Compare August 22, 2024 01:27
@dependabot
chore(deps): bump zip from 0.6.6 to 2.2.0
6d274fa 
Bumps [zip](https://github.com/zip-rs/zip2) from 0.6.6 to 2.2.0.
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zip-rs/zip2/commits/v2.2.0)

---
updated-dependencies:
- dependency-name: zip
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/zip-2.2.0 branch from 7ea1c1c to 6d274fa Compare August 31, 2024 19:24
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 2, 2024

Looks like zip is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Sep 2, 2024
@dependabot dependabot bot deleted the dependabot/cargo/zip-2.2.0 branch September 2, 2024 15:44
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants