chore(deps): Bump plexus-archiver from 3.6.0 to 4.6.3

[dependabot]

Bumps plexus-archiver from 3.6.0 to 4.6.3.

Release notes

Sourced from plexus-archiver's releases.

Plexus Archiver 4.6.3

🚀 New features and improvements

• Fix path traversal vulnerability (#261) @​plamentotev Thanks to @​Fewword for reporting the vulnerability and suggesting a fix. The vulnerability affects only directories whose name begins with the same prefix as the destination directory. For example malicious archive may extract file in /opt/directory instead of /opt/dir.

📦 Dependency updates

• Bump plexus-utils from 3.5.0 to 3.5.1 (#257) @​dependabot

Plexus Archiver 4.6.2

🐛 Bug Fixes

• Fix regression in handling symbolic links. See codehaus-plexus/plexus-io#89

📦 Dependency updates

• Bump plexus-io from 3.4.0 to 3.4.1 (#256) @​dependabot
• Bump zstd-jni from 1.5.2-5 to 1.5.4-2 (#254) @​dependabot, (#255) @​dependabot

Plexus Archiver 4.6.1

🐛 Bug Fixes

• Normalize file separators before warning about equal archive entries (#249) @​Bananeweizen

📦 Dependency updates

• Bump commons-compress from 1.21 to 1.22 (#243) @​dependabot

Plexus Archiver 4.6.0

🚀 New features and improvements

• keep file/directory permissions in Reproducible Builds mode (#241) @​hboutemy

📦 Dependency updates

• Bump junitVersion from 5.9.0 to 5.9.1 (#236) @​dependabot
• Bump plexus-utils from 3.4.2 to 3.5.0 (#242) @​dependabot
• Bump zstd-jni from 1.5.2-4 to 1.5.2-5 (#240) @​dependabot

Plexus Archiver 4.5.0

🚀 New features and improvements

• Add zstd (un)archiver support (#226) @​pleeplop

🐛 Bug Fixes

• Fix UnArchiver#isOverwrite not working as expected (#229) @​plamentotev Existing files were overridden only if UnArchiver#isOverwrite was set and the existing files were older than the archive entry. Now it works as documented: older files are always overridden; when UnArchiver#isOverwrite is true, existing files are always overridden regardless if they are older or not.

... (truncated)

Changelog

Sourced from plexus-archiver's changelog.

Plexus Archiver Release Notes

Plexus Archiver 4.2.1

Bugs

• [Issue #126][issue-126] - Fixed broken javadoc for Archiver#configureReproducible.
• [Issue #127][issue-127] - Fixed reproducible zip entry time depends on local daylight saving time.

Plexus Archiver 4.2.0

Improvements

• [Pull Request #121][pr-121] - Add API to configure reproducible archives - Archiver#configureReproducible.
• Add option to force the user and group for all archive entries.
• Add option to force the last modified date for all archive entries.
• [Issue #114][issue-114] - Add option to provide Comparator for Archiver. The archive entries will be added in the order specified by the provided comparator.
• [Pull Request #117][pr-117] - Add option to limit the output size for AbstractZipUnArchiver as a way of protection against ZIP bombs. Thanks to Sergey Patrikeev and Semyon Atamas.
• Various code improvements. Thanks to Semyon Atamas and Sergey Patrikeev.

Bugs

• [Issue #94][issue-94] - Fixed setting archiver destination to the working directory causes NullPointerException.

Tasks

• [Issue #119][issue-119] - Updated dependencies: commons-compress to 1.18, plexus-io to 3.2.0 and plexus-utils to 3.3.0.

Plexus Archiver 4.1.0

Improvements

• [Issue #110][issue-110] - Add option to omit "Created-By" manifest entry.

Plexus Archiver 4.0.0

... (truncated)

Commits

• 5cc6594 [maven-release-plugin] prepare release plexus-archiver-4.6.3
• 8a37b7e Fix path traversal vulnerability
• 68d6825 Bump plexus-utils from 3.5.0 to 3.5.1
• 00d02f8 [maven-release-plugin] prepare for next development iteration
• e4449b2 [maven-release-plugin] prepare release plexus-archiver-4.6.2
• 737ac96 [maven-release-plugin] rollback the release of plexus-archiver-4.6.2
• d950f06 [maven-release-plugin] prepare release plexus-archiver-4.6.2
• 8c65753 Bump plexus-io from 3.4.0 to 3.4.1
• b434156 Bump zstd-jni from 1.5.4-1 to 1.5.4-2
• 64d3acf Bump zstd-jni from 1.5.2-5 to 1.5.4-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)