diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 0d137632f638..89e42094bf83 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -18,6 +18,13 @@ enabled: true, }, packageRules: [ + { + // Disable updates of `zip-rs`; intentionally pinned for now due to ownership change + // See: https://github.com/astral-sh/uv/issues/3642 + matchPackagePatterns: ["zip"], + matchManagers: ["cargo"], + enabled: false, + }, { // Group upload/download artifact updates, the versions are dependent groupName: "Artifact GitHub Actions dependencies", diff --git a/Cargo.lock b/Cargo.lock index 5f9267be6e9a..74ae3cd78579 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -128,15 +128,6 @@ version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3" -[[package]] -name = "arbitrary" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110" -dependencies = [ - "derive_arbitrary", -] - [[package]] name = "arc-swap" version = "1.7.1" @@ -1045,17 +1036,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "derive_arbitrary" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.64", -] - [[package]] name = "diff" version = "0.1.13" @@ -1100,17 +1080,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "displaydoc" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.64", -] - [[package]] name = "distribution-filename" version = "0.0.1" @@ -5708,17 +5677,14 @@ checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" [[package]] name = "zip" -version = "1.3.0" +version = "0.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1f4a27345eb6f7aa7bd015ba7eb4175fa4e1b462a29874b779e0bbcf96c6ac7" +checksum = "760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261" dependencies = [ - "arbitrary", + "byteorder", "crc32fast", "crossbeam-utils", - "displaydoc", "flate2", - "indexmap", - "thiserror", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 6774f00f0892..49bcf7eced1d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -145,7 +145,7 @@ wiremock = { version = "0.6.0" } walkdir = { version = "2.5.0" } which = { version = "6.0.0" } winapi = { version = "0.3.9", features = ["fileapi", "handleapi", "ioapiset", "winbase", "winioctl", "winnt"] } -zip = { version = "1.1.0", default-features = false, features = ["deflate"] } +zip = { version = "0.6.6", default-features = false, features = ["deflate"] } [workspace.metadata.cargo-shear] ignored = ["flate2"] diff --git a/crates/install-wheel-rs/src/wheel.rs b/crates/install-wheel-rs/src/wheel.rs index 3663133dacf2..9f9c52da107c 100644 --- a/crates/install-wheel-rs/src/wheel.rs +++ b/crates/install-wheel-rs/src/wheel.rs @@ -11,7 +11,7 @@ use rustc_hash::FxHashMap; use sha2::{Digest, Sha256}; use tracing::{instrument, warn}; use walkdir::WalkDir; -use zip::write::SimpleFileOptions; +use zip::write::FileOptions; use zip::ZipWriter; use pypi_types::DirectUrl; @@ -190,8 +190,7 @@ pub(crate) fn windows_script_launcher( // We're using the zip writer, but with stored compression // https://github.com/njsmith/posy/blob/04927e657ca97a5e35bb2252d168125de9a3a025/src/trampolines/mod.rs#L75-L82 // https://github.com/pypa/distlib/blob/8ed03aab48add854f377ce392efffb79bb4d6091/PC/launcher.c#L259-L271 - let stored = - SimpleFileOptions::default().compression_method(zip::CompressionMethod::Stored); + let stored = FileOptions::default().compression_method(zip::CompressionMethod::Stored); let mut archive = ZipWriter::new(Cursor::new(&mut payload)); let error_msg = "Writing to Vec should never fail"; archive.start_file("__main__.py", stored).expect(error_msg);