volta icon indicating copy to clipboard operation
volta copied to clipboard
verified publisher icon volta-cli

Building `volta` fails - `zip < 2.3.0` has been yanked from crates.io.

Open MarkusPettersson98 opened this issue 9 months ago • 1 comments

Hi 👋

I just want to bring to your attention that one of your dependencies - zip 2.1.6 - has been yanked due to being vulnerable to this CVE: https://github.com/zip-rs/zip2/security/advisories/GHSA-94vh-gphv-8pm8. As such, checking out the volta repository and trying to build it will fail.

Thanks for maintaining Volta 💛

MarkusPettersson98 avatar Mar 27 '25 07:03 MarkusPettersson98

Thanks for letting us know!!

rwjblue avatar Mar 29 '25 12:03 rwjblue