Bump zip from 2.1.1 to 2.1.6

[dependabot]

Bumps zip from 2.1.1 to 2.1.6.

Release notes

Sourced from zip's releases.

v2.1.6

🐛 Bug Fixes

• (#33) Rare combination of settings could lead to writing a corrupt archive with overlength extra data, and data_start locations when reading the archive back were also wrong (#221)

🚜 Refactor

• Eliminate some magic numbers and unnecessary path prefixes (#225)

v2.1.5

🚜 Refactor

• change invalid_state() return type to io::Result

v2.1.4

🐛 Bug Fixes

• fix(#215): Upgrade to deflate64 0.1.9
• Panic when reading a file truncated in the middle of an XZ block header
• Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
• Check number of files when deciding whether a CDE is the real one
• Could still select a fake CDE over a real one in some cases
• May have to consider multiple CDEs before filtering for validity
• We now keep searching for a real CDE header after read an invalid one from the file comment
• Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
• deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
• File start position was wrong when extra data was present
• Abort file if central extra data is too large
• Overflow panic when central directory extra data is too large
• ZIP64 header was being written twice when copying a file
• ZIP64 header was being written to central header twice
• Start position was incorrect when file had no extra data
• Allow all reserved headers we can create
• Fix a bug where alignment padding interacts with other extra-data fields
• Fix bugs involving alignment padding and Unicode extra fields
• Incorrect header when adding AES-encrypted files
• Parse the extra field and reject it if invalid
• Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
• path_to_string now properly handles the case of an empty path
• Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
• Fix an issue where the central directory could be incorrectly detected
• finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

• Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
• Use new do_or_abort_file method

⚡ Performance

• Speed up CRC when encrypting small files
• Limit the number of extra fields
• Refactor extra-data validation
• Store extra data in plain vectors until after validation
• Only build one IndexMap after choosing among the possible valid headers
• Simplify validation of empty extra-data fields

... (truncated)

Changelog

Sourced from zip's changelog.

2.1.6 - 2024-07-29

🐛 Bug Fixes

• (#33) Rare combination of settings could lead to writing a corrupt archive with overlength extra data, and data_start locations when reading the archive back were also wrong (#221)

🚜 Refactor

• Eliminate some magic numbers and unnecessary path prefixes (#225)

2.1.5 - 2024-07-20

🚜 Refactor

• change invalid_state() return type to io::Result

2.1.4 - 2024-07-18

🐛 Bug Fixes

• fix(#215): Upgrade to deflate64 0.1.9
• Panic when reading a file truncated in the middle of an XZ block header
• Some archives with over u16::MAX files were handled incorrectly or slowly (#189)
• Check number of files when deciding whether a CDE is the real one
• Could still select a fake CDE over a real one in some cases
• May have to consider multiple CDEs before filtering for validity
• We now keep searching for a real CDE header after read an invalid one from the file comment
• Always search for data start when opening an archive for append, and reject the header if data appears to start after central directory
• deep_copy_file no longer allows overwriting an existing file, to match the behavior of shallow_copy_file
• File start position was wrong when extra data was present
• Abort file if central extra data is too large
• Overflow panic when central directory extra data is too large
• ZIP64 header was being written twice when copying a file
• ZIP64 header was being written to central header twice
• Start position was incorrect when file had no extra data
• Allow all reserved headers we can create
• Fix a bug where alignment padding interacts with other extra-data fields
• Fix bugs involving alignment padding and Unicode extra fields
• Incorrect header when adding AES-encrypted files
• Parse the extra field and reject it if invalid
• Incorrect behavior following a rare combination of merge_archive, abort_file and deep_copy_file. As well, we now return an error when a file is being copied to itself.
• path_to_string now properly handles the case of an empty path
• Implement Debug for ZipWriter even when it's not implemented for the inner writer's type
• Fix an issue where the central directory could be incorrectly detected
• finish_into_readable() would corrupt the archive if the central directory had moved

🚜 Refactor

• Verify with debug assertions that no FixedSizeBlock expects a multi-byte alignment (#198)
• Use new do_or_abort_file method

⚡ Performance

• Speed up CRC when encrypting small files
• Limit the number of extra fields
• Refactor extra-data validation

... (truncated)

Commits

• beab418 chore: release (#229)
• f803fa0 test: (#33) Verify that data_start is correct when reading an alignment-padde...
• 6d8ab62 fix: (#33) Rare combination of settings could lead to writing a corrupt archi...
• fd5f804 test(fuzz): Consume self, and add initial junk (#226)
• 3ecd651 refactor: Eliminate some magic numbers and unnecessary path prefixes (#225)
• a29b860 test(fuzz): Make cargo fuzz fmt fuzz_write output more reliably equivalent ...
• 546e49d docs: Update pull_request_template.md
• 50fd94f docs: Update pull_request_template.md
• 8fb107a chore: release (#222)
• a7c1230 publicly export and document the zip64 threshold constants (#79)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.