fix(deps): update zip 7.4.0 to resolve CVE-2026-25727

[bug-ops]

Summary

• Update zip 7.3.0 -> 7.4.0, which pulls time 0.3.45 -> 0.3.47
• Resolves CVE-2026-25727: stack exhaustion DoS via RFC 2822 parsing in time
• Transitive dependency only (zip -> time); exarch does not parse user-provided RFC 2822 input

Related to #45

Test plan

• cargo clippy passes
• 728 tests pass

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main      #47      +/-   ##
==========================================
+ Coverage   90.08%   90.13%   +0.05%     
==========================================
  Files          61       57       -4     
  Lines       10013     9846     -167     
==========================================
- Hits         9020     8875     -145     
+ Misses        993      971      -22     

Flag	Coverage Δ
exarch-python	?

Flags with carried forward coverage won't be shown. Click here to find out more.
see 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.