Merge pull request #51 from danielparks/security-libgit2

Security: update git2 to non-vulnerable version
danielparks · Feb 12, 2024 · 817b405 · 817b405
2 parents b062870 + 59c294d
commit 817b405
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 
 ## main branch
 
+### Security fixes
+
+* Upgrade [git2] dependency to 0.18.2 to fix [security vulnerabilities in
+  libgit2][GHSA-22q8-ghmq-63vf], including in revision parsing. These do not
+  appear to affect git-status-vars.
+
+[git2]: https://crates.io/crates/git2
+[GHSA-22q8-ghmq-63vf]: https://github.com/advisories/GHSA-22q8-ghmq-63vf
+
 ### API breaking changes
 
 * Switched `Reference::new()` and friends to accept types that implement

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,7 +15,7 @@ rust-version = "1.64"
 
 [dependencies]
 clap = { version = "4.0.16", features = ["derive"] }
-git2 = { version = "0.17.0", default-features = false }
+git2 = { version = "0.18.2", default-features = false }
 shell-words = "1.1.0"
 
 [dev-dependencies]