diff --git a/Cargo.lock b/Cargo.lock
index 82fc854b6..4cf21ef22 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1495,17 +1495,6 @@ dependencies = [
  "syn 2.0.27",
 ]
 
-[[package]]
-name = "time"
-version = "0.1.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a"
-dependencies = [
- "libc",
- "wasi",
- "winapi",
-]
-
 [[package]]
 name = "typenum"
 version = "1.14.0"
@@ -2074,5 +2063,4 @@ dependencies = [
  "crc32fast",
  "flate2",
  "thiserror",
- "time",
 ]
diff --git a/crates/archive/Cargo.toml b/crates/archive/Cargo.toml
index 6bd16c71b..367f2530c 100644
--- a/crates/archive/Cargo.toml
+++ b/crates/archive/Cargo.toml
@@ -7,7 +7,10 @@ edition = "2018"
 [dependencies]
 flate2 = "1.0"
 tar = "0.4.13"
-zip_rs = { version = "0.5", package = "zip" }
+# Set features manually to drop usage of `time` crate: we do not rely on that
+# set of capabilities, and it has a vulnerability. NOTE: this should be updated
+# to include the `aes-crypto` and `zstd` features when upgrading to v0.6+.
+zip_rs = { version = "0.5", package = "zip", default-features = false, features = ["deflate", "bzip2"] }
 tee = "0.1.0"
 fs-utils = { path = "../fs-utils" }
 progress-read = { path = "../progress-read" }