From 36b7ce8aba4fe8ba8ea4aa327728100be4f122cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 May 2024 12:48:01 -0500
Subject: [PATCH] build(deps): Bump zip from 0.6.6 to 1.2.3 in /rust (#4970)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [zip](https://github.com/zip-rs/zip2) from 0.6.6 to 1.2.3.
Release notes
Sourced from zip's
releases.
v1.2.3
🐛 Bug Fixes
- Remove a window when an extracted directory might be unexpectedly
listable and/or
cdable by non-owners
- Extract directory contents on Unix even if the directory doesn't
have write permission (zip-rs/zip-old#423)
⚙️ Miscellaneous Tasks
- More conditionally-unused imports
v1.2.2
🐛 Bug Fixes
- Failed to clear "writing_raw" before finishing a symlink,
leading to dropped extra fields
⚡ Performance
- Use boxed slice for archive comment, since it can't be
concatenated
- Optimize for the fact that false signatures can't overlap with real
ones
v1.2.1
🐛 Bug Fixes
- Prevent panic when trying to read a file with an unsupported
compression method
- Prevent panic after reading an invalid LZMA file
- Make
Stored the default compression method if
Deflated isn't available, so that zip files are readable by
as much software as possible
- version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (#100)
- file paths shouldn't start with slashes (#102)
🚜 Refactor
- Overhaul
impl Arbitrary for FileOptions
- Remove unused
atomic module
v1.2.0
🚀 Features
- Add method
decompressed_size() so non-recursive ZIP
bombs can be detected
🚜 Refactor
- Make
ZipWriter::finish() consume the
ZipWriter
⚙️ Miscellaneous Tasks
- Use panic! rather than abort to ensure the fuzz harness can process
the failure
- Update fuzz_write to use replace_with
- Remove a drop that can no longer be explicit
- Add
#![allow(unexpected_cfgs)] in nightly
v1.1.4
🐛 Bug Fixes
- Rare bug where find_and_parse would give up prematurely on detecting
a false end-of-CDR header
v1.1.3
🐛 Bug Fixes
- Alignment was previously handled incorrectly (#33)
🚜 Refactor
... (truncated)
Changelog
Sourced from zip's
changelog.
1.2.3
- 2024-05-10
🐛 Bug Fixes
- Remove a window when an extracted directory might be unexpectedly
listable and/or
cdable by non-owners
- Extract directory contents on Unix even if the directory doesn't
have write permission (zip-rs/zip-old#423)
⚙️ Miscellaneous Tasks
- More conditionally-unused imports
1.2.2
- 2024-05-09
🐛 Bug Fixes
- Failed to clear "writing_raw" before finishing a symlink,
leading to dropped extra fields
⚡ Performance
- Use boxed slice for archive comment, since it can't be
concatenated
- Optimize for the fact that false signatures can't overlap with real
ones
1.2.1
- 2024-05-06
🐛 Bug Fixes
- Prevent panic when trying to read a file with an unsupported
compression method
- Prevent panic after reading an invalid LZMA file
- Make
Stored the default compression method if
Deflated isn't available, so that zip files are readable by
as much software as possible
- version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (#100)
- file paths shouldn't start with slashes (#102)
🚜 Refactor
- Overhaul
impl Arbitrary for FileOptions
- Remove unused
atomic module
1.2.0
- 2024-05-06
🚀 Features
- Add method
decompressed_size() so non-recursive ZIP
bombs can be detected
🚜 Refactor
- Make
ZipWriter::finish() consume the
ZipWriter
⚙️ Miscellaneous Tasks
- Use panic! rather than abort to ensure the fuzz harness can process
the failure
- Update fuzz_write to use replace_with
- Remove a drop that can no longer be explicit
- Add
#![allow(unexpected_cfgs)] in nightly
1.1.4
- 2024-05-04
🐛 Bug Fixes
- Build was failing with bzip2 enabled
- use is_dir in more places where Windows paths might be handled
incorrectly
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Not Applicable
---
rust/Cargo.lock | 40 +++++++++++++++++--
rust/gui-client/src-tauri/Cargo.toml | 2 +-
.../src-tauri/src/client/logging.rs | 2 +-
3 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 76e4d4083..3a586f74b 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -148,6 +148,15 @@ version = "1.0.82"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519"
+[[package]]
+name = "arbitrary"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110"
+dependencies = [
+ "derive_arbitrary",
+]
+
[[package]]
name = "arboard"
version = "3.3.2"
@@ -1489,6 +1498,17 @@ dependencies = [
"syn 1.0.109",
]
+[[package]]
+name = "derive_arbitrary"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.57",
+]
+
[[package]]
name = "derive_more"
version = "0.99.17"
@@ -1573,6 +1593,17 @@ version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd0c93bb4b0c6d9b77f4435b0ae98c24d17f1c45b2ff844c6151a07256ca923b"
+[[package]]
+name = "displaydoc"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.57",
+]
+
[[package]]
name = "dns-lookup"
version = "2.0.4"
@@ -8140,14 +8171,17 @@ dependencies = [
[[package]]
name = "zip"
-version = "0.6.6"
+version = "1.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261"
+checksum = "c700ea425e148de30c29c580c1f9508b93ca57ad31c9f4e96b83c194c37a7a8f"
dependencies = [
- "byteorder",
+ "arbitrary",
"crc32fast",
"crossbeam-utils",
+ "displaydoc",
"flate2",
+ "indexmap 2.2.6",
+ "thiserror",
"time",
]
diff --git a/rust/gui-client/src-tauri/Cargo.toml b/rust/gui-client/src-tauri/Cargo.toml
index 2c9ab0c95..59704ccbb 100644
--- a/rust/gui-client/src-tauri/Cargo.toml
+++ b/rust/gui-client/src-tauri/Cargo.toml
@@ -50,7 +50,7 @@ tracing-panic = "0.1.2"
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
url = { version = "2.5.0", features = ["serde"] }
uuid = { version = "1.7.0", features = ["v4"] }
-zip = { version = "0.6.6", features = ["deflate", "time"], default-features = false }
+zip = { version = "1.2.3", features = ["deflate", "time"], default-features = false }
[target.'cfg(target_os = "linux")'.dependencies]
dirs = "5.0.1"
diff --git a/rust/gui-client/src-tauri/src/client/logging.rs b/rust/gui-client/src-tauri/src/client/logging.rs
index e597e899a..79f7ff133 100644
--- a/rust/gui-client/src-tauri/src/client/logging.rs
+++ b/rust/gui-client/src-tauri/src/client/logging.rs
@@ -178,7 +178,7 @@ fn add_dir_to_zip(
src_dir: &Path,
dst_stem: &Path,
) -> Result<()> {
- let options = zip::write::FileOptions::default();
+ let options = zip::write::SimpleFileOptions::default();
for entry in fs::read_dir(src_dir).context("Failed to `read_dir` log dir")? {
let entry = entry.context("Got bad entry from `read_dir`")?;
let Some(path) = dst_stem