Bump the nuget group with 3 updates

[dependabot]

Updated Microsoft.Data.OData from 5.7.0 to 5.8.4.

Updated SharpZipLib from 0.86.0 to 1.3.3.

Release notes

Sourced from SharpZipLib's releases.

1.3.3

Another minor release, containing security fixes and smaller bugfixes.

Fixes:

• 🐛 specialized tar extract traversal by nils måsén
• 🐛 [#​635] bzip2 use explicit feature defs for vectorized memory move by Jackson Wood
• 🐛 [#​645] tar create translated files in temp by nils måsén

Smaller changes:

• 🔨 [#​604] Move the Password property from DeflaterOutputStream into ZipOutputStream by Richard Webb
• 🔨 [#​625] Make BZip2Constants static instead of sealed by Richard Webb
• 🔨 [#​626] make a couple of private functions static by Richard Webb

Other changes (not related to library code):

• 📚 [#​648] zip fix ZipStrings typo by Friedrich von Never
• 🚨 add tests for tar path traversal by nils måsén
• ⚙️ add codeql analysis by nils måsén
• 🚨 [#​636] Fix unstable tests and switch to dotcover by nils måsén
• 🚨 [#​634] add an async version of the WriteZipOutputStream benchmark by Richard Webb
• ⚙️ [#​628] Limit code coverage to windows CI by nils måsén
• 🚨 [#​627] fix the expected/actual value ordering in unit tests by Richard Webb

1.3.2

Another minor release, containing security fixes and smaller bugfixes.
Additionally, this version will have an additional target framework, .NET Standard 2.1, which will see some speed improvements when
used in newer versions of .NET (Core), mainly in Bzip2.

Features

• [#​611] Bzip input stream simple vectorization by Konrad Kruczyński
• [#​351] Add support for Filename field in GZip by nils måsén

Smaller fixes and optimizations

• [#​579] Implement very simple ReadAsync in ZipAESStream by Richard Webb
• [#​587] Remove supported method checks from ZipEntry.CompressionMethod setter by Richard Webb
• [#​593] Simplify DropPathRoot and fix out of bounds issue by nils måsén
• [#​575] Replace uses of new T[0] with Array.Empty<T> by Richard Webb
• [#​583] Restore entry times on FastZip extract by nils måsén
• [#​517] Throw exception on Store+Descriptor entries by nils måsén
• [#​578] Fix typos in the StreamDecodingException doc comments by Richard Webb
• [#​577] Throw ZipException in ZipAESStream instead of generic Exception by Richard Webb
• [#​510] Build the test bootstrapper app as netcoreapp3.1 instead of netcoreapp2.0 by Richard Webb
• [#​546] Make pure private functions static by Richard Webb
• [#​554] Skip CRC calculation for AES zip entries by nils måsén
• [#​605] Suppress CA1707 warnings in the Constants classes by Richard Webb
• [#​549] Add .NET Standard 2.1 target framework by Cédric Luthi

Other changes (not related to library code)

• [#​586] Convert VB sample projects to PackageReference format by Richard Webb
• [#​533] Convert the C# sample projects to PackageReference format by Richard Webb
• [#​457] add basic async unit tests for the inflator/deflator streams by Richard Webb
• [#​588] Add a simple async read test for ZipFile by Richard Webb
• [#​621] unify PR/push CI build actions by nils måsén
• [#​616] Change the build status badge to reference github actions by Richard Webb
• [#​603] pass CreateZip tests that are within time tolerance by nils måsén
• [#​602] Update test/coverage packages and push to codecov by nils måsén
• [#​601] pass tests that are within time tolerance by nils måsén
• [#​599] Use net46 as CI target framework for windows tests by nils måsén
• [#​594] Remove the local nuget.config files from the test projects by Richard Webb
• [#​553] Remove broken codacy integration by nils måsén
• [#​542] Build and publish documentation on release by nils måsén

1.3.1

Minor release, mainly to address the incorrect file version of v1.3.0, but also contains some security fixes and performance improvements.

Highlights

• Correct FileVersion and AssemblyVersion
• Security fixes for ZipFile and Zip*Streams
• Improved CRC32 performance
• BZip2 compression support for Zip files

Features

• [#​355] Wire up BZip2 compression support for Zip files by Richard Webb

Fixes

• [#​475] Fix updating zips with descriptor entries by Richard Webb & nils måsén
• [#​516] Improve CRC32 performance by Nelson Gomez
• [#​538] Use RNGCryptoServiceProvider for crypto headers by nils måsén
• [#​539] Use securely generated random temporary file names by nils måsén
• [#​509] Make PutNextEntry throw if the entry is AES and no password has been set by Richard Webb

Other changes (not related to library code)

• [#​541] Update csproj for new release by nils måsén
• [#​530] Fix Codacy Workflows by nils måsén
• [#​529] Add release workflow by nils måsén
• [#​511] Move the 7zip helper functions into their own class for easier reuse by Richard Webb
• [#​525] Update the sample projects to use the v1.3 release by Richard Webb
• [#​522] Use PackageIcon instead of PackageIconUrl in csproj by nils måsén
• [#​523] Fix Codacy workflows by nils måsén

1.3.0

Highlights

• AES encryption fixes and support in FastZip
• File name encoding support for Tar
• Improved Unix timestamp support
• Better handling of entry file names
• Fix errors with entries using Stored compression method

Changes

• TarArchive.ExtractContents() now needs another parameter set to true to allow the extraction to traverse outside of the target directory.
• TarArchive constructors now includes an Encoding parameter. Omitting it will discard any non-ASCII bytes in file names.

Fixes

• [#​503] Consider AES overhead when testing encrypted folder entries by Richard Webb
• [#​452] Ensure crypto streams are disposed in ZipFile.GetOutputStream by Richard Webb
• [#​333] Handle unsupported compression methods in ZipInputStream better by Richard Webb
• [#​402] Only convert entry.Name once when accessing updateIndex by Vladyslav Taranov
• [#​353] Fix ZipFile.TestLocalHeader CompressionMethod resolving for AES entries by Richard Webb
• [#​460] Account for AES overhead in compressed entry size by Richard Webb
• [#​422] Change ZipOutputStream.PutNextEntry to explicity validate the requested compression method by Richard Webb
• [#​467] Allow seeking a PartialInputStream to the very end by Víctor M. González
• [#​440] Use CompressionMethodForHeader for header entries by Richard Webb
• [#​420] Throw NotSupportedException in ZipFile.Add when trying to add AES entry by Richard Webb
• [#​421] Have ZipFile.Add validate compression compability internally by Richard Webb
• [#​387] Better handle baseStreams closing themselves unexpectedly by Richard Webb
• [#​408] When searching for the Zip64 end of central directory locator, pay attention to its fixed size by Richard Webb
• [#​406] Skip forced Deflate flush when using Stored compression by nils måsén
• [#​362] Don&#​39;t call CleanName from the ZipEntry constructor by Richard Webb
• [#​465] Use correct count in ZipAESStream.ReadBufferedData by Víctor M. González
• [#​390] Ensure GZipOutputStream headers are written before flush by Richard Webb
• [#​498] Use string.Trim to trim strings by Richard Webb
• [#​432] Throw ArgumentNullException in BZip2 by Richard Webb
• [#​519] Restrict path traversal on TarArchive extraction by nils måsén

Features

• [#​201] Raise ProcessDirectory event for FastZip extract by Stevie-O
• [#​380] Add support for AES encryption in FastZip.CreateZip by Richard Webb
• [#​497] Transform new entry names using an INameTranform in ZipOutputStream by Richard Webb
• [#​482] Add variants of FastZip.CreateZip taking IScanFilter instead of strings by Richard Webb
• [#​455] Add FastZip.CreateZip with a leaveOpen parameter by Richard Webb
• [#​433] Restore directory timestamps when extracting with FastZip by Richard Webb
• [#​472] Allow ZipFile to accept empty strings as passwords when decrypting AES entries by Richard Webb
• [#​364] Add nameEncoding parameter to Tar entries by Yusuke Ito
• [#​463] Improve support for Unix timestamps in ZIP archives by Bastian Eicher

Other changes (not related to library code)

• [#​346] Add a Security Policy by nils måsén
  ... (truncated)

1.2.0

Fixes:

• ZipEntry name mismatch when attempting to delete a directory entry (#​295)
• Revert ArraySegment simplification to speed up CRC32 calculation (#​301)
• Allow AES Zip to better handle reading partial stream data (#​308)
• Always write Zip64 extra size fields when size is -1 (too big for non-Zip64) (#​314)
• Throw exception when attempting to read a zero code length symbol (#​316)
  • This should fix most issues where reading Zip-files get stuck in an infinite loop
• ZipOutputStream.CloseEntry() now works for Stored AES encrypted entries (#​323)
• Empty string is now treated as no RootPath in TarArchive (#​336)
• ZipAESStream now handle reads of less data than the AES block size (#​331)
• Flushing a GZipOutputStream now attempts to deflate all input data before writing it to the underlying stream (#​225)
• StrongEncryption flag is no longer (incorrectly) set for WinzipAES encrypted entries (#​329)
• Attempting to read 0 bytes from a GZipInputStream no longer causes it to hang indefinitely (#​372)

Features:

• HostSystem can now be set for Zipfiles, allowing creation of files targeting Linux filesystems (#​325)
• The SharpZip custom Exception types now implements ISerializable (#​369)
  • This allows them to be transmitted when using WCF

Changes:

• ZipFile constructor now has a leaveOpen parameter (#​302)
• FastZip.ExtractZip now sets isStreamOwner in the ZipFile constructor (#​311)
• ZipFile now always tries to find the Zip64 central directory and prefers it if exists (#​363)
  • This will allow for better compatibility with other archivers.

1.1.0

Changes:

• AES256 decryption now works as intended.
• AES encryption should also be working but the code is not sufficiently tested and may be buggy.
• Sourcelink debugging is now enabled and the symbols are included in the nuget package.
• Overriding the codepage used for the file names and comments is now possible when extracting archives by setting ZipStrings.Codepage or ZipStrings.UseUnicode.
• Calculating the Adler checksum is now skipped for Zip and Gzip since it's not actually used for the formats. This should greatly improve performance.

1.0.0

With the move to .NET Standard and the re-licensing to MIT, effort has been put into creating a stable v1.0 API for SharpZipLib.

Major changes since 0.86:

• The targeted frameworks are now:
  • .NET Standard 2.0 netstandard2 (Core 2.0+, FW 4.6.1+, Mono 5.2+, UWP 16299)
  • .NET Framework 4.5 net45 (Mono 4, Dependency-free on Windows 8+/2012+)
    See .NET implementation support
• The library is now released under the MIT license. See Issue #​103.
• The legacy Stream API has been replaced by the IDisposable pattern. (Stream.Close() calls Dispose(true) by default, so it should be backwards compatible)
  See Stream.Close Method.
• Encoding now works more predictably, defaulting to UTF-8 encoding and correctly specifying it as such.
  See ZipStrings and Unicode.
• FastZip now prevents traversal outside of the target directory when extracting unless this is explicitly allowed. See Restrict path traversal on FastZip extraction
• The ICSharpCode.SharpZipLib.Checksums namespace has been renamed ICSharpCode.SharpZipLib.Checksum.

For more detailed notes, see Pre-release version notes.

1.0.0-rc2

Changes

• ZipEntry.IsUnicodeText now defaults to true
• ZipConstants.DefaultCodePage is now called ZipStrings.CodePage (but backwards-compatible wrappers exists on ZipConstants)
  For more information, see ZipStrings and Unicode

Fixes

• #​253 InflaterInputStream throws 'Invalid input data' when unpacking certain files using RC1
• #​251 ZipConstants.DefaultCodePage is set as UTF-8, but the default for FileEntry.IsUnicodeText is still false

1.0.0-rc1

Changes

• Supported frameworks are now NET45 and NETSTANDARD2

Fixes

• #​232 SECURITY: vulnerable to zip-slip (possible remote code execution/file overwrite)
• #​164 System.NotSupportedException when zipping more than ~4.2 gb of data to a stream that doesn't support seeking
• #​229 TestArchive hangs
• #​121 TAR in ustar format with long file names: TarEntry name is incomplete
• #​151 GZip.Compress ArgumentOutOfRangeException:bufferSize
• #​183 0 byte buffers writing 0 bytes fails CRC
• #​213 Tar does not read the same number of blocks as it wrote - causes potential socket issues

0.86.0.518

Changes for 0.86.0

• Multi-member gzip files are now supported. Contributed by Geoff Hart.
• Zero byte files caused ZipOutputStream to create invalid zipfiles. Contributed by Mark Ritchie.
• ZipFile.CommitUpdate failed on ODT (Open Document) files when updating in memory. Contributed by Dricks.
• Exceptions occurring within ZipFile.CommitUpdate were being silently discarded.
• In FastZip, the NameFilter erroneously removed all escapes from regex. Contributed by John Lemberger.
  Note: This is a breaking change - if you had detoured this filter bug via doubled-up backslashes,
  please halve them - for example change @"\myextract.txt$" to @"\myextract.txt$", or
  change "\\myextract.txt$" to "\myextract.txt$".
• AES Encryption and Decryption is now supported.
• TarArchive now has IsStreamOwner property, for use with MemoryStream.
• Removed exception "Extra data contains Zip64 information but version 2.0 is not high enough" due to rogue zip creators.
• FastZip.ExtractZip now accepts an Input Stream.
• Zip input and output streams can now specify buffer sizes.
• Solved "NTFS Extra data invalid" exception when reading zip files with zero-length NTFS ExtraData entry.
• Fixed "Size mismatch" exceptions reading zips created by SharpZipLib with an explicit entry CRC and Size.

Commits viewable in compare view.

Updated System.Text.Encodings.Web from 4.5.0 to 4.5.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #3.