There was a maintainer change between 0.x & 1.x, and I'm not sure if that implies a risk after the xz debacle.
All these releases are coming from a fork that continued maintenance on the original zip library, where the owner of the fork then was allowed to take over the original crate, and merged his changes into the origin.
This is also why I looked at this whole changelog, which shows all the changes since the fork.
There was a maintainer change between 0.x & 1.x, and I'm not sure if that implies a risk after the
xz
debacle.All these releases are coming from a fork that continued maintenance on the original
zip
library, where the owner of the fork then was allowed to take over the original crate, and merged his changes into the origin.This is also why I looked at this whole changelog, which shows all the changes since the fork.