DevComp/zip-rs-wasm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rephrase

Browse source 
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>
This commit is contained in:
Chris Hennick 2024-05-09 20:01:40 -07:00 committed by GitHub
parent 431b4cdf2b
commit 8a734f9dac
Signed by: DevComp
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pull_request_template.md
View file

@ -2,7 +2,7 @@
We welcome your pull request, but because this crate is downloaded about 1.7 million times per month (see https://crates.io/crates/zip),
and because ZIP file processing has caused security issues in the past (see
https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=&product=zip&cweid=&cvssscoremin=&cvssscoremax=&publishdatestart=&publishdateend=&updatedatestart=&updatedateend=&cisaaddstart=&cisaaddend=&cisaduestart=&cisadueend=&page=1
for the gory details), we have some requirements that help ensure the crate remains trustworthy and panic-free, and we've seen
for the gory details), we have some requirements that help ensure the crate earns and keeps developers' trust, and we've seen
a lot of PRs that don't meet those requirements.
We don't filter out "ZIP bombs" because extreme compression ratios and shallow file copies have legitimate uses; but