search

homotopy-io / homotopy-rs

A Rust/WASM implementation of homotopy.io
https://homotopy.io
BSD 3-Clause "New" or "Revised" License
76 stars 5 forks source link

build(deps): bump zip from 0.6.6 to 1.2.0 #1402

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps zip from 0.6.6 to 1.2.0.

Release notes

Sourced from zip's releases.

v1.2.0

🚀 Features

  • Add method decompressed_size() so non-recursive ZIP bombs can be detected

🚜 Refactor

  • Make ZipWriter::finish() consume the ZipWriter

⚙️ Miscellaneous Tasks

  • Use panic! rather than abort to ensure the fuzz harness can process the failure
  • Update fuzz_write to use replace_with
  • Remove a drop that can no longer be explicit
  • Add #![allow(unexpected_cfgs)] in nightly

v1.1.4

🐛 Bug Fixes

  • Rare bug where find_and_parse would give up prematurely on detecting a false end-of-CDR header

v1.1.3

🐛 Bug Fixes

  • Alignment was previously handled incorrectly (#33)

🚜 Refactor

  • deprecate deflate-miniz feature since it's now equivalent to deflate (#35)

v1.1.2

Added

  • index_for_name, index_for_path, name_for_index: get the index of a file given its path or vice-versa, without initializing metadata from the local-file header or needing to mutably borrow the ZipArchive.
  • add_symlink_from_path, shallow_copy_file_from_path, deep_copy_file_from_path, raw_copy_file_to_path: copy a file or create a symlink using AsRef<Path> arguments

Changed

  • add_directory_from_path and start_file_from_path are no longer deprecated, and they now normalize .. as well as ..
Changelog

Sourced from zip's changelog.

1.2.0 - 2024-05-06

🚀 Features

  • Add method decompressed_size() so non-recursive ZIP bombs can be detected

🚜 Refactor

  • Make ZipWriter::finish() consume the ZipWriter

⚙️ Miscellaneous Tasks

  • Use panic! rather than abort to ensure the fuzz harness can process the failure
  • Update fuzz_write to use replace_with
  • Remove a drop that can no longer be explicit
  • Add #![allow(unexpected_cfgs)] in nightly

1.1.4 - 2024-05-04

🐛 Bug Fixes

  • Build was failing with bzip2 enabled
  • use is_dir in more places where Windows paths might be handled incorrectly

⚡ Performance

  • Quick filter for paths that contain "/../" or "/./" or start with "./" or "../"
  • Fast handling for separator-free paths
  • Speed up logic if main separator isn't '/'
  • Drop normalized_components slightly sooner when not using it
  • Speed up path_to_string in cases where the path is already in the proper format

⚙️ Miscellaneous Tasks

  • Refactor: can short-circuit handling of paths that start with MAIN_SEPARATOR, no matter what MAIN_SEPARATOR is
  • Bug fix: non-canonical path detection when MAIN_SEPARATOR is not slash or occurs twice in a row
  • Bug fix: must recreate if . or .. is a path element
  • Bug fix

◀️ Revert

  • #58 (partial): bzip2-rs can't replace bzip2 because it's decompress-only

1.1.3 - 2024-04-30

🐛 Bug Fixes

  • Rare bug where find_and_parse would give up prematurely on detecting a false end-of-CDR header

1.1.2 - 2024-04-28

🐛 Bug Fixes

  • Alignment was previously handled incorrectly (#33)

🚜 Refactor

  • deprecate deflate-miniz feature since it's now equivalent to deflate (#35)

[1.1.1]

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 month ago

Looks like zip is no longer updatable, so this is no longer needed.