-
Some of those vulnerabilities have nothing to do with memory safety, such as Zip Slip which is a logic issue that affected basically all implementations. Yours appears to be no exception.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
How does it compare with ripunzip?
-
On that note, it would also be good to configure cargo-deny so that a CI pipeline and any maintainer can easily audit the current dependency versions. Sometimes CVEs require a new major semver (looking at you, time 0.1.x and thus chrono 0.4.x), so it's not enough to rely on people installing the tool with semver-compatible updates. Automatically auditing dependencies is really important, and given how easy cargo-deny makes it, I don't think many projects have any excuse not to configure it.
-
On that note, it would also be good to configure cargo-deny so that a CI pipeline and any maintainer can easily audit the current dependency versions. Sometimes CVEs require a new major semver (looking at you, time 0.1.x and thus chrono 0.4.x), so it's not enough to rely on people installing the tool with semver-compatible updates. Automatically auditing dependencies is really important, and given how easy cargo-deny makes it, I don't think many projects have any excuse not to configure it.
-
There's one that's also written in rust: https://github.com/ouch-org/ouch
-
unzipx works in parallel because the format contains multiple files, and they get decompressed individually. If you're looking to parallelize a compression algorithm that works on a stream as opposed to files, gzip/bzip2/xz and unlike zip, you need something like crabz, not like unzipx.