chore(deps): update rust crate gix to 0.83.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
gix	dependencies	minor	0.80.0 → 0.83.0

---

Release Notes

GitoxideLabs/gitoxide (gix)

v0.83.0: gix v0.83.0

Compare Source

Bug Fixes

• Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees.
  It turns out there is no per-worktree excludes file either.

Chore (BREAKING)

• Upgrade prodash and crosstermion to the latest version.
  This will fix the cargo deny issue as it brings in a newer lru crate.

Bug Fixes (BREAKING)

• remove winnow and replace it with hand-implemented parsers everywhere.
  This will allow for simplified maintenance and editing (both human and machine)
  down the road, and enable additional performance optimisations.

  Parser compbinators to me ultimately were a failed experiment as I couldn't maintain
  them anyway, with it being too difficult for me to grasp and express everything
  in its very own kind of language, with a lot of different things to consider.

  Note that this also removes detailed errors from all parsers that previously
  used winnow, with the option to re-add those if there is demand.

Commit Statistics

• 5 commits contributed to the release over the course of 2 calendar days.
• 3 days passed between releases.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

view details

• Uncategorized
  • Adapt to changes in gix-object (91bfab0)
  • Remove winnow and replace it with hand-implemented parsers everywhere. (91c854e)
  • Merge pull request #​2540 from GitoxideLabs/reporting (4d5ba23)
  • Merge pull request #​2529 from GitoxideLabs/reflog-newline-handling (2c3a08e)
  • Adapt to changes in gix-error (2e2a126)

v0.82.0: gix v0.82.0 - hardened

Compare Source

Advisories with fixes

• GHSA-9857-6mw7-fq2m
• GHSA-p3hw-mv63-rf9w
• GHSA-f26g-jm89-4g65
• GHSA-x494-mj8g-cj27
• GHSA-pg4w-g64p-qwhj
• GHSA-fr8x-3vfx-f45h

Bug Fixes

• Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees.
  It turns out there is no per-worktree excludes file either.

• do not open .gitmodule files through symlinks
  This could lead to places outside of the repository that are attacker controller.

• don't follow submodule names with relative paths in them
  This made it possible to trick submodule repos to be opened outside of the
  actual repository.

• Restore Category::to_full_name() to be able to produce any full name.
  Previously it learned to reject certain invalid branch names, but this has to
  be done separately and led to some unpleasant changes in gix as well.

• reject refs/heads/HEAD as branch name during repo initialisation
  Also document that refs/heads/HEAD is allowed if FullName was created
  directly.

• Tree::peel_to_entry() peel to the final tree entry (and only if it's a tree)

• deduplicate entry-finding logic
  The logic for finding entries is duplicated 3 times.

  Use std::ops::ControlFlow for simpler, callback-friendly code.

• std::path::Component has infallible conversion to &[u8]
  Instead of relying on a fallible path and using a default value,
  we can convert directly between a Component and a &[u8].

Chore (BREAKING)

• Upgrade prodash and crosstermion to the latest version.
  This will fix the cargo deny issue as it brings in a newer lru crate.

New Features (BREAKING)

• enforce the specification of alloc_init_bytes to handle untrusted input
  This breaking change is intended to force a decision about how
  much memory allocation an untrusted party can command by tempering
  with binary file formats.
• Use imara-diff-v2 with git sliders processing
  The slider post-processing imrpoves the diff quality for about 8% slower diffs.
  Line-counts, however, will be 50% faster to compute.

Other

• remove confusing map()

New Features

• automatically limit allocation size on untrusted repositories.
  This can be controlled via gitoxide.objects.allocLimitIfReducedTrust.
• read GIX_ALLOC_BYTES and pass them to gix-odb for reading untrusted input
• add sha256 to gix

Documentation

• add crate-root doctests

Commit Statistics

• 50 commits contributed to the release over the course of 32 calendar days.
• 32 days passed between releases.
• 14 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

view details

• Uncategorized
  • Update changelogs prior to release (f9fbcba)
  • Merge pull request #​2530 from GitoxideLabs/advisories (63b8419)
  • Add fuzz tests for 10 more crates, and related fixes (0396152)
  • Do not open .gitmodule files through symlinks (52485a9)
  • Don't follow submodule names with relative paths in them (d2e193f)
  • Automatically limit allocation size on untrusted repositories. (95b0399)
  • Enforce the specification of alloc_init_bytes to handle untrusted input (91d0c26)
  • More alloc_limit tests to validate limit for loose objects as well. (9473d32)
  • Pass alloc_limit_bytes to gix-index (054494f)
  • Read GIX_ALLOC_BYTES and pass them to gix-odb for reading untrusted input (acffd6b)
  • Add reproductions for all known advisories (392336f)
  • Merge pull request #​2497 from cruessler/pass-hash-len-to-tree-ref-iter (7d50c30)
  • Review (d9b358b)
  • Adapt to changes in gix-object (6df1d55)
  • Merge pull request #​2523 from GitoxideLabs/improvements (6f47e98)
  • Adapt to changes in gix-traverse (a1bd845)
  • Merge pull request #​2513 from GitoxideLabs/v2-diff (2a5db88)
  • Thanks clippy (e4f380e)
  • Use imara-diff-v2 with git sliders processing (8094f5d)
  • Merge pull request #​2518 from GitoxideLabs/improvements (444a92b)
  • Make package.include patterns more specific so they don't match ignored files (c2c917f)
  • Merge pull request #​2507 from GitoxideLabs/improvements (e51c40b)
  • Restore Category::to_full_name() to be able to produce any full name. (5b229c6)
  • Merge pull request #​2505 from GitoxideLabs/improvements (420c5df)
  • Address auto-review (6a5a0ec)
  • Reject refs/heads/HEAD as branch name during repo initialisation (1adc44c)
  • Merge pull request #​2492 from datdenkikniet/peel_to_entry (a298901)
  • Refactor (3542230)
  • Remove confusing map() (8a2b474)
  • Merge pull request #​2494 from GitoxideLabs/improvements (50fb46f)
  • Adapt to changes in gix-config. (344218a)
  • Merge pull request #​2493 from GitoxideLabs/improvements (af1ad55)
  • Adapt to changes in gix-config (7bda16a)
  • Merge pull request #​2489 from GitoxideLabs/fix-entry-by-path (ec66ceb)
  • Address auto-review (6b45cfa)
  • Tree::peel_to_entry() peel to the final tree entry (and only if it's a tree) (7f77169)
  • Merge pull request #​2487 from GitoxideLabs/top-level-examples (29c275e)
  • Add crate-root doctests (b1102c2)
  • Merge pull request #​2459 from datdenkikniet/unify-traversal (de3f064)
  • Refactor (fc09ed2)
  • Deduplicate entry-finding logic (b37fef1)
  • Merge pull request #​2485 from GitoxideLabs/fintohaps/fix-ls-refs-prefixing (700ad9e)
  • Fail on missing explicit refs after exact ls-refs` (df41a64)
  • Merge pull request #​2448 from cruessler/add-sha-256-to-gix-refspec (9a78ae2)
  • Alter documentation of feature flags (3cf53e2)
  • Add sha256 to gix (dce21dd)
  • Merge pull request #​2480 from GitoxideLabs/report (98bae84)
  • Merge branch 'main' into report (7eb98cb)
  • Merge pull request #​2458 from datdenkikniet/direct-u8 (2ce6dde)
  • std::path::Component has infallible conversion to &[u8] (0e173d6)

v0.81.0: gix v0.81.0

Compare Source

Bug Fixes

• Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees.
  It turns out there is no per-worktree excludes file either.
• gix::open::Permissions now can be compared, and add is_isolated() method.
• ignore assume-unchanged submodule path replaced by symlink in status

Chore (BREAKING)

• Upgrade prodash and crosstermion to the latest version.
  This will fix the cargo deny issue as it brings in a newer lru crate.

New Features

• add Repository::reopen() as quick way to reload all configuration and drop caches.
• add sha1 and sha256 features to gix.
  This way one can control which hashes are compiled in exactly,
  while having reasonable defaults automatically.

Commit Statistics

• 18 commits contributed to the release.
• 4 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

view details

• Uncategorized
  • Release gix-error v0.2.1, gix-date v0.15.1, gix-path v0.11.2, gix-features v0.46.2, gix-hash v0.23.0, gix-hashtable v0.13.0, gix-object v0.58.0, gix-packetline v0.21.2, gix-filter v0.28.0, gix-fs v0.19.2, gix-commitgraph v0.35.0, gix-revwalk v0.29.0, gix-traverse v0.55.0, gix-worktree-stream v0.30.0, gix-archive v0.30.0, gix-tempfile v21.0.2, gix-lock v21.0.2, gix-index v0.49.0, gix-pathspec v0.16.1, gix-ignore v0.19.1, gix-worktree v0.50.0, gix-diff v0.61.0, gix-blame v0.11.0, gix-ref v0.61.0, gix-sec v0.13.2, gix-config v0.54.0, gix-prompt v0.14.1, gix-credentials v0.37.1, gix-discover v0.49.0, gix-dir v0.23.0, gix-revision v0.43.0, gix-merge v0.14.0, gix-negotiate v0.29.0, gix-pack v0.68.0, gix-odb v0.78.0, gix-refspec v0.39.0, gix-shallow v0.10.0, gix-transport v0.55.1, gix-protocol v0.59.0, gix-status v0.28.0, gix-submodule v0.28.0, gix-worktree-state v0.28.0, gix v0.81.0, gix-fsck v0.19.0, gitoxide-core v0.55.0, gitoxide v0.52.0, safety bump 31 crates (c389a2c)
  • Merge pull request #​2470 from GitoxideLabs/improvements (1a72380)
  • gix::open::Permissions now can be compared, and add is_isolated() method. (c80fa4c)
  • Merge pull request #​2469 from GitoxideLabs/improvements (26d5197)
  • Add Repository::reopen() as quick way to reload all configuration and drop caches. (f15911c)
  • Merge pull request #​2454 from GitoxideLabs/dependabot/cargo/cargo-da044b9bb0 (6183fd0)
  • Make CI work again (5213afe)
  • Bump the cargo group with 68 updates (6bdb331)
  • Merge pull request #​2441 from cruessler/remove-sha-1-from-default-features (e8bf096)
  • Add sha1 and sha256 features to gix. (3832916)
  • Adapt to sha1 not being default feature of gix-hash (e71c703)
  • Merge pull request #​2437 from GitoxideLabs/copilot/fix-issue-2435-in-gix-crate (dad2a82)
  • Address Codex review (34d3c17)
  • Refactor (fa65501)
  • Ignore assume-unchanged submodule path replaced by symlink in status (72134f5)
  • Merge pull request #​2445 from GitoxideLabs/improvements (6a7287c)
  • Add cargo machete CI job including exclusions (abd0724)
  • Merge pull request #​2442 from GitoxideLabs/report (f7277f3)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.