Skip to content
This repository was archived by the owner on Feb 25, 2025. It is now read-only.

Commit

Permalink
Bump archive from 3.1.2 to 3.3.9 in /lib/web_ui (#45795)
Browse files Browse the repository at this point in the history 
Bumps [archive](https://github.com/brendan-duncan/archive) from 3.1.2 to 3.3.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/brendan-duncan/archive/blob/main/CHANGELOG.md">archive's changelog</a>.</em></p>
<blockquote>
<h2>3.3.9 - September 10, 2023</h2>
<ul>
<li>Fix for extractFileToDisk causing corrupt files by closing a file stream before it finished writing.</li>
</ul>
<h2>3.3.8 - September 02, 2023</h2>
<ul>
<li>Fix for zip security issue with symlinks, <a href="https://redirect.github.com/brendan-duncan/archive/issues/265">brendan-duncan/archive#265</a>. <a href="https://osv.dev/vulnerability/GHSA-9v85-q87q-g4vg">https://osv.dev/vulnerability/GHSA-9v85-q87q-g4vg</a>.</li>
<li>Fix for zip security issue with file paths, <a href="https://redirect.github.com/brendan-duncan/archive/issues/266">brendan-duncan/archive#266</a>. <a href="https://osv.dev/vulnerability/GHSA-r285-q736-9v95">https://osv.dev/vulnerability/GHSA-r285-q736-9v95</a>.</li>
<li>Add progress callback for decoding zip files.</li>
<li>Don't allow tar files to include absolute paths.</li>
<li>Fix error decoding AES-192.</li>
</ul>
<h2>3.3.7 - April 01, 2023</h2>
<ul>
<li>Add Zip AES-256 decryption</li>
<li>Fix symlink encoding for tar files</li>
</ul>
<h2>3.3.6 - January 27, 2023</h2>
<ul>
<li>Fix errors decoding XZ files.</li>
</ul>
<h2>3.3.5 - November 22, 2022</h2>
<ul>
<li>Fix file content when decoding zips</li>
</ul>
<h2>3.3.4 - November 11, 2022</h2>
<ul>
<li>Fix analysis errors.</li>
</ul>
<h2>3.3.3 - November 11, 2022</h2>
<ul>
<li>Support symlinks in ZIP archives</li>
<li>Fix ZIP decryption for ZipCrypto format</li>
</ul>
<h2>3.3.2 - October 16, 2022</h2>
<ul>
<li>Fix for UTF-8 file name caused problem on Windows.</li>
</ul>
<h2>3.3.1 - July 19, 2022</h2>
<ul>
<li>Fix for Inflate crashing on some compressed files.</li>
</ul>
<h2>3.3.0 - March 25, 2022</h2>
<ul>
<li>IO encoders (ZipFileEncoder, TarFileEncoder), will now include directories and empty directories.</li>
<li>Fix for ZipEncoder file lastModTime.</li>
<li>Fix for ArchiveFile.string.</li>
<li>Add PAX format to tar decoder.</li>
<li>Make more file operations async.</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/brendan-duncan/archive/commit/53e1773d8e18191d6e3fea2136ba61806b7e925d"><code>53e1773</code></a> Update to 3.3.9</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/2912496861604f05801f9638cf4f6a0174c4a152"><code>2912496</code></a> Fix analyzer error</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/674522a9f82dae48f354dd752d77b52635d20d2b"><code>674522a</code></a> Make sure input file isn't closed until after the archive has been extracted ...</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/bbd1b6d1f7fa17519eb3390c1eab34bf1580337b"><code>bbd1b6d</code></a> Update CHANGELOG.md</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/21fe8e66ccef8f2e8076884e760ae98e66646eac"><code>21fe8e6</code></a> Update pubspec sdk version to &lt;4.0.0</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/01110f00e0d0b9b2bc524dd074b896c5409e54db"><code>01110f0</code></a> Update to 3.3.8</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/0d17b270a3c33d3bed56cadd9a43da7717ab11f4"><code>0d17b27</code></a> Use central directory filename instead of local file name when extracting zip...</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/6de492385d72af044231c4163dff13a43d991c83"><code>6de4923</code></a> improve symlink validation check</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/edb0d480733a44d28ff3d5e4e2779153ba645ce7"><code>edb0d48</code></a> don't create symlinks to files outside of the extracted path</li>
<li><a href="https://github.com/brendan-duncan/archive/commit/85ac8df7f8e800abe3bb1343cae596c82de8802c"><code>85ac8df</code></a> Merge pull request <a href="https://redirect.github.com/brendan-duncan/archive/issues/272">#272</a> from Mastbau-FN/main</li>
<li>Additional commits viewable in <a href="https://github.com/brendan-duncan/archive/compare/3.1.2...3.3.9">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=archive&package-manager=pub&previous-version=3.1.2&new-version=3.3.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
  • Loading branch information
@dependabot
dependabot[bot] authored Sep 13, 2023
1 parent b94b83b commit 9abad4a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/web_ui/pubspec.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ dependencies:
path: ../../third_party/web_test_fonts

dev_dependencies:
archive: 3.1.2
archive: 3.3.9
args: any
async: any
convert: any
Expand Down

0 comments on commit 9abad4a

Please sign in to comment.