update: bump zip from 6.0.0 to 7.4.0

[dependabot]

Bumps zip from 6.0.0 to 7.4.0.

Release notes

Sourced from zip's releases.

v7.4.0

🚀 Features

• Increase MSRV to 1.88 and update dependencies (#626)

v7.3.0

🚀 Features

• cleanup the benchs and Cargo.toml (#606)
• Add support for per-file comments (#543)

🐛 Bug Fixes

• Document feature unreserved and make the mapping of extra fields public (#616)
• Return an error if abort_file() fails when exceeding non-large-file limit (#598)

⚙️ Miscellaneous Tasks

• Bump version to 7.3.0 (semver checks fail if it's still 7.3.0-pre1)

v7.3.0-pre1

🐛 Bug Fixes

• Reject empty ZipCrypto password when encrypting files (can still be used when decrypting)
• make zip crate safer and more readable (#536)

⚡ Performance

• Optimizations for CP437 conversion (#559)

⚙️ Miscellaneous Tasks

• Trigger release 7.3.0-pre1 to reset cargo-semver-checks baseline

v7.2.0

🚀 Features

• add read_zipfile_from_stream_with_compressed_size (#70)
• Allow choosing bzip2 rust backend (#329)

🐛 Bug Fixes

• Need to include zip64 extra field in central directory (fix #353) (#360)
• Fails to extract file which might or might not be malformed (#376) (#426)
• (aes) Allow AES encryption while streaming (#463)
• Default "platform" field in zip files should be set to the local platform, rather than always "Unix" (#470) (#471)

🚜 Refactor

• Define cfg_if! and cfg_if_expr! internal macros (#438)

... (truncated)

Changelog

Sourced from zip's changelog.

7.4.0 - 2026-02-05

🚀 Features

• Increase MSRV to 1.88 and update dependencies (#626)

7.3.0 - 2026-02-04

🚀 Features

• cleanup the benchmarks and Cargo.toml (#606)
• Add support for per-file comments (#543)

🐛 Bug Fixes

• Document feature unreserved and make the mapping of extra fields public (#616)
• Return an error if abort_file() fails when exceeding non-large-file limit (#598)

⚙️ Miscellaneous Tasks

• Bump version to 7.3.0 (semver checks fail if it's still 7.3.0-pre1)

7.3.0-pre1 - 2026-01-27

🐛 Bug Fixes

• Reject empty ZipCrypto password when encrypting files (can still be used when decrypting)
• make zip crate safer and more readable (#536)

⚡ Performance

• Optimizations for CP437 conversion (#559)

⚙️ Miscellaneous Tasks

• Trigger release 7.3.0-pre1 to reset cargo-semver-checks baseline

7.2.0 - 2026-01-20

🚀 Features

• add read_zipfile_from_stream_with_compressed_size (#70)
• Allow choosing bzip2 rust backend (#329)

🐛 Bug Fixes

• Need to include zip64 extra field in central directory (fix #353) (#360)
• Fails to extract file which might or might not be malformed (#376) (#426)
• (aes) Allow AES encryption while streaming (#463)
• Default "platform" field in zip files should be set to the local platform, rather than always "Unix" (#470) (#471)

... (truncated)

Commits

• 016d421 chore: release v7.4.0 (#628)
• 18792c2 feat: Increase MSRV to 1.88 and update dependencies (#626)
• c9bce39 test: Potential fixes for 5 code quality findings (method-description comment...
• 5b61c24 test: Potential fixes for 2 code quality findings in tests/end_to_end.rs (#624)
• 1c59f3c Apply suggested fix to CHANGELOG.md from Copilot Autofix (#623)
• 41aeb9f Revert "ci: Temporarily override baseline for semver checks (revert after 7.3...
• ba77189 chore: release v7.3.0 (#580)
• 57b5ecc fix: Document feature unreserved and make the mapping of extra fields publi...
• 579b67c Apply suggested fix to tests/zip_crypto.rs from Copilot Autofix (#620)
• ca432a0 Apply suggested fix to tests/wasm32.rs from Copilot Autofix (#618)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.53%. Comparing base (81033e0) to head (51a0de5).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1857   +/-   ##
=======================================
  Coverage   76.53%   76.53%           
=======================================
  Files         171      171           
  Lines       39621    39621           
=======================================
  Hits        30322    30322           
  Misses       9299     9299           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codspeed-hq]

Merging this PR will not alter performance

✅ 16 untouched benchmarks
⏩ 2 skipped benchmarks¹

---

_{Comparing dependabot/cargo/zip-7.4.0 (51a0de5) with main (0d2a2a3)}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[cdmurph32]

Picks up this fix in typed path
chipsenkbeil/typed-path#57