minizip binaries are built with flags that hide warnings

[asklar]

Using the minizip vcpkg. This causes failures in CI when enabling SDL checks (security checks) at Microsoft, so we cannot use the vcpkg as-is.

ioapi.c.obj (minizip.lib) [Explicitly disabled warnings: 4018;4996] zip.c.obj (minizip.lib) [Explicitly disabled warnings: 4018;4996]

[Neustradamus]

@madler, @gvollant: Have you seen this ticket?

[madler]

We would have to know which lines of the code those warnings came from.

[dbjh]

Explicitly disabling a warning is different from "hiding" it. Perhaps it is also worth mentioning what the warnings are: C4018: https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4018?view=msvc-170

'token' : signed/unsigned mismatch

C4996: https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4996?view=msvc-170

Your code uses a function, class member, variable, or typedef that's marked deprecated. Symbols are deprecated by using a __declspec(deprecated) modifier, or the C++14 [[deprecated]] attribute. The actual C4996 warning message is specified by the deprecated modifier or attribute of the declaration.

Reading the second page makes me wonder if the problem is properly understood:

Many functions, member functions, function templates, and global variables in Visual Studio libraries are deprecated. Some, such as POSIX and Microsoft-specific functions, are deprecated because they now have a different preferred name. Some C runtime library functions are deprecated because they're insecure and have a more secure variant. Others are deprecated because they're obsolete. The deprecation messages usually include a suggested replacement for the deprecated function or global variable.

The /sdl (Enable Additional Security Checks) compiler option elevates this warning to an error.