Skip to content

deps(deps): bump zip from 0.6.6 to 2.4.2#106

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/zip-2.4.2
Open

deps(deps): bump zip from 0.6.6 to 2.4.2#106
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/zip-2.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 31, 2026
edited
Loading

Bumps zip from 0.6.6 to 2.4.2.

Release notes

Sourced from zip's releases.

v2.4.2

🐛 Bug Fixes

  • deep_copy_file produced a mangled file header on big-endian platforms (#309)

v2.4.1

🐛 Bug Fixes

  • type issue in test
  • double as_ref().canonicalize()?
  • CI failures
  • Create directory for extraction if necessary (#314)

v2.4.0

🚀 Features

  • ZipArchive::root_dir and ZipArchive::extract_unwrapped_root_dir (#304)

🐛 Bug Fixes

  • wasm build failure due to a missing use statement (#313)

v2.3.0

🚀 Features

  • Add support for NTFS extra field (#279)

🐛 Bug Fixes

  • (test) Conditionalize a zip64 doctest (#308)
  • fix failing tests, remove symlink loop check
  • Canonicalize output path to avoid false negatives
  • Symlink handling in stream extraction
  • Canonicalize output paths and symlink targets, and ensure they descend from the destination

⚙️ Miscellaneous Tasks

  • Fix clippy and cargo fmt warnings (#310)

v2.2.3

🚜 Refactor

  • Change the inner structure of DateTime (#267)

⚙️ Miscellaneous Tasks

  • cargo fix --edition

v2.2.2

🐛 Bug Fixes

... (truncated)

Changelog

Sourced from zip's changelog.

2.4.2 - 2025-03-18

🐛 Bug Fixes

  • deep_copy_file produced a mangled file header on big-endian platforms (#309)

2.4.1 - 2025-03-17

🐛 Bug Fixes

  • type issue in test
  • double as_ref().canonicalize()?
  • CI failures
  • Create directory for extraction if necessary (#314)

2.4.0 - 2025-03-17

🚀 Features

  • ZipArchive::root_dir and ZipArchive::extract_unwrapped_root_dir (#304)

🐛 Bug Fixes

  • wasm build failure due to a missing use statement (#313)

2.3.0 - 2025-03-16

🚀 Features

  • Add support for NTFS extra field (#279)

🐛 Bug Fixes

  • (test) Conditionalize a zip64 doctest (#308)
  • fix failing tests, remove symlink loop check
  • Canonicalize output path to avoid false negatives
  • Symlink handling in stream extraction
  • Canonicalize output paths and symlink targets, and ensure they descend from the destination (CVE-2025-29787)

⚙️ Miscellaneous Tasks

  • Fix clippy and cargo fmt warnings (#310)

2.2.3 - 2025-02-26

🚜 Refactor

  • Change the inner structure of DateTime (#267)

⚙️ Miscellaneous Tasks

... (truncated)

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Mar 31, 2026
@dependabot
deps(deps): bump zip from 0.6.6 to 2.4.2
4d8e0e1 
Bumps [zip](https://github.com/zip-rs/zip2) from 0.6.6 to 2.4.2.
- [Release notes](https://github.com/zip-rs/zip2/releases)
- [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zip-rs/zip2/commits/v2.4.2)

---
updated-dependencies:
- dependency-name: zip
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/cargo/zip-2.4.2 branch from 5e3cae1 to 4d8e0e1 Compare April 6, 2026 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@aroff aroff

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aroff