Radish alpha
h
heartwood
rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5
Radicle Heartwood Protocol & Stack
Radicle
Git
Patches 93c85f29
gix: CVE-2025-31130
Merged fintohaps opened 6 months ago

Update the gix family of crates to avoid the vulnerability reported in CVE-2025-31130.

Since gix-hash is used in two places, its version definition was moved to the top-level Cargo.toml. cargo warned that default-features not being defined in the top-level could result in a future error, so that was carried along with it. This did not affect the build of radicle-fetch.

Activity Changes +240 -149
4 files changed +240 -149 0b342485 b7a7f55e
modified Cargo.lock
@@ -340,9 +340,9 @@ checksum = "3eeab4423108c5d7c744f4d234de88d18d636100093ae04caf4825134b9c3a32"


[[package]]

name = "bstr"
- 
version = "1.9.1"
+ 
version = "1.12.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "05efc5cfd9110c8416e471df0e96702d58690178e206e61b7173706673c93706"
+ 
checksum = "234113d19d0d7d613b40e86fb654acf958910802bcceab913a4f9e7cda03b1a4"

dependencies = [

 "memchr",

 "regex-automata 0.4.9",
@@ -486,7 +486,7 @@ dependencies = [
 "heck",

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -556,9 +556,9 @@ dependencies = [


[[package]]

name = "crc32fast"
- 
version = "1.4.0"
+ 
version = "1.5.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "b3855a8a784b474f333699ef2bbca9db2c4a1f6d9088a90a2d25b1eb53111eaa"
+ 
checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"

dependencies = [

 "cfg-if",

]
@@ -763,7 +763,7 @@ dependencies = [
 "convert_case",

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -792,7 +792,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -977,18 +977,19 @@ checksum = "3afcf4effa2c44390b9912544582d5af29e10dc4c816c5dbebf748e1c7416faa"


[[package]]

name = "faster-hex"
- 
version = "0.9.0"
+ 
version = "0.10.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183"
+ 
checksum = "7223ae2d2f179b803433d9c830478527e92b8117eab39460edae7f1614d9fb73"

dependencies = [
+ 
 "heapless",

 "serde",

]



[[package]]

name = "fastrand"
- 
version = "2.1.0"
+ 
version = "2.3.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a"
+ 
checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"



[[package]]

name = "ff"
@@ -1008,7 +1009,7 @@ checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd"
dependencies = [

 "cfg-if",

 "libc",
- 
 "redox_syscall",
+ 
 "redox_syscall 0.4.1",

 "windows-sys 0.52.0",

]
@@ -1019,6 +1020,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece"

dependencies = [

 "crc32fast",
+ 
 "libz-rs-sys",

 "miniz_oxide",

]
@@ -1141,7 +1143,7 @@ dependencies = [
 "git-ref-format-core",

 "proc-macro-error2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -1159,9 +1161,9 @@ dependencies = [


[[package]]

name = "gix-actor"
- 
version = "0.33.2"
+ 
version = "0.35.4"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "20018a1a6332e065f1fcc8305c1c932c6b8c9985edea2284b3c79dc6fa3ee4b2"
+ 
checksum = "2d36dcf9efe32b51b12dfa33cedff8414926124e760a32f9e7a6b5580d280967"

dependencies = [

 "bstr",

 "gix-date",
@@ -1182,25 +1184,25 @@ dependencies = [


[[package]]

name = "gix-command"
- 
version = "0.4.1"
+ 
version = "0.6.2"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "cb410b84d6575db45e62025a9118bdbf4d4b099ce7575a76161e898d9ca98df1"
+ 
checksum = "6b31b65ca48a352ae86312b27a514a0c661935f96b481ac8b4371f65815eb196"

dependencies = [

 "bstr",

 "gix-path",
+ 
 "gix-quote",

 "gix-trace",

 "shell-words",

]



[[package]]

name = "gix-commitgraph"
- 
version = "0.25.1"
+ 
version = "0.29.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "a8da6591a7868fb2b6dabddea6b09988b0b05e0213f938dbaa11a03dd7a48d85"
+ 
checksum = "6bb23121e952f43a5b07e3e80890336cb847297467a410475036242732980d06"

dependencies = [

 "bstr",

 "gix-chunk",
- 
 "gix-features",

 "gix-hash",

 "memmap2",

 "thiserror 2.0.12",
@@ -1208,9 +1210,9 @@ dependencies = [


[[package]]

name = "gix-config-value"
- 
version = "0.14.12"
+ 
version = "0.15.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "8dc2c844c4cf141884678cabef736fd91dd73068b9146e6f004ba1a0457944b6"
+ 
checksum = "9f012703eb67e263c6c1fc96649fec47694dd3e5d2a91abfc65e4a6a6dc85309"

dependencies = [

 "bitflags 2.9.1",

 "bstr",
@@ -1221,13 +1223,14 @@ dependencies = [


[[package]]

name = "gix-credentials"
- 
version = "0.26.0"
+ 
version = "0.30.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "82a50c56b785c29a151ab4ccf74a83fe4e21d2feda0d30549504b4baed353e0a"
+ 
checksum = "0039dd3ac606dd80b16353a41b61fc237ca5cb8b612f67a9f880adfad4be4e05"

dependencies = [

 "bstr",

 "gix-command",

 "gix-config-value",
+ 
 "gix-date",

 "gix-path",

 "gix-prompt",

 "gix-sec",
@@ -1238,21 +1241,22 @@ dependencies = [


[[package]]

name = "gix-date"
- 
version = "0.9.4"
+ 
version = "0.10.5"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "daa30058ec7d3511fbc229e4f9e696a35abd07ec5b82e635eff864a2726217e4"
+ 
checksum = "996b6b90bafb287330af92b274c3e64309dc78359221d8612d11cd10c8b9fe1c"

dependencies = [

 "bstr",

 "itoa",

 "jiff",
+ 
 "smallvec",

 "thiserror 2.0.12",

]



[[package]]

name = "gix-diff"
- 
version = "0.49.0"
+ 
version = "0.53.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "a8e92566eccbca205a0a0f96ffb0327c061e85bc5c95abbcddfe177498aa04f6"
+ 
checksum = "de854852010d44a317f30c92d67a983e691c9478c8a3fb4117c1f48626bcdea8"

dependencies = [

 "bstr",

 "gix-hash",
@@ -1262,59 +1266,63 @@ dependencies = [


[[package]]

name = "gix-features"
- 
version = "0.39.1"
+ 
version = "0.43.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "7d85d673f2e022a340dba4713bed77ef2cf4cd737d2f3e0f159d45e0935fd81f"
+ 
checksum = "cd1543cd9b8abcbcebaa1a666a5c168ee2cda4dea50d3961ee0e6d1c42f81e5b"

dependencies = [

 "crc32fast",

 "flate2",
- 
 "gix-hash",
+ 
 "gix-path",

 "gix-trace",

 "gix-utils",

 "libc",

 "prodash",
- 
 "sha1_smol",

 "thiserror 2.0.12",

 "walkdir",

]



[[package]]

name = "gix-fs"
- 
version = "0.12.1"
+ 
version = "0.16.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "3b3d4fac505a621f97e5ce2c69fdc425742af00c0920363ca4074f0eb48b1db9"
+ 
checksum = "9a4d90307d064fa7230e0f87b03231be28f8ba63b913fc15346f489519d0c304"

dependencies = [
+ 
 "bstr",

 "fastrand",

 "gix-features",
+ 
 "gix-path",

 "gix-utils",
+ 
 "thiserror 2.0.12",

]



[[package]]

name = "gix-hash"
- 
version = "0.15.1"
+ 
version = "0.19.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "0b5eccc17194ed0e67d49285e4853307e4147e95407f91c1c3e4a13ba9f4e4ce"
+ 
checksum = "251fad79796a731a2a7664d9ea95ee29a9e99474de2769e152238d4fdb69d50e"

dependencies = [

 "faster-hex",
+ 
 "gix-features",
+ 
 "sha1-checked",

 "thiserror 2.0.12",

]



[[package]]

name = "gix-hashtable"
- 
version = "0.6.0"
+ 
version = "0.9.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "0ef65b256631078ef733bc5530c4e6b1c2e7d5c2830b75d4e9034ab3997d18fe"
+ 
checksum = "c35300b54896153e55d53f4180460931ccd69b7e8d2f6b9d6401122cdedc4f07"

dependencies = [

 "gix-hash",
- 
 "hashbrown",
+ 
 "hashbrown 0.15.5",

 "parking_lot",

]



[[package]]

name = "gix-lock"
- 
version = "15.0.1"
+ 
version = "18.0.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "1cd3ab68a452db63d9f3ebdacb10f30dba1fa0d31ac64f4203d395ed1102d940"
+ 
checksum = "b9fa71da90365668a621e184eb5b979904471af1b3b09b943a84bc50e8ad42ed"

dependencies = [

 "gix-tempfile",

 "gix-utils",
@@ -1323,9 +1331,9 @@ dependencies = [


[[package]]

name = "gix-negotiate"
- 
version = "0.17.0"
+ 
version = "0.21.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "d27f830a16405386e9c83b9d5be8261fe32bbd6b3caf15bd1b284c6b2b7ef1a8"
+ 
checksum = "1d58d4c9118885233be971e0d7a589f5cfb1a8bd6cb6e2ecfb0fc6b1b293c83b"

dependencies = [

 "bitflags 2.9.1",

 "gix-commitgraph",
@@ -1339,9 +1347,9 @@ dependencies = [


[[package]]

name = "gix-object"
- 
version = "0.46.1"
+ 
version = "0.50.2"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "e42d58010183ef033f31088479b4eb92b44fe341b35b62d39eb8b185573d77ea"
+ 
checksum = "d69ce108ab67b65fbd4fb7e1331502429d78baeb2eee10008bdef55765397c07"

dependencies = [

 "bstr",

 "gix-actor",
@@ -1360,9 +1368,9 @@ dependencies = [


[[package]]

name = "gix-odb"
- 
version = "0.66.0"
+ 
version = "0.70.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "cb780eceb3372ee204469478de02eaa34f6ba98247df0186337e0333de97d0ae"
+ 
checksum = "9c9d7af10fda9df0bb4f7f9bd507963560b3c66cb15a5b825caf752e0eb109ac"

dependencies = [

 "arc-swap",

 "gix-date",
@@ -1381,9 +1389,9 @@ dependencies = [


[[package]]

name = "gix-pack"
- 
version = "0.56.0"
+ 
version = "0.60.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "4158928929be29cae7ab97afc8e820a932071a7f39d8ba388eed2380c12c566c"
+ 
checksum = "d8571df89bfca5abb49c3e3372393f7af7e6f8b8dbe2b96303593cef5b263019"

dependencies = [

 "gix-chunk",

 "gix-diff",
@@ -1402,9 +1410,9 @@ dependencies = [


[[package]]

name = "gix-packetline"
- 
version = "0.18.4"
+ 
version = "0.19.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "123844a70cf4d5352441dc06bab0da8aef61be94ec239cb631e0ba01dc6d3a04"
+ 
checksum = "2592fbd36249a2fea11056f7055cc376301ef38d903d157de41998335bbf1f93"

dependencies = [

 "bstr",

 "faster-hex",
@@ -1414,12 +1422,13 @@ dependencies = [


[[package]]

name = "gix-path"
- 
version = "0.10.15"
+ 
version = "0.10.20"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "f910668e2f6b2a55ff35a1f04df88a1a049f7b868507f4cbeeaa220eaba7be87"
+ 
checksum = "06d37034a4c67bbdda76f7bcd037b2f7bc0fba0c09a6662b19697a5716e7b2fd"

dependencies = [

 "bstr",

 "gix-trace",
+ 
 "gix-validate",

 "home",

 "once_cell",

 "thiserror 2.0.12",
@@ -1427,22 +1436,22 @@ dependencies = [


[[package]]

name = "gix-prompt"
- 
version = "0.9.1"
+ 
version = "0.11.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "79f2185958e1512b989a007509df8d61dca014aa759a22bee80cfa6c594c3b6d"
+ 
checksum = "6ffa1a7a34c81710aaa666a428c142b6c5d640492fcd41267db0740d923c7906"

dependencies = [

 "gix-command",

 "gix-config-value",

 "parking_lot",
- 
 "rustix 0.38.34",
+ 
 "rustix 1.0.7",

 "thiserror 2.0.12",

]



[[package]]

name = "gix-protocol"
- 
version = "0.47.0"
+ 
version = "0.51.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "c84642e8b6fed7035ce9cc449593019c55b0ec1af7a5dce1ab8a0636eaaeb067"
+ 
checksum = "12b4b807c47ffcf7c1e5b8119585368a56449f3493da93b931e1d4239364e922"

dependencies = [

 "bstr",

 "gix-credentials",
@@ -1466,9 +1475,9 @@ dependencies = [


[[package]]

name = "gix-quote"
- 
version = "0.4.15"
+ 
version = "0.6.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "e49357fccdb0c85c0d3a3292a9f6db32d9b3535959b5471bb9624908f4a066c6"
+ 
checksum = "4a375a75b4d663e8bafe3bf4940a18a23755644c13582fa326e99f8f987d83fd"

dependencies = [

 "bstr",

 "gix-utils",
@@ -1477,9 +1486,9 @@ dependencies = [


[[package]]

name = "gix-ref"
- 
version = "0.49.1"
+ 
version = "0.53.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "a91b61776c839d0f1b7114901179afb0947aa7f4d30793ca1c56d335dfef485f"
+ 
checksum = "b966f578079a42f4a51413b17bce476544cca1cf605753466669082f94721758"

dependencies = [

 "gix-actor",

 "gix-features",
@@ -1498,9 +1507,9 @@ dependencies = [


[[package]]

name = "gix-refspec"
- 
version = "0.27.0"
+ 
version = "0.31.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "00c056bb747868c7eb0aeb352c9f9181ab8ca3d0a2550f16470803500c6c413d"
+ 
checksum = "7d29cae1ae31108826e7156a5e60bffacab405f4413f5bc0375e19772cce0055"

dependencies = [

 "bstr",

 "gix-hash",
@@ -1512,9 +1521,9 @@ dependencies = [


[[package]]

name = "gix-revision"
- 
version = "0.31.1"
+ 
version = "0.35.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "61e1ddc474405a68d2ce8485705dd72fe6ce959f2f5fe718601ead5da2c8f9e7"
+ 
checksum = "f651f2b1742f760bb8161d6743229206e962b73d9c33c41f4e4aefa6586cbd3d"

dependencies = [

 "bstr",

 "gix-commitgraph",
@@ -1527,9 +1536,9 @@ dependencies = [


[[package]]

name = "gix-revwalk"
- 
version = "0.17.0"
+ 
version = "0.21.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "510026fc32f456f8f067d8f37c34088b97a36b2229d88a6a5023ef179fcb109d"
+ 
checksum = "06e74f91709729e099af6721bd0fa7d62f243f2005085152301ca5cdd86ec02c"

dependencies = [

 "gix-commitgraph",

 "gix-date",
@@ -1542,21 +1551,21 @@ dependencies = [


[[package]]

name = "gix-sec"
- 
version = "0.10.12"
+ 
version = "0.12.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "47aeb0f13de9ef2f3033f5ff218de30f44db827ac9f1286f9ef050aacddd5888"
+ 
checksum = "09f7053ed7c66633b56c57bc6ed3377be3166eaf3dc2df9f1c5ec446df6fdf2c"

dependencies = [

 "bitflags 2.9.1",

 "gix-path",

 "libc",
- 
 "windows-sys 0.52.0",
+ 
 "windows-sys 0.59.0",

]



[[package]]

name = "gix-shallow"
- 
version = "0.1.0"
+ 
version = "0.5.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "88d2673242e87492cb6ff671f0c01f689061ca306c4020f137197f3abc84ce01"
+ 
checksum = "d936745103243ae4c510f19e0760ce73fb0f08096588fdbe0f0d7fb7ce8944b7"

dependencies = [

 "bstr",

 "gix-hash",
@@ -1566,9 +1575,9 @@ dependencies = [


[[package]]

name = "gix-tempfile"
- 
version = "15.0.0"
+ 
version = "18.0.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "2feb86ef094cc77a4a9a5afbfe5de626897351bbbd0de3cb9314baf3049adb82"
+ 
checksum = "666c0041bcdedf5fa05e9bef663c897debab24b7dc1741605742412d1d47da57"

dependencies = [

 "gix-fs",

 "libc",
@@ -1579,15 +1588,15 @@ dependencies = [


[[package]]

name = "gix-trace"
- 
version = "0.1.12"
+ 
version = "0.1.13"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "7c396a2036920c69695f760a65e7f2677267ccf483f25046977d87e4cb2665f7"
+ 
checksum = "e2ccaf54b0b1743a695b482ca0ab9d7603744d8d10b2e5d1a332fef337bee658"



[[package]]

name = "gix-transport"
- 
version = "0.44.0"
+ 
version = "0.48.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "dd04d91e507a8713cfa2318d5a85d75b36e53a40379cc7eb7634ce400ecacbaf"
+ 
checksum = "12f7cc0179fc89d53c54e1f9ce51229494864ab4bf136132d69db1b011741ca3"

dependencies = [

 "bstr",

 "gix-command",
@@ -1601,9 +1610,9 @@ dependencies = [


[[package]]

name = "gix-traverse"
- 
version = "0.43.1"
+ 
version = "0.47.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "6ed47d648619e23e93f971d2bba0d10c1100e54ef95d2981d609907a8cabac89"
+ 
checksum = "c7cdc82509d792ba0ad815f86f6b469c7afe10f94362e96c4494525a6601bdd5"

dependencies = [

 "bitflags 2.9.1",

 "gix-commitgraph",
@@ -1618,9 +1627,9 @@ dependencies = [


[[package]]

name = "gix-url"
- 
version = "0.28.2"
+ 
version = "0.32.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "d096fb733ba6bd3f5403dba8bd72bdd8809fe2b347b57844040b8f49c93492d9"
+ 
checksum = "1b76a9d266254ad287ffd44467cd88e7868799b08f4d52e02d942b93e514d16f"

dependencies = [

 "bstr",

 "gix-features",
@@ -1632,9 +1641,9 @@ dependencies = [


[[package]]

name = "gix-utils"
- 
version = "0.1.14"
+ 
version = "0.3.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "ff08f24e03ac8916c478c8419d7d3c33393da9bb41fa4c24455d5406aeefd35f"
+ 
checksum = "5351af2b172caf41a3728eb4455326d84e0d70fe26fc4de74ab0bd37df4191c5"

dependencies = [

 "fastrand",

 "unicode-normalization",
@@ -1642,9 +1651,9 @@ dependencies = [


[[package]]

name = "gix-validate"
- 
version = "0.9.4"
+ 
version = "0.10.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "34b5f1253109da6c79ed7cf6e1e38437080bb6d704c76af14c93e2f255234084"
+ 
checksum = "77b9e00cacde5b51388d28ed746c493b18a6add1f19b5e01d686b3b9ece66d4d"

dependencies = [

 "bstr",

 "thiserror 2.0.12",
@@ -1662,12 +1671,37 @@ dependencies = [
]



[[package]]
+ 
name = "hash32"
+ 
version = "0.3.1"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "47d60b12902ba28e2730cd37e95b8c9223af2808df9e902d4df49588d1470606"
+ 
dependencies = [
+ 
 "byteorder",
+ 
]
+
+ 
[[package]]

name = "hashbrown"

version = "0.14.3"

source = "registry+https://github.com/rust-lang/crates.io-index"

checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"



[[package]]
+ 
name = "hashbrown"
+ 
version = "0.15.5"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
+
+ 
[[package]]
+ 
name = "heapless"
+ 
version = "0.8.0"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "0bfb9eb618601c89945a70e254898da93b13be0388091d42117462b265bb3fad"
+ 
dependencies = [
+ 
 "hash32",
+ 
 "stable_deref_trait",
+ 
]
+
+ 
[[package]]

name = "heck"

version = "0.5.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1845,7 +1879,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -1876,7 +1910,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26"

dependencies = [

 "equivalent",
- 
 "hashbrown",
+ 
 "hashbrown 0.14.3",

 "serde",

]
@@ -1948,10 +1982,11 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"


[[package]]

name = "jiff"
- 
version = "0.2.1"
+ 
version = "0.2.15"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "3590fea8e9e22d449600c9bbd481a8163bef223e4ff938e5f55899f8cf1adb93"
+ 
checksum = "be1f93b8b1eb69c77f24bbb0afdf66f54b632ee39af40ca21c4365a1d7347e49"

dependencies = [
+ 
 "jiff-static",

 "jiff-tzdb-platform",

 "log",

 "portable-atomic",
@@ -1961,6 +1996,17 @@ dependencies = [
]



[[package]]
+ 
name = "jiff-static"
+ 
version = "0.2.15"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "03343451ff899767262ec32146f6d559dd759fdadf42ff0e227c7c48f72594b4"
+ 
dependencies = [
+ 
 "proc-macro2",
+ 
 "quote",
+ 
 "syn 2.0.106",
+ 
]
+
+ 
[[package]]

name = "jiff-tzdb"

version = "0.1.4"

source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2069,6 +2115,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058"



[[package]]
+ 
name = "libz-rs-sys"
+ 
version = "0.5.2"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "840db8cf39d9ec4dd794376f38acc40d0fc65eec2a8f484f7fd375b84602becd"
+ 
dependencies = [
+ 
 "zlib-rs",
+ 
]
+
+ 
[[package]]

name = "libz-sys"

version = "1.1.16"

source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2115,11 +2170,10 @@ dependencies = [


[[package]]

name = "lock_api"
- 
version = "0.4.11"
+ 
version = "0.4.14"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
+ 
checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"

dependencies = [
- 
 "autocfg",

 "scopeguard",

]
@@ -2150,7 +2204,7 @@ checksum = "5cf92c10c7e361d6b99666ec1c6f9805b0bea2c3bd8c78dc6fe98ac5bd78db11"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -2161,9 +2215,9 @@ checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"


[[package]]

name = "memmap2"
- 
version = "0.9.4"
+ 
version = "0.9.8"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "fe751422e4a8caa417e13c3ea66452215d7d63e19e604f4980461212f3ae1322"
+ 
checksum = "843a98750cd611cc2965a8213b53b43e715f13c37a9e096c6408e69990961db7"

dependencies = [

 "libc",

]
@@ -2445,9 +2499,9 @@ dependencies = [


[[package]]

name = "parking_lot"
- 
version = "0.12.3"
+ 
version = "0.12.5"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
+ 
checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"

dependencies = [

 "lock_api",

 "parking_lot_core",
@@ -2455,15 +2509,15 @@ dependencies = [


[[package]]

name = "parking_lot_core"
- 
version = "0.9.9"
+ 
version = "0.9.12"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
+ 
checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"

dependencies = [

 "cfg-if",

 "libc",
- 
 "redox_syscall",
+ 
 "redox_syscall 0.5.18",

 "smallvec",
- 
 "windows-targets 0.48.5",
+ 
 "windows-link",

]



[[package]]
@@ -2649,25 +2703,24 @@ dependencies = [
 "proc-macro-error-attr2",

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]

name = "proc-macro2"
- 
version = "1.0.92"
+ 
version = "1.0.101"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0"
+ 
checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"

dependencies = [

 "unicode-ident",

]



[[package]]

name = "prodash"
- 
version = "29.0.2"
+ 
version = "30.0.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "f04bb108f648884c23b98a0e940ebc2c93c0c3b89f04dbaf7eb8256ce617d1bc"
+ 
checksum = "5a6efc566849d3d9d737c5cb06cc50e48950ebe3d3f9d70631490fff3a07b139"

dependencies = [
- 
 "log",

 "parking_lot",

]
@@ -2702,9 +2755,9 @@ dependencies = [


[[package]]

name = "quote"
- 
version = "1.0.36"
+ 
version = "1.0.41"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
+ 
checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"

dependencies = [

 "proc-macro2",

]
@@ -3129,6 +3182,15 @@ dependencies = [
]



[[package]]
+ 
name = "redox_syscall"
+ 
version = "0.5.18"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
+ 
dependencies = [
+ 
 "bitflags 2.9.1",
+ 
]
+
+ 
[[package]]

name = "ref-cast"

version = "1.0.24"

source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3145,7 +3207,7 @@ checksum = "1165225c21bff1f3bbce98f5a1f889949bc902d3575308cc7b0de30b4f6d27c7"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3321,7 +3383,7 @@ dependencies = [
 "proc-macro2",

 "quote",

 "serde_derive_internals",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3395,7 +3457,7 @@ checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3406,7 +3468,7 @@ checksum = "18d26a20a969b9e3fdf2fc2d9f21eda6c40e2de84c9408bb5d3b05d499aae711"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3441,10 +3503,25 @@ dependencies = [
]



[[package]]
- 
name = "sha1_smol"
- 
version = "1.0.0"
+ 
name = "sha1"
+ 
version = "0.10.6"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+ 
dependencies = [
+ 
 "cfg-if",
+ 
 "cpufeatures",
+ 
 "digest",
+ 
]
+
+ 
[[package]]
+ 
name = "sha1-checked"
+ 
version = "0.10.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
+ 
checksum = "89f599ac0c323ebb1c6082821a54962b839832b03984598375bff3975b804423"
+ 
dependencies = [
+ 
 "digest",
+ 
 "sha1",
+ 
]



[[package]]

name = "sha2"
@@ -3573,9 +3650,9 @@ checksum = "7a2ae44ef20feb57a68b23d846850f861394c2e02dc425a50098ae8c90267589"


[[package]]

name = "smallvec"
- 
version = "1.13.2"
+ 
version = "1.15.1"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
+ 
checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"



[[package]]

name = "snapbox"
@@ -3842,9 +3919,9 @@ dependencies = [


[[package]]

name = "syn"
- 
version = "2.0.89"
+ 
version = "2.0.106"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "44d46482f1c1c87acd84dea20c1bf5ebff4c757009ed6bf19cfd36fb10e92c4e"
+ 
checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6"

dependencies = [

 "proc-macro2",

 "quote",
@@ -3865,7 +3942,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3891,14 +3968,15 @@ dependencies = [


[[package]]

name = "tempfile"
- 
version = "3.10.1"
+ 
version = "3.23.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1"
+ 
checksum = "2d31c77bdf42a745371d260a26ca7163f1e0924b64afa0b688e61b5a9fa02f16"

dependencies = [
- 
 "cfg-if",

 "fastrand",
- 
 "rustix 0.38.34",
- 
 "windows-sys 0.52.0",
+ 
 "getrandom 0.3.3",
+ 
 "once_cell",
+ 
 "rustix 1.0.7",
+ 
 "windows-sys 0.60.2",

]



[[package]]
@@ -3920,7 +3998,7 @@ checksum = "451b374529930d7601b1eef8d32bc79ae870b6079b069401709c2a8bf9e75f36"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3949,7 +4027,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -3960,7 +4038,7 @@ checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -4503,7 +4581,7 @@ dependencies = [
 "log",

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

 "wasm-bindgen-shared",

]
@@ -4525,7 +4603,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

 "wasm-bindgen-backend",

 "wasm-bindgen-shared",

]
@@ -4620,7 +4698,7 @@ checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -4631,10 +4709,16 @@ checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
+ 
name = "windows-link"
+ 
version = "0.2.1"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+ 
[[package]]

name = "windows-result"

version = "0.2.0"

source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -4876,9 +4960,9 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"


[[package]]

name = "winnow"
- 
version = "0.6.26"
+ 
version = "0.7.13"

source = "registry+https://github.com/rust-lang/crates.io-index"
- 
checksum = "1e90edd2ac1aa278a5c4599b1d89cf03074b610800f866d4026dc199d7929a28"
+ 
checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf"

dependencies = [

 "memchr",

]
@@ -4954,7 +5038,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

 "synstructure",

]
@@ -4975,7 +5059,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]



[[package]]
@@ -4995,7 +5079,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

 "synstructure",

]
@@ -5024,5 +5108,11 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
dependencies = [

 "proc-macro2",

 "quote",
- 
 "syn 2.0.89",
+ 
 "syn 2.0.106",

]
+
+ 
[[package]]
+ 
name = "zlib-rs"
+ 
version = "0.5.2"
+ 
source = "registry+https://github.com/rust-lang/crates.io-index"
+ 
checksum = "2f06ae92f42f5e5c42443fd094f245eb656abf56dd7cce9b8b263236565e00f2"
modified Cargo.toml
@@ -29,6 +29,7 @@ cyphernet = "0.5.2"
dunce = "1.0.5"

fastrand = { version = "2.0.0", default-features = false }

git2 = { version = "0.19.0", default-features = false, features = ["vendored-libgit2"] }
+ 
gix-hash = { version = "0.19.0", default-features = false }

human-panic = "2"

itertools = "0.14"

lexopt = "0.3.0"
modified crates/radicle-fetch/Cargo.toml
@@ -11,12 +11,12 @@ rust-version.workspace = true
[dependencies]

bstr = { workspace = true }

either = "1.9.0"
- 
gix-features = { version = "0.39.1", features = ["progress"] }
- 
gix-hash = "0.15.1"
- 
gix-odb = "0.66.0"
- 
gix-pack = "0.56.0"
- 
gix-protocol = { version = "0.47.0", features = ["blocking-client"] }
- 
gix-transport = { version = "0.44.0", features = ["blocking-client"] }
+ 
gix-features = { version = "0.43.1", features = ["progress"] }
+ 
gix-hash = { workspace = true }
+ 
gix-odb = "0.70.0"
+ 
gix-pack = "0.60.0"
+ 
gix-protocol = { version = "0.51.0", features = ["blocking-client"] }
+ 
gix-transport = { version = "0.48.0", features = ["blocking-client"] }

log = { workspace = true, features = ["std"] }

nonempty = { workspace = true }

radicle = { workspace = true }
modified crates/radicle-oid/Cargo.toml
@@ -18,7 +18,7 @@ sha1 = []


[dependencies]

git2 = { workspace = true, optional = true, default-features = false }
- 
gix-hash = { version = "0.15.1", optional = true, default-features = false }
+ 
gix-hash = { workspace = true, optional = true }

qcheck = { workspace = true, optional = true, default-features = false }

radicle-git-ref-format = { workspace = true, optional = true, default-features = false }

schemars = { workspace = true, optional = true, default-features = false }
@@ -26,6 +26,6 @@ serde = { workspace = true, optional = true, default-features = false }


[dev-dependencies]

git2 = { workspace = true }
- 
gix-hash = { version = "0.15.1" }
+ 
gix-hash = { workspace = true }

qcheck = { workspace = true }

qcheck-macros = { workspace = true }
 

\ No newline at end of file