Skip to content

Commit

Permalink
Auto merge of #13412 - ehuss:update-git2, r=weihanglo
Browse files Browse the repository at this point in the history 
Update git2

This updates git2 primarily to pull in the update for libgit2 1.7.2 which fixes three security issues. `@weihanglo` did some investigation, and it looks like cargo may be susceptible to one of them with rev parsing. I am uncertain of the severity, but the CVE seems to imply that it is mainly a denial-of-service with an infinite loop from a well-crafted spec.

See https://github.com/libgit2/libgit2/releases/tag/v1.7.2 for more information.
  • Loading branch information
@bors
bors committed Feb 7, 2024
2 parents 993418e + c30c13b commit fbebea2
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ curl = "0.4.44"
curl-sys = "0.4.71"
filetime = "0.2.23"
flate2 = { version = "1.0.28", default-features = false, features = ["zlib"] }
git2 = "0.18.1"
git2 = "0.18.2"
git2-curl = "0.19.0"
gix = { version = "0.58.0", default-features = false, features = ["blocking-http-transport-curl", "progress-tree", "revision"] }
gix-features-for-configuration-only = { version = "0.38.0", package = "gix-features", features = [ "parallel" ] }
Expand All @@ -62,7 +62,7 @@ itertools = "0.12.1"
jobserver = "0.1.27"
lazycell = "1.3.0"
libc = "0.2.153"
libgit2-sys = "0.16.1"
libgit2-sys = "0.16.2"
libloading = "0.8.1"
memchr = "2.7.1"
miow = "0.6.0"
Expand Down

0 comments on commit fbebea2

Please sign in to comment.