Skip to content

Update gix to 0.82 (with security fixes and hardened parsers)#16941

Merged
weihanglo merged 1 commit intorust-lang:masterfrom
Byron:update-gix
Apr 25, 2026
Merged

Update gix to 0.82 (with security fixes and hardened parsers)#16941
weihanglo merged 1 commit intorust-lang:masterfrom
Byron:update-gix

Conversation

@Byron
Copy link
Copy Markdown
Member

@Byron Byron commented Apr 25, 2026
edited
Loading

This seems to have been an eventless update locally.

Tasks

  • pass CI

@Byron Byron marked this pull request as ready for review April 25, 2026 03:03
@rustbot rustbot added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 25, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 25, 2026

r? @weihanglo

rustbot has assigned @weihanglo.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @ehuss, @epage, @weihanglo
  • @ehuss, @epage, @weihanglo expanded to ehuss, epage, weihanglo
  • Random selection from ehuss, epage, weihanglo

weihanglo
weihanglo approved these changes Apr 25, 2026
View reviewed changes
Comment thread Cargo.toml
Copy link
Copy Markdown
Member

@weihanglo weihanglo Apr 25, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Do we have any changelog that I can follow?

View changes since the review

Copy link
Copy Markdown
Member Author

@Byron Byron Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's difficult for the lack of one global changelog.

There is one per crate effectively, and this would be a way to surface all of them.

GitoxideLabs/gitoxide@gix-v0.81.0...gix-v0.82.0

Short version of this release is hardening and security fixes. The respective advisories are still something I have to publish.

Copy link
Copy Markdown
Member Author

@Byron Byron Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And I realize that the main gix release (v0.82) is quite usable for an overview:

https://github.com/GitoxideLabs/gitoxide/releases/tag/gix-v0.82.0

Now with a list of advisories.

Copy link
Copy Markdown
Member

@weihanglo weihanglo Apr 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I saw the info/exclude as was wonder if there is anything related to cargo package. Turns out that we dont even have test around this (and hope people dont publish under worktrees).

I'll need to look closer to those advisories over the weekend. Seems like some related to stable features Cargo relies on, like file traversing/listing?

Regardless, thank you for fixing all of them!!

@weihanglo weihanglo added this pull request to the merge queue Apr 25, 2026
Merged via the queue into rust-lang:master with commit 3c4678d Apr 25, 2026
31 checks passed
@rustbot rustbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 25, 2026
@epage
Copy link
Copy Markdown
Contributor

epage commented Apr 25, 2026

Is the underlying problem in the previous version fixed and the processes that led to it?

@Byron
Copy link
Copy Markdown
Member Author

Byron commented Apr 26, 2026

Is the underlying problem in the previous version fixed and the processes that led to it?

I think that very much boils down to whether or not you think AI is a solution or a problem. Because that's the new tool I use to be better than I otherwise could be. It's not trivial to wield, but I think I am getting the hang of it, with my entire workflow and tooling adjusted to support line-by-line reviews and refactors.
No matter what the answer is, there will always be oversights, nothing is perfect.

@weihanglo weihanglo mentioned this pull request May 2, 2026
Merged
rust-bors Bot pushed a commit to rust-lang/rust that referenced this pull request May 2, 2026
@bors
Auto merge of #156069 - weihanglo:update-cargo, r=weihanglo
8275de8 
Update cargo submodule

10 commits in eb9b60f1f6604b5e022c56be31692c215b8ba11d..4f9b52075316e9ced380c8fa492858048d5758b6
2026-04-24 20:52:07 +0000 to 2026-05-01 22:36:41 +0000
- chore(deps): update compatible (rust-lang/cargo#16952)
- feat(lints): Add deny-by-default text_direction_codepoint lints (rust-lang/cargo#16950)
- chore(deps): update embarkstudios/cargo-deny-action action to v2.0.17 (rust-lang/cargo#16953)
- docs(guide): Switch from third-party to first-party unused deps detection (rust-lang/cargo#16946)
- Remove curl dependency from crates-io crate (rust-lang/cargo#16936)
- chore(deps): update gix to 0.83 (rust-lang/cargo#16945)
- fix(compile): Where possible, hint about misplaced deps  (rust-lang/cargo#16940)
- Remove `windows-sys` from `home` (rust-lang/cargo#16918)
- docs(resolver): `--precise <yanked>` is on stable (rust-lang/cargo#16944)
- Update `gix` to 0.82 (with security fixes and hardened parsers) (rust-lang/cargo#16941)
@rustbot rustbot added this to the 1.97.0 milestone May 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@weihanglo weihanglo weihanglo approved these changes

Assignees

@weihanglo weihanglo

Labels

None yet

Projects

None yet

Milestone

1.97.0

Development

Successfully merging this pull request may close these issues.

4 participants

@Byron @rustbot @epage @weihanglo