build(deps): bump zip from 1.1.4 to 1.2.1 in /userspace/ksud (#1708)

Bumps [zip](https://github.com/zip-rs/zip2) from 1.1.4 to 1.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/releases">zip's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.1</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Prevent panic when trying to read a file with an unsupported
compression method</li>
<li>Prevent panic after reading an invalid LZMA file</li>
<li>Make <code>Stored</code> the default compression method if
<code>Deflated</code> isn't available, so that zip files are readable by
as much software as possible</li>
<li>version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (<a
href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li>
<li>file paths shouldn't start with slashes (<a
href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li>Remove unused <code>atomic</code> module</li>
</ul>
<h2>v1.2.0</h2>
<h3><!-- raw HTML omitted -->🚀 Features</h3>
<ul>
<li>Add method <code>decompressed_size()</code> so non-recursive ZIP
bombs can be detected</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Make <code>ZipWriter::finish()</code> consume the
<code>ZipWriter</code></li>
</ul>
<h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3>
<ul>
<li>Use panic! rather than abort to ensure the fuzz harness can process
the failure</li>
<li>Update fuzz_write to use replace_with</li>
<li>Remove a drop that can no longer be explicit</li>
<li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md">zip's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/zip-rs/zip2/compare/v1.2.0...v1.2.1">1.2.1</a>
- 2024-05-06</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Prevent panic when trying to read a file with an unsupported
compression method</li>
<li>Prevent panic after reading an invalid LZMA file</li>
<li>Make <code>Stored</code> the default compression method if
<code>Deflated</code> isn't available, so that zip files are readable by
as much software as possible</li>
<li>version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (<a
href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li>
<li>file paths shouldn't start with slashes (<a
href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li>Remove unused <code>atomic</code> module</li>
</ul>
<h2><a
href="https://github.com/zip-rs/zip2/compare/v1.1.4...v1.2.0">1.2.0</a>
- 2024-05-06</h2>
<h3><!-- raw HTML omitted -->🚀 Features</h3>
<ul>
<li>Add method <code>decompressed_size()</code> so non-recursive ZIP
bombs can be detected</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Make <code>ZipWriter::finish()</code> consume the
<code>ZipWriter</code></li>
</ul>
<h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3>
<ul>
<li>Use panic! rather than abort to ensure the fuzz harness can process
the failure</li>
<li>Update fuzz_write to use replace_with</li>
<li>Remove a drop that can no longer be explicit</li>
<li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b725303cce"><code>b725303</code></a>
Merge pull request <a
href="https://redirect.github.com/zip-rs/zip2/issues/103">#103</a> from
zip-rs/release-plz-2024-05-06T17-54-03Z</li>
<li><a
href="a1f239980e"><code>a1f2399</code></a>
chore: release</li>
<li><a
href="f7ab2ae506"><code>f7ab2ae</code></a>
fix: Prevent panic when trying to read a file with an unsupported
compression...</li>
<li><a
href="7f46b77da2"><code>7f46b77</code></a>
ci: Upload leak reports if fuzz fails</li>
<li><a
href="d13031cc14"><code>d13031c</code></a>
fix: Prevent panic after reading an invalid LZMA file</li>
<li><a
href="8868a11d23"><code>8868a11</code></a>
test(fuzz): Fix a fuzz-read bug when finishing LZMA</li>
<li><a
href="b277298d7f"><code>b277298</code></a>
test(fuzz): Fix: need to accept FileNotFound from abort</li>
<li><a
href="162c9b7281"><code>162c9b7</code></a>
test(fuzz): Fix bugs that were breaking the fuzz test</li>
<li><a
href="447f9c6e4f"><code>447f9c6</code></a>
refactor: Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li><a
href="845c3ec91f"><code>845c3ec</code></a>
refactor: Remove unused <code>atomic</code> module</li>
<li>Additional commits viewable in <a
href="https://github.com/zip-rs/zip2/compare/v1.1.4...v1.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zip&package-manager=cargo&previous-version=1.1.4&new-version=1.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This commit is contained in:

dependabot[bot]

2024-05-08 11:10:42 +08:00

committed by

GitHub

parent fe526cb029

commit 21573bbd5b

2 changed files with 4 additions and 4 deletions

6

userspace/ksud/Cargo.lock generated

View File

@@ -877,7 +877,7 @@ dependencies = [
  "sha256",
  "tempdir",
  "which",
  "zip 1.1.4",
  "zip 1.2.1",
  "zip-extensions",
 ]
@@ -1799,9 +1799,9 @@ dependencies = [
 [[package]]
 name = "zip"
 version = "1.1.4"
 version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9cc23c04387f4da0374be4533ad1208cbb091d5c11d070dfef13676ad6497164"
 checksum = "006d078b7b6fc587bb25e022ad39e7086f44e5c4fef6076964ea601533241beb"
 dependencies = [
  "arbitrary",
  "bzip2",

build(deps): bump zip from 1.1.4 to 1.2.1 in /userspace/ksud (#1708)

6 userspace/ksud/Cargo.lock generated Unescape Escape View File

6

userspace/ksud/Cargo.lock generated

View File