Skip to content

chore(deps): update rust crate gix to 0.82#3154

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/gix-0.x
Apr 24, 2026
Merged

chore(deps): update rust crate gix to 0.82#3154
renovate[bot] merged 1 commit intomainfrom
renovate/gix-0.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 24, 2026

This PR contains the following updates:

Package Type Update Change
gix workspace.dependencies minor 0.810.82

Release Notes

GitoxideLabs/gitoxide (gix)

v0.82.0: gix v0.82.0

Compare Source

Bug Fixes

  • Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees.
    It turns out there is no per-worktree excludes file either.

  • do not open .gitmodule files through symlinks
    This could lead to places outside of the repository that are attacker controller.

  • don't follow submodule names with relative paths in them
    This made it possible to trick submodule repos to be opened outside of the
    actual repository.

  • Restore Category::to_full_name() to be able to produce any full name.
    Previously it learned to reject certain invalid branch names, but this has to
    be done separately and led to some unpleasant changes in gix as well.

  • reject refs/heads/HEAD as branch name during repo initialisation
    Also document that refs/heads/HEAD is allowed if FullName was created
    directly.

  • Tree::peel_to_entry() peel to the final tree entry (and only if it's a tree)

  • deduplicate entry-finding logic
    The logic for finding entries is duplicated 3 times.

    Use std::ops::ControlFlow for simpler, callback-friendly code.

  • std::path::Component has infallible conversion to &[u8]
    Instead of relying on a fallible path and using a default value,
    we can convert directly between a Component and a &[u8].

Chore (BREAKING)
  • Upgrade prodash and crosstermion to the latest version.
    This will fix the cargo deny issue as it brings in a newer lru crate.
New Features (BREAKING)
  • enforce the specification of alloc_init_bytes to handle untrusted input
    This breaking change is intended to force a decision about how
    much memory allocation an untrusted party can command by tempering
    with binary file formats.
  • Use imara-diff-v2 with git sliders processing
    The slider post-processing imrpoves the diff quality for about 8% slower diffs.
    Line-counts, however, will be 50% faster to compute.
Other
  • remove confusing map()
New Features
  • automatically limit allocation size on untrusted repositories.
    This can be controlled via gitoxide.objects.allocLimitIfReducedTrust.
  • read GIX_ALLOC_BYTES and pass them to gix-odb for reading untrusted input
  • add sha256 to gix
Documentation
  • add crate-root doctests
Commit Statistics
  • 50 commits contributed to the release over the course of 32 calendar days.
  • 32 days passed between releases.
  • 14 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages
Commit Details
view details
  • Uncategorized
    • Update changelogs prior to release (f9fbcba)
    • Merge pull request #​2530 from GitoxideLabs/advisories (63b8419)
    • Add fuzz tests for 10 more crates, and related fixes (0396152)
    • Do not open .gitmodule files through symlinks (52485a9)
    • Don't follow submodule names with relative paths in them (d2e193f)
    • Automatically limit allocation size on untrusted repositories. (95b0399)
    • Enforce the specification of alloc_init_bytes to handle untrusted input (91d0c26)
    • More alloc_limit tests to validate limit for loose objects as well. (9473d32)
    • Pass alloc_limit_bytes to gix-index (054494f)
    • Read GIX_ALLOC_BYTES and pass them to gix-odb for reading untrusted input (acffd6b)
    • Add reproductions for all known advisories (392336f)
    • Merge pull request #​2497 from cruessler/pass-hash-len-to-tree-ref-iter (7d50c30)
    • Review (d9b358b)
    • Adapt to changes in gix-object (6df1d55)
    • Merge pull request #​2523 from GitoxideLabs/improvements (6f47e98)
    • Adapt to changes in gix-traverse (a1bd845)
    • Merge pull request #​2513 from GitoxideLabs/v2-diff (2a5db88)
    • Thanks clippy (e4f380e)
    • Use imara-diff-v2 with git sliders processing (8094f5d)
    • Merge pull request #​2518 from GitoxideLabs/improvements (444a92b)
    • Make package.include patterns more specific so they don't match ignored files (c2c917f)
    • Merge pull request #​2507 from GitoxideLabs/improvements (e51c40b)
    • Restore Category::to_full_name() to be able to produce any full name. (5b229c6)
    • Merge pull request #​2505 from GitoxideLabs/improvements (420c5df)
    • Address auto-review (6a5a0ec)
    • Reject refs/heads/HEAD as branch name during repo initialisation (1adc44c)
    • Merge pull request #​2492 from datdenkikniet/peel_to_entry (a298901)
    • Refactor (3542230)
    • Remove confusing map() (8a2b474)
    • Merge pull request #​2494 from GitoxideLabs/improvements (50fb46f)
    • Adapt to changes in gix-config. (344218a)
    • Merge pull request #​2493 from GitoxideLabs/improvements (af1ad55)
    • Adapt to changes in gix-config (7bda16a)
    • Merge pull request #​2489 from GitoxideLabs/fix-entry-by-path (ec66ceb)
    • Address auto-review (6b45cfa)
    • Tree::peel_to_entry() peel to the final tree entry (and only if it's a tree) (7f77169)
    • Merge pull request #​2487 from GitoxideLabs/top-level-examples (29c275e)
    • Add crate-root doctests (b1102c2)
    • Merge pull request #​2459 from datdenkikniet/unify-traversal (de3f064)
    • Refactor (fc09ed2)
    • Deduplicate entry-finding logic (b37fef1)
    • Merge pull request #​2485 from GitoxideLabs/fintohaps/fix-ls-refs-prefixing (700ad9e)
    • Fail on missing explicit refs after exact ls-refs` (df41a64)
    • Merge pull request #​2448 from cruessler/add-sha-256-to-gix-refspec (9a78ae2)
    • Alter documentation of feature flags (3cf53e2)
    • Add sha256 to gix (dce21dd)
    • Merge pull request #​2480 from GitoxideLabs/report (98bae84)
    • Merge branch 'main' into report (7eb98cb)
    • Merge pull request #​2458 from datdenkikniet/direct-u8 (2ce6dde)
    • std::path::Component has infallible conversion to &[u8] (0e173d6)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge (squash) April 24, 2026 11:07
@github-actions github-actions Bot added the type: chore Routine tasks like conversions, reorganization, and maintenance work. label Apr 24, 2026
@renovate renovate Bot force-pushed the renovate/gix-0.x branch from 11a0c6b to 642f174 Compare April 24, 2026 11:20
@renovate renovate Bot merged commit 8bdf401 into main Apr 24, 2026
8 checks passed
@renovate renovate Bot deleted the renovate/gix-0.x branch April 24, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: chore Routine tasks like conversions, reorganization, and maintenance work.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants