Skip to content

Bump the nuget group with 1 update #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the nuget group with 1 update #2

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 25, 2025

Updated SharpZipLib from 1.0.0 to 1.3.3.

Release notes

Sourced from SharpZipLib's releases.

1.3.3

Another minor release, containing security fixes and smaller bugfixes.

Fixes:

Smaller changes:

Other changes (not related to library code):

1.3.2

Another minor release, containing security fixes and smaller bugfixes.
Additionally, this version will have an additional target framework, .NET Standard 2.1, which will see some speed improvements when
used in newer versions of .NET (Core), mainly in Bzip2.

Features

Smaller fixes and optimizations

Other changes (not related to library code)

1.3.1

Minor release, mainly to address the incorrect file version of v1.3.0, but also contains some security fixes and performance improvements.

Highlights

  • Correct FileVersion and AssemblyVersion
  • Security fixes for ZipFile and Zip*Streams
  • Improved CRC32 performance
  • BZip2 compression support for Zip files

Features

Fixes

Other changes (not related to library code)

1.3.0

Highlights

  • AES encryption fixes and support in FastZip
  • File name encoding support for Tar
  • Improved Unix timestamp support
  • Better handling of entry file names
  • Fix errors with entries using Stored compression method

Changes

  • TarArchive.ExtractContents() now needs another parameter set to true to allow the extraction to traverse outside of the target directory.
  • TarArchive constructors now includes an Encoding parameter. Omitting it will discard any non-ASCII bytes in file names.

Fixes

  • [#​503] Consider AES overhead when testing encrypted folder entries by Richard Webb
  • [#​452] Ensure crypto streams are disposed in ZipFile.GetOutputStream by Richard Webb
  • [#​333] Handle unsupported compression methods in ZipInputStream better by Richard Webb
  • [#​402] Only convert entry.Name once when accessing updateIndex by Vladyslav Taranov
  • [#​353] Fix ZipFile.TestLocalHeader CompressionMethod resolving for AES entries by Richard Webb
  • [#​460] Account for AES overhead in compressed entry size by Richard Webb
  • [#​422] Change ZipOutputStream.PutNextEntry to explicity validate the requested compression method by Richard Webb
  • [#​467] Allow seeking a PartialInputStream to the very end by Víctor M. González
  • [#​440] Use CompressionMethodForHeader for header entries by Richard Webb
  • [#​420] Throw NotSupportedException in ZipFile.Add when trying to add AES entry by Richard Webb
  • [#​421] Have ZipFile.Add validate compression compability internally by Richard Webb
  • [#​387] Better handle baseStreams closing themselves unexpectedly by Richard Webb
  • [#​408] When searching for the Zip64 end of central directory locator, pay attention to its fixed size by Richard Webb
  • [#​406] Skip forced Deflate flush when using Stored compression by nils måsén
  • [#​362] Don&#​39;t call CleanName from the ZipEntry constructor by Richard Webb
  • [#​465] Use correct count in ZipAESStream.ReadBufferedData by Víctor M. González
  • [#​390] Ensure GZipOutputStream headers are written before flush by Richard Webb
  • [#​498] Use string.Trim to trim strings by Richard Webb
  • [#​432] Throw ArgumentNullException in BZip2 by Richard Webb
  • [#​519] Restrict path traversal on TarArchive extraction by nils måsén

Features

  • [#​201] Raise ProcessDirectory event for FastZip extract by Stevie-O
  • [#​380] Add support for AES encryption in FastZip.CreateZip by Richard Webb
  • [#​497] Transform new entry names using an INameTranform in ZipOutputStream by Richard Webb
  • [#​482] Add variants of FastZip.CreateZip taking IScanFilter instead of strings by Richard Webb
  • [#​455] Add FastZip.CreateZip with a leaveOpen parameter by Richard Webb
  • [#​433] Restore directory timestamps when extracting with FastZip by Richard Webb
  • [#​472] Allow ZipFile to accept empty strings as passwords when decrypting AES entries by Richard Webb
  • [#​364] Add nameEncoding parameter to Tar entries by Yusuke Ito
  • [#​463] Improve support for Unix timestamps in ZIP archives by Bastian Eicher

Other changes (not related to library code)

  • [#​346] Add a Security Policy by nils måsén
    ... (truncated)

1.2.0

Fixes:

  • ZipEntry name mismatch when attempting to delete a directory entry (#​295)
  • Revert ArraySegment simplification to speed up CRC32 calculation (#​301)
  • Allow AES Zip to better handle reading partial stream data (#​308)
  • Always write Zip64 extra size fields when size is -1 (too big for non-Zip64) (#​314)
  • Throw exception when attempting to read a zero code length symbol (#​316)
    • This should fix most issues where reading Zip-files get stuck in an infinite loop
  • ZipOutputStream.CloseEntry() now works for Stored AES encrypted entries (#​323)
  • Empty string is now treated as no RootPath in TarArchive (#​336)
  • ZipAESStream now handle reads of less data than the AES block size (#​331)
  • Flushing a GZipOutputStream now attempts to deflate all input data before writing it to the underlying stream (#​225)
  • StrongEncryption flag is no longer (incorrectly) set for WinzipAES encrypted entries (#​329)
  • Attempting to read 0 bytes from a GZipInputStream no longer causes it to hang indefinitely (#​372)

Features:

  • HostSystem can now be set for Zipfiles, allowing creation of files targeting Linux filesystems (#​325)
  • The SharpZip custom Exception types now implements ISerializable (#​369)
    • This allows them to be transmitted when using WCF

Changes:

  • ZipFile constructor now has a leaveOpen parameter (#​302)
  • FastZip.ExtractZip now sets isStreamOwner in the ZipFile constructor (#​311)
  • ZipFile now always tries to find the Zip64 central directory and prefers it if exists (#​363)
    • This will allow for better compatibility with other archivers.

1.1.0

Changes:

  • AES256 decryption now works as intended.
  • AES encryption should also be working but the code is not sufficiently tested and may be buggy.
  • Sourcelink debugging is now enabled and the symbols are included in the nuget package.
  • Overriding the codepage used for the file names and comments is now possible when extracting archives by setting ZipStrings.Codepage or ZipStrings.UseUnicode.
  • Calculating the Adler checksum is now skipped for Zip and Gzip since it's not actually used for the formats. This should greatly improve performance.

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the nuget group with 1 update
07189f5 
Bumps SharpZipLib from 1.0.0 to 1.3.3

---
updated-dependencies:
- dependency-name: SharpZipLib
  dependency-version: 1.3.3
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jul 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant