Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get the dependencies updated for the latest fixes and improvements #272

Merged
merged 6 commits into from Dec 30, 2020
Merged

Get the dependencies updated for the latest fixes and improvements #272

merged 6 commits into from Dec 30, 2020

Conversation

Jacalz
Copy link
Contributor

@Jacalz Jacalz commented Dec 23, 2020

Every package has been updated where possible to incorporate the latest performance fixes, improvements and bug fixes.
Each individual package has been updated in separate commits for easy cherry picking.
One important update is the update of https://github.com/ulikunitz/xz to v0.5.9 that bring a fix for GHSA-25xm-hr59-7c27.

The changes between v1.0.0 and v1.0.1 can be found [here](andybalholm/brotli@v1.0.0...v1.0.1).
The changes between v0.0.1 and v0.0.2 can be found [here](golang/snappy@v0.0.1...v0.0.2).
When resetting before reading all content temporary buffers were lost. Make sure to re-add temporary buffers.
The changes between v4.0.3 and v4.1.2 can be found [here](pierrec/lz4@v4.0.3...v4.1.2).
The changes between v0.5.7 and v0.5.9 can be found [here](ulikunitz/xz@v0.5.7...v0.5.9).
The most important part here is that it fixes a security issue. GHSA-25xm-hr59-7c27
Copy link
Owner

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see, the deps are in a separate PR. Cool cool.

Thanks!

@Jacalz
Copy link
Contributor Author

Jacalz commented Dec 30, 2020

Sorry, but given that this is approved, can we perhaps get it merged? Most importantly, there is the security fix and also the update of klauspost/compress which gives decompression speed improvements in zip of 10-15% 🙂

@mholt mholt merged commit 1ee1dbd into mholt:master Dec 30, 2020
@tsaarni
Copy link

tsaarni commented Jul 2, 2021

Sorry for posting to old PR but I wonder is there plans to do a release? It would be nice to have a released version with the security fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants