search

fastn-stack / fastn

🚧 (Alpha stage software) fastn - better way to build websites 🚧
https://fastn.com
GNU Affero General Public License v3.0
466 stars 36 forks source link

Bump zip from 1.1.3 to 1.2.0 #1856

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps zip from 1.1.3 to 1.2.0.

Release notes

Sourced from zip's releases.

v1.2.0

🚀 Features

  • Add method decompressed_size() so non-recursive ZIP bombs can be detected

🚜 Refactor

  • Make ZipWriter::finish() consume the ZipWriter

⚙️ Miscellaneous Tasks

  • Use panic! rather than abort to ensure the fuzz harness can process the failure
  • Update fuzz_write to use replace_with
  • Remove a drop that can no longer be explicit
  • Add #![allow(unexpected_cfgs)] in nightly

v1.1.4

🐛 Bug Fixes

  • Rare bug where find_and_parse would give up prematurely on detecting a false end-of-CDR header
Changelog

Sourced from zip's changelog.

1.2.0 - 2024-05-06

🚀 Features

  • Add method decompressed_size() so non-recursive ZIP bombs can be detected

🚜 Refactor

  • Make ZipWriter::finish() consume the ZipWriter

⚙️ Miscellaneous Tasks

  • Use panic! rather than abort to ensure the fuzz harness can process the failure
  • Update fuzz_write to use replace_with
  • Remove a drop that can no longer be explicit
  • Add #![allow(unexpected_cfgs)] in nightly

1.1.4 - 2024-05-04

🐛 Bug Fixes

  • Build was failing with bzip2 enabled
  • use is_dir in more places where Windows paths might be handled incorrectly

⚡ Performance

  • Quick filter for paths that contain "/../" or "/./" or start with "./" or "../"
  • Fast handling for separator-free paths
  • Speed up logic if main separator isn't '/'
  • Drop normalized_components slightly sooner when not using it
  • Speed up path_to_string in cases where the path is already in the proper format

⚙️ Miscellaneous Tasks

  • Refactor: can short-circuit handling of paths that start with MAIN_SEPARATOR, no matter what MAIN_SEPARATOR is
  • Bug fix: non-canonical path detection when MAIN_SEPARATOR is not slash or occurs twice in a row
  • Bug fix: must recreate if . or .. is a path element
  • Bug fix

◀️ Revert

  • #58 (partial): bzip2-rs can't replace bzip2 because it's decompress-only
Commits
  • 026b26b Merge pull request #97 from zip-rs/release-plz-2024-05-06T01-31-43Z
  • 3fe87e9 chore: release
  • d629b36 Merge pull request #98 from zip-rs/finish_owned
  • 30ef662 Revert "chore: Use panic! rather than abort to ensure the fuzz harness can pr...
  • 0011370 chore: Use panic! rather than abort to ensure the fuzz harness can process th...
  • f2b55a1 chore: Update fuzz_write to use replace_with
  • 5237543 fix: Process ZIP files with up to a 65,978-byte comment (https://github.com/z...
  • e9d48b7 style: Remove unnecessary "mut"s in merge_archive benchmarks
  • b59515b chore: Remove a drop that can no longer be explicit
  • 84aa6e8 refactor: Make ZipWriter::finish() consume the ZipWriter
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 4 months ago

Looks like zip is up-to-date now, so this is no longer needed.