Skip to content

Bump git2 from 0.20.0 to 0.21.0 in /wkfl#250

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/wkfl/git2-0.21.0
Open

Bump git2 from 0.20.0 to 0.21.0 in /wkfl#250
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/wkfl/git2-0.21.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown
Contributor

Bumps git2 from 0.20.0 to 0.21.0.

Changelog

Sourced from git2's changelog.

0.21.0 - TBD

0.20.4...main

Added

  • Added experimental SHA256 repository support behind the new unstable-sha256 Cargo feature, along with *_ext API variants that accept an ObjectFormat. #1206
  • Added opts::set_cache_max_size() and opts::get_cached_memory(). #1188
  • Added Repository::object_format() and a new ObjectFormat enum. #1204
  • Added Repository::set_config(). #1208
  • Added merge_file() along with MergeFileInput. #1210
  • Added Repository::refdb_compress() for packing loose refs. #1221
  • Added public Refdb type, along with Repository::refdb() and Repository::set_refdb(). Repository::refdb_compress() now delegates to Refdb::compress(). #1228
  • Added Revspec::into_objects(). #1230
  • Added BlameHunk::final_committer(), BlameHunk::orig_committer(), BlameHunk::summary(), and BlameHunk::summary_bytes(). #1231
  • Implemented Clone for Reference. #1233
  • Added Repository::author_from_env() and Repository::committer_from_env(). #1237
  • Added impl From<Utf8Error> for Error. #1239

Changed

  • ❗ The ssh, https, and cred Cargo features are no longer enabled by default. Previously default = ["ssh", "https"]; now default = []. Enable them explicitly if you rely on credential helpers or transport support. #1168
  • CredentialHelper and the url dependency are now gated behind the new cred Cargo feature. Enabling ssh or https transitively enables cred. #1168
  • ❗ Updated to the 2021 edition. #1173
  • ❗ Many string accessors that previously returned Option<&str> now return Result<&str, Error> or Result<Option<&str>, Error>, so callers can distinguish a missing value from a non-UTF-8 one. #1241
  • BlameHunk::final_signature, BlameHunk::final_committer, BlameHunk::orig_signature, and BlameHunk::orig_committer now return Option to avoid segfaults when signature information is missing. #1254
  • Bumped requirement to libgit2-sys 0.18.4, which updates libgit2 to 1.9.3.

... (truncated)

Commits
  • dffaf27 Merge pull request #1256 from weihanglo/changelog
  • 84b9c76 docs: changelog for git2@0.21
  • 8c6dc4a Merge pull request #1206 from weihanglo/sha256-git2
  • 7bd145e fix: import ObjectFormat in one place
  • fc8af6a test(oid): split _ext to test each format separately
  • b9bde87 test: oid length sanity check
  • 57a68e0 feat(oid): impl Display for ObjectFormat
  • 7acee09 chore(ci): test git2 sha256 support
  • bdf5b7b fix: init example with --object-format option
  • 9fb4e6a refactor(util): drop unsafe from zeroed_raw_oid
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels May 18, 2026
@socket-security

socket-security Bot commented May 18, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgit2@​0.20.0 ⏵ 0.21.078 -4100 +195100100

View full report

Bumps [git2](https://github.com/rust-lang/git2-rs) from 0.20.0 to 0.21.0.
- [Changelog](https://github.com/rust-lang/git2-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/git2-rs@git2-0.20.0...git2-0.21.0)

---
updated-dependencies:
- dependency-name: git2
  dependency-version: 0.21.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/cargo/wkfl/git2-0.21.0 branch from 9ee1c47 to 649af14 Compare May 18, 2026 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants