Skip to content

chore(deps): bump the cargo group across 1 directory with 2 updates#44

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rhodium-standard-repositories/satellites/rsr-certifier/cargo-ccfdffaaf3
Open

chore(deps): bump the cargo group across 1 directory with 2 updates#44
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/rhodium-standard-repositories/satellites/rsr-certifier/cargo-ccfdffaaf3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps the cargo group with 1 update in the /rhodium-standard-repositories/satellites/rsr-certifier directory: gix.

Updates gix from 0.77.0 to 0.83.0

Release notes

Sourced from gix's releases.

gix v0.83.0

Bug Fixes

  • Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees. It turns out there is no per-worktree excludes file either.

Chore (BREAKING)

  • Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

Bug Fixes (BREAKING)

  • remove winnow and replace it with hand-implemented parsers everywhere. This will allow for simplified maintenance and editing (both human and machine) down the road, and enable additional performance optimisations.

    Parser compbinators to me ultimately were a failed experiment as I couldn't maintain them anyway, with it being too difficult for me to grasp and express everything in its very own kind of language, with a lot of different things to consider.

    Note that this also removes detailed errors from all parsers that previously used winnow, with the option to re-add those if there is demand.

Commit Statistics

  • 5 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Adapt to changes in gix-object (91bfab0)
    • Remove winnow and replace it with hand-implemented parsers everywhere. (91c854e)
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)
    • Merge pull request #2529 from GitoxideLabs/reflog-newline-handling (2c3a08e)
    • Adapt to changes in gix-error (2e2a126)

gix v0.82.0 - hardened

Advisories with fixes

... (truncated)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates gix-transport from 0.52.1 to 0.57.0

Release notes

Sourced from gix-transport's releases.

gix-transport v0.57.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-transport v0.56.0

Bug Fixes

  • reject cross-authority redirects before reusing auth Tighten smart-HTTP redirect handling so credentials are not carried across redirects that change authority.

    • treat redirects as valid only when scheme, host, and effective port stay the same
    • reject redirects to a different host or port when deriving the redirected base URL
    • apply the same authority check in the reqwest redirect policy
    • keep the advisory reproducer backend-neutral so the redirected POST assertion holds for both curl and reqwest

    This fixes the credential-leak vector covered by GHSA-9857-6mw7-fq2m, where Basic auth from the original remote could be forwarded to a redirected endpoint.

Commit Statistics

  • 10 commits contributed to the release over the course of 32 calendar days.
  • 32 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelogs prior to release (f9fbcba)
    • Merge pull request #2530 from GitoxideLabs/advisories (63b8419)
    • Address auto-review (7429b15)
    • Add corpus-builder scripts when corpus files are available; auto-run artifacts in test suite (e64e3b8)
    • Add fuzz tests for 10 more crates, and related fixes (0396152)

... (truncated)

Changelog

Sourced from gix-transport's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.53.0 (2026-04-28)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the cargo group across 1 directory with 2 updates
961f573 
Bumps the cargo group with 1 update in the /rhodium-standard-repositories/satellites/rsr-certifier directory: [gix](https://github.com/GitoxideLabs/gitoxide).


Updates `gix` from 0.77.0 to 0.83.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-v0.77.0...gix-v0.83.0)

Updates `gix-transport` from 0.52.1 to 0.57.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-transport-v0.52.1...gix-transport-v0.57.0)

---
updated-dependencies:
- dependency-name: gix
  dependency-version: 0.83.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: gix-transport
  dependency-version: 0.57.0
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 6, 2026
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 6, 2026

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants