From 21573bbd5b8bf06d2af7bb14defbfe0d3dc602f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 May 2024 11:10:42 +0800
Subject: [PATCH] build(deps): bump zip from 1.1.4 to 1.2.1 in /userspace/ksud
(#1708)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [zip](https://github.com/zip-rs/zip2) from 1.1.4 to 1.2.1.
Release notes
Sourced from zip's
releases.
v1.2.1
🐛 Bug Fixes
- Prevent panic when trying to read a file with an unsupported
compression method
- Prevent panic after reading an invalid LZMA file
- Make
Stored the default compression method if
Deflated isn't available, so that zip files are readable by
as much software as possible
- version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (#100)
- file paths shouldn't start with slashes (#102)
🚜 Refactor
- Overhaul
impl Arbitrary for FileOptions
- Remove unused
atomic module
v1.2.0
🚀 Features
- Add method
decompressed_size() so non-recursive ZIP
bombs can be detected
🚜 Refactor
- Make
ZipWriter::finish() consume the
ZipWriter
⚙️ Miscellaneous Tasks
- Use panic! rather than abort to ensure the fuzz harness can process
the failure
- Update fuzz_write to use replace_with
- Remove a drop that can no longer be explicit
- Add
#![allow(unexpected_cfgs)] in nightly
Changelog
Sourced from zip's
changelog.
1.2.1
- 2024-05-06
🐛 Bug Fixes
- Prevent panic when trying to read a file with an unsupported
compression method
- Prevent panic after reading an invalid LZMA file
- Make
Stored the default compression method if
Deflated isn't available, so that zip files are readable by
as much software as possible
- version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (#100)
- file paths shouldn't start with slashes (#102)
🚜 Refactor
- Overhaul
impl Arbitrary for FileOptions
- Remove unused
atomic module
1.2.0
- 2024-05-06
🚀 Features
- Add method
decompressed_size() so non-recursive ZIP
bombs can be detected
🚜 Refactor
- Make
ZipWriter::finish() consume the
ZipWriter
⚙️ Miscellaneous Tasks
- Use panic! rather than abort to ensure the fuzz harness can process
the failure
- Update fuzz_write to use replace_with
- Remove a drop that can no longer be explicit
- Add
#![allow(unexpected_cfgs)] in nightly
Commits
b725303
Merge pull request #103 from
zip-rs/release-plz-2024-05-06T17-54-03Za1f2399
chore: releasef7ab2ae
fix: Prevent panic when trying to read a file with an unsupported
compression...7f46b77
ci: Upload leak reports if fuzz failsd13031c
fix: Prevent panic after reading an invalid LZMA file8868a11
test(fuzz): Fix a fuzz-read bug when finishing LZMAb277298
test(fuzz): Fix: need to accept FileNotFound from abort162c9b7
test(fuzz): Fix bugs that were breaking the fuzz test447f9c6
refactor: Overhaul impl Arbitrary for FileOptions845c3ec
refactor: Remove unused atomic module- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
userspace/ksud/Cargo.lock | 6 +++---
userspace/ksud/Cargo.toml | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/userspace/ksud/Cargo.lock b/userspace/ksud/Cargo.lock
index 87b219a0..d3ddd289 100644
--- a/userspace/ksud/Cargo.lock
+++ b/userspace/ksud/Cargo.lock
@@ -877,7 +877,7 @@ dependencies = [
"sha256",
"tempdir",
"which",
- "zip 1.1.4",
+ "zip 1.2.1",
"zip-extensions",
]
@@ -1799,9 +1799,9 @@ dependencies = [
[[package]]
name = "zip"
-version = "1.1.4"
+version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cc23c04387f4da0374be4533ad1208cbb091d5c11d070dfef13676ad6497164"
+checksum = "006d078b7b6fc587bb25e022ad39e7086f44e5c4fef6076964ea601533241beb"
dependencies = [
"arbitrary",
"bzip2",
diff --git a/userspace/ksud/Cargo.toml b/userspace/ksud/Cargo.toml
index 3aaf32d4..51bc2978 100644
--- a/userspace/ksud/Cargo.toml
+++ b/userspace/ksud/Cargo.toml
@@ -10,7 +10,7 @@ rust-version = "1.77.2"
anyhow = "1"
clap = { version = "4", features = ["derive"] }
const_format = "0.2"
-zip = { version = "1.1", features = [
+zip = { version = "1.2", features = [
"deflate",
"deflate64",
"bzip2",