Update to ProDotNetZip 1.20 (#563)

papeh · web-flow · commit 81c940a794fe · 2025-12-19T21:40:13.000Z
DotNetZip has a security vulnerability (LT-22325).
Update to ProDotNetZip 1.20 and include its dependencies.

Change-Id: I66d87e488dc12447d7ac903bba5e4c90a906178b
diff --git a/Build/mkall.targets b/Build/mkall.targets
@@ -578,7 +578,6 @@
 			<NuGottenFiles Include="$(GeckoDir)/content/**/*.*"/>
 			<NuGottenFiles Include="$(PackagesDir)/Analytics.3.6.0/lib/net461/Analytics.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/DocumentFormat.OpenXml.2.20.0/lib/net46/DocumentFormat.OpenXml.dll"/>
-			<NuGottenFiles Include="$(PackagesDir)/DotNetZip.1.16.0/lib/net40/*.*"/>
 			<NuGottenFiles Include="$(PackagesDir)/icu.net.3.0.0-beta.297/lib/netstandard2.0/icu.net.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/Markdig.Signed.0.30.0/lib/net452/Markdig.Signed.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/Microsoft.Extensions.DependencyModel.2.0.4/lib/net451/Microsoft.Extensions.DependencyModel.dll"/>
@@ -596,6 +595,7 @@
 			<NuGottenFiles Include="$(PackagesDir)/ParatextData.$(ParatextNugetVersion)/lib/netstandard2.0/Paratext.LexicalContractsV2.dll" />
 			<NuGottenFiles Include="$(PackagesDir)/ParatextData.$(ParatextNugetVersion)/lib/netstandard2.0/ParatextData.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/ParatextData.$(ParatextNugetVersion)/lib/netstandard2.0/PtxUtils.dll"/>
+			<NuGottenFiles Include="$(PackagesDir)/ProDotNetZip.1.20.0/lib/netstandard2.0/*.*"/>
 			<NuGottenFiles Include="$(PackagesDir)/SIL.DesktopAnalytics.4.0.0/lib/net461/DesktopAnalytics.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/SIL.ParatextShared.7.4.0.1/runtimes/$(OsDir)/lib/net40/FormattedEditor.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/SIL.ParatextShared.7.4.0.1/runtimes/$(OsDir)/lib/net40/HelpSystem.dll"/>
@@ -609,6 +609,8 @@
 			<NuGottenFiles Include="$(PackagesDir)/System.Numerics.Vectors.4.5.0/lib/net46/System.Numerics.Vectors.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/System.Resources.Extensions.4.6.0/lib/netstandard2.0/System.Resources.Extensions.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/System.Runtime.CompilerServices.Unsafe.6.0.0/lib/net461/System.Runtime.CompilerServices.Unsafe.dll"/>
+			<NuGottenFiles Include="$(PackagesDir)/System.Security.Permissions.8.0.0/lib/net462/System.Security.Permissions.dll"/>
+			<NuGottenFiles Include="$(PackagesDir)/System.Text.Encoding.CodePages.8.0.0/lib/net462/System.Text.Encoding.CodePages.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/System.Threading.Tasks.Extensions.4.5.4/lib/net461/System.Threading.Tasks.Extensions.dll"/>
 			<NuGottenFiles Include="$(PackagesDir)/System.ValueTuple.4.5.0/lib/net461/System.ValueTuple.dll"/>
 		</ItemGroup>
diff --git a/Build/nuget-common/packages.config b/Build/nuget-common/packages.config
@@ -9,7 +9,6 @@
   <package id="CsvHelper" version="28.0.1" />
   <package id="DialogAdapters" version="0.1.11" />
   <package id="DocumentFormat.OpenXml" version="2.20.0" targetFramework="net461" />
-  <package id="DotNetZip" version="1.16.0" targetFramework="net461" />
   <package id="Enchant.Net" version="1.4.3-beta0010" targetFramework="net461" />
   <package id="GdkSharp-signed" version="3.22.24.37" />
   <package id="GioSharp-signed" version="3.22.24.37" />
@@ -37,6 +36,7 @@
   <package id="NUnit.Extension.NUnitV2ResultWriter" version="3.7.0" />
   <package id="NUnit3TestAdapter" version="4.3.2" />
   <package id="ParatextData" version="9.4.0.1-beta" targetFramework="net46"/>
+  <package id="ProDotNetZip" version="1.20.0" />
   <package id="protobuf-net" version="2.4.6" exclude="Build,Analyzers" />
   <package id="Sandwych.QuickGraph.Core" version="1.0.0" />
   <package id="SharpZipLib" version="1.4.0" exclude="Build,Analyzers" />
@@ -86,6 +86,8 @@
   <package id="System.Numerics.Vectors" version="4.5.0" />
   <package id="System.Resources.Extensions" version="4.6.0" />
   <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" />
+  <package id="System.Security.Permissions" version="8.0.0" /> <!-- required for ProDotNetZip 1.20 -->
+  <package id="System.Text.Encoding.CodePages" version="8.0.0" /> <!-- required for ProDotNetZip 1.20 -->
   <package id="System.Threading.Tasks.Extensions" version="4.5.4" />
   <package id="System.ValueTuple" version="4.5.0" targetFramework="net461" />
   <package id="TagLibSharp" version="2.2.0" targetFramework="net45" />
diff --git a/Src/Common/FieldWorks/App.config b/Src/Common/FieldWorks/App.config
@@ -34,10 +34,6 @@
 			<assemblyIdentity name="icu.net" publicKeyToken="416fdd914afa6b66" culture="neutral" />
 			<bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
 		</dependentAssembly>
-		<dependentAssembly>
-			<assemblyIdentity name="DotnetZip" publicKeyToken="6583c7c814667745" culture="neutral" />
-			<bindingRedirect oldVersion="0.0.0.0-1.16.0.0" newVersion="1.16.0.0" />
-		</dependentAssembly>
 <!--
 Comment out the following section when the ParatextData and FieldWorks versions of libpalaso converge
 -->
diff --git a/Src/LexText/LexTextControls/LexTextControls.csproj b/Src/LexText/LexTextControls/LexTextControls.csproj
@@ -137,9 +137,9 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\..\Output\Debug\DesktopAnalytics.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetZip, Version=1.13.3.0, Culture=neutral, PublicKeyToken=6583c7c814667745, processorArchitecture=MSIL">
+    <Reference Include="ProDotNetZip, Version=1.20.0.0, Culture=neutral, PublicKeyToken=6583c7c814667745, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\Output\Debug\DotNetZip.dll</HintPath>
+      <HintPath>..\..\..\Output\Debug\ProDotNetZip.dll</HintPath>
     </Reference>
     <Reference Include="SIL.Core.Desktop, Version=4.1.0.0, Culture=neutral, PublicKeyToken=cab3c8c5232dfcf2, processorArchitecture=x86">
       <SpecificVersion>False</SpecificVersion>
diff --git a/Src/xWorks/xWorks.csproj b/Src/xWorks/xWorks.csproj
@@ -156,8 +156,8 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\Output\Debug\DocumentFormat.OpenXml.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetZip">
-      <HintPath>..\..\packages\DotNetZip.1.13.7\lib\net40\DotNetZip.dll</HintPath>
+    <Reference Include="ProDotNetZip">
+      <HintPath>..\..\Output\Debug\ProDotNetZip.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
     <Reference Include="NAudio, Version=1.10.0.0, Culture=neutral, processorArchitecture=MSIL">
diff --git a/Src/xWorks/xWorksTests/xWorksTests.csproj b/Src/xWorks/xWorksTests/xWorksTests.csproj
@@ -187,8 +187,8 @@
     <Reference Include="FwUtilsTests, Version=7.0.1.13090, Culture=neutral, processorArchitecture=x86">
       <SpecificVersion>False</SpecificVersion>
     </Reference>
-    <Reference Include="DotNetZip">
-      <HintPath>..\..\..\Output\Debug\DotNetZip.dll</HintPath>
+    <Reference Include="ProDotNetZip">
+      <HintPath>..\..\..\Output\Debug\ProDotNetZip.dll</HintPath>
     </Reference>
     <Reference Include="LexEdDll, Version=8.0.4.12240, Culture=neutral, processorArchitecture=x86">
       <SpecificVersion>False</SpecificVersion>
