Update gix-* crates — heartwood

rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5

Radicle Heartwood Protocol & Stack

Update gix-* crates

Merged fintohaps opened 2 months ago

Fixes CVE-2026-0810.

The gix crates require updating due to the security vulnerability above. They require updating together in lock-step so both radicle-fetch and radicle-oid are affected.

radicle-oid handles the non-exhaustive nature of ObjectId.

radicle-fetch updates to the new API types, however, this comes with some updates to the ls_refs protocol.

A regression is documented in gitoxide issue 2429. The regression highlighted that it is the duty of the caller to also filter the outcome of ls-refs, and ref-prefix is simply an optimisation.

The ls-refs code is refactored to better represent and handle this operation.

Activity Changes +0 -0

fintohaps opened with revision a2f8d976 on base 980ed561 +500 -278 2 months ago

Fixes CVE-2026-0810.

The gix crates require updating due to the security vulnerability above. They require updating together in lock-step so both radicle-fetch and radicle-oid are affected.

radicle-oid handles the non-exhaustive nature of ObjectId.

radicle-fetch updates to the new API types, however, this comes with some updates to the ls_refs protocol.

A regression is documented in gitoxide issue 2429. The regression highlighted that it is the duty of the caller to also filter the outcome of ls-refs, and ref-prefix is simply an optimisation.

The ls-refs code is refactored to better represent and handle this operation.

lorenz pushed revision 2 6118de36 on base 980ed561 +620226 -123823 2 months ago

Review (contains merge conflicts).

fintohaps pushed revision 3 413dee7c on base 980ed561 +501 -278 2 months ago

Accept review changes

lorenz merged revision 413dee7c at 84320919 2 months ago