Skip to content

Bump net.lingala.zip4j:zip4j from 2.11.1 to 2.11.6#90

Open
dependabot[bot] wants to merge 1 commit intorewritefrom
dependabot/gradle/rewrite/net.lingala.zip4j-zip4j-2.11.6
Open

Bump net.lingala.zip4j:zip4j from 2.11.1 to 2.11.6#90
dependabot[bot] wants to merge 1 commit intorewritefrom
dependabot/gradle/rewrite/net.lingala.zip4j-zip4j-2.11.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps net.lingala.zip4j:zip4j from 2.11.1 to 2.11.6.

Release notes

Sourced from net.lingala.zip4j:zip4j's releases.

v2.11.6

New features:

  • #497 Create split zip file from stream

Improvements:

  • Bump assertj version
  • Bump min jdk versions to 8

v2.11.5

Improvements:

#476 & #493 Allow overriding empty files even if it is not a zip file

v2.11.4

Bug fixes:

#484 Use getPath instead of toPath to avoid java nio #486 Set symlink as a file even if it points to directory

v2.11.3

Security fixes:

#485 Fix CVE-2023-22899

v2.11.2

Improvements:

Use SecureRandom instead of Random to implement a cryptographically strong random number

Bug fixes:

Fix null check Append file separator to path check only if required Fix endOfCentralDirectory location calculation when setting comment Use Path comparison over String comparison for Path traversal vulnerability Set lastModifiedFileTime for all entries and not just directories Use charset when generating AES vendor id info

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump net.lingala.zip4j:zip4j from 2.11.1 to 2.11.6
5aad4cd 
Bumps [net.lingala.zip4j:zip4j](https://github.com/srikanth-lingala/zip4j) from 2.11.1 to 2.11.6.
- [Release notes](https://github.com/srikanth-lingala/zip4j/releases)
- [Commits](srikanth-lingala/zip4j@v2.11.1...v2.11.6)

---
updated-dependencies:
- dependency-name: net.lingala.zip4j:zip4j
  dependency-version: 2.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependabot label May 1, 2026
@dependabot dependabot Bot mentioned this pull request May 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@DeflatedPickle DeflatedPickle

Labels

dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DeflatedPickle