Skip to content

chore(deps): bump the cargo group across 6 directories with 6 updates#23

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/cargo-45fa60c637
Open

chore(deps): bump the cargo group across 6 directories with 6 updates#23
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/cargo-45fa60c637

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the cargo group with 2 updates in the / directory: gix and openssl.
Bumps the cargo group with 1 update in the /fuzz directory: openssl.
Bumps the cargo group with 1 update in the /git-morph directory: gix.
Bumps the cargo group with 1 update in the /rpa-elysium directory: wasmtime.
Bumps the cargo group with 2 updates in the /tools/rsr-certified directory: gix and openssl.
Bumps the cargo group with 1 update in the /tui directory: openssl.

Updates gix from 0.78.0 to 0.83.0

Release notes

Sourced from gix's releases.

gix v0.83.0

Bug Fixes

  • Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees. It turns out there is no per-worktree excludes file either.

Chore (BREAKING)

  • Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

Bug Fixes (BREAKING)

  • remove winnow and replace it with hand-implemented parsers everywhere. This will allow for simplified maintenance and editing (both human and machine) down the road, and enable additional performance optimisations.

    Parser compbinators to me ultimately were a failed experiment as I couldn't maintain them anyway, with it being too difficult for me to grasp and express everything in its very own kind of language, with a lot of different things to consider.

    Note that this also removes detailed errors from all parsers that previously used winnow, with the option to re-add those if there is demand.

Commit Statistics

  • 5 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Adapt to changes in gix-object (91bfab0)
    • Remove winnow and replace it with hand-implemented parsers everywhere. (91c854e)
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)
    • Merge pull request #2529 from GitoxideLabs/reflog-newline-handling (2c3a08e)
    • Adapt to changes in gix-error (2e2a126)

gix v0.82.0 - hardened

Advisories with fixes

... (truncated)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates gix-fs from 0.19.1 to 0.21.1

Release notes

Sourced from gix-fs's releases.

gix-fs v0.21.1

A security fix for GHSA-f89h-2fjh-2r9q, which could allow attackers to trick gix clone into writing outside of the repository.

Commit Statistics

  • 3 commits contributed to the release over the course of 2 calendar days.
  • 2 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelog of gix-fs prior to release (e26d378)
    • Revalidate cached stack leaves before directory reuse (93d0ff6)
    • Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

gix-fs v0.21.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-fsck v0.21.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

... (truncated)

Changelog

Sourced from gix-fs's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.53.0 (2026-04-28)

0.52.1 (2026-04-24)

New Features

  • add gix free trust to easily check the assigned trust level of any given path This is particularly useful on Windows, which makes it easy to probe existing paths with ownership that might be complex to reproduce otherwise.

Commit Statistics

  • 6 commits contributed to the release over the course of 27 calendar days.
  • 32 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

  • Uncategorized
    • Merge pull request #2510 from GitoxideLabs/folder-identity-on-windows (a96587c)
    • Add gix free trust to easily check the assigned trust level of any given path (ab2016f)
    • Merge pull request #2513 from GitoxideLabs/v2-diff (2a5db88)
    • Thanks clippy (e4f380e)
    • Merge pull request #2494 from GitoxideLabs/improvements (50fb46f)
    • Adapt to changes in gix-config. (344218a)

0.52.0 (2026-03-22)

0.51.0 (2026-02-22)

... (truncated)

Commits
  • d3e4c17 Release gix-fs v0.21.1
  • e26d378 update changelog of gix-fs prior to release
  • 1d9bae2 address auto-review
  • 2facc6f Add a plan that consolidates all performance TODOs
  • f3cc6b9 document vulnerability of State::from_tree()
  • 05f36c4 Add `State::from_tree()`` benchmark coverage
  • 93d0ff6 Revalidate cached stack leaves before directory reuse
  • c2ae6cd Add clone reproducer for symlink prefix reuse checkout escape
  • 23af41a Merge pull request #2543 from cruessler/run-gix-worktree-stream-tests-with-sh...
  • b358d31 address auto-review
  • Additional commits viewable in compare view

Updates gix-pack from 0.65.0 to 0.70.0

Release notes

Sourced from gix-pack's releases.

gix-pack v0.70.0

Commit Statistics

  • 2 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Adapt to changes in gix-object (91bfab0)
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-pack v0.69.0

Chore

  • Add fuzz-testing That's the only way to be reasonably sure it will not panic when parsing malformed files.
  • add package.include directives to control which files are packaged.

Bug Fixes

  • secure reading of corruped or malformed pack files, pack index or multi-indices

New Features (BREAKING)

  • enforce the specification of alloc_init_bytes to handle untrusted input This breaking change is intended to force a decision about how much memory allocation an untrusted party can command by tempering with binary file formats.
  • parameterize data Previously we'd hardcode a memory map, but now this is parameterised with a trait to allow accessing data in a more abstract form. This is primarily meant to speedup fuzz testing, but may also be useful later for portability.

Bug Fixes (BREAKING)

  • remove insecure leb64 and secure leb64_from_read from overflows

Commit Statistics

  • 20 commits contributed to the release over the course of 32 calendar days.

... (truncated)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates gix-transport from 0.53.0 to 0.57.0

Release notes

Sourced from gix-transport's releases.

gix-transport v0.57.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-transport v0.56.0

Bug Fixes

  • reject cross-authority redirects before reusing auth Tighten smart-HTTP redirect handling so credentials are not carried across redirects that change authority.

    • treat redirects as valid only when scheme, host, and effective port stay the same
    • reject redirects to a different host or port when deriving the redirected base URL
    • apply the same authority check in the reqwest redirect policy
    • keep the advisory reproducer backend-neutral so the redirected POST assertion holds for both curl and reqwest

    This fixes the credential-leak vector covered by GHSA-9857-6mw7-fq2m, where Basic auth from the original remote could be forwarded to a redirected endpoint.

Commit Statistics

  • 10 commits contributed to the release over the course of 32 calendar days.
  • 32 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelogs prior to release (f9fbcba)
    • Merge pull request #2530 from GitoxideLabs/advisories (63b8419)
    • Address auto-review (7429b15)
    • Add corpus-builder scripts when corpus files are available; auto-run artifacts in test suite (e64e3b8)
    • Add fuzz tests for 10 more crates, and related fixes (0396152)

... (truncated)

Changelog

Sourced from gix-transport's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates openssl from 0.10.78 to 0.10.79

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

Commits
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • 2c5e5a8 parallelize more builds in CI for cold caches (#2625)
  • 6685591 Add PKey::private_key_from_seed for ML-DSA/ML-KEM key import (#2621)
  • 8f8fdce Drop once_cell in favor of std::sync::{LazyLock, OnceLock} (#2623)
  • Additional commits viewable in compare view

Updates openssl from 0.10.78 to 0.10.79

Release notes

Sourced from openssl's releases.

openssl-v0.10.79

What's Changed

Full Changelog: rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79

Commits
  • 649f2d9 Release openssl 0.10.79 and openssl-sys 0.9.115 (#2632)
  • 257f9b2 Fix output buffer overflow for AES key-wrap-with-padding ciphers (#2630)
  • d43e917 Reject non-UTF-8 OCSP responder URLs in X509Ref::ocsp_responders (#2631)
  • f46519c Add PkeyCtxRef::set_context_string for ML-DSA (#2629)
  • ad9ae31 Bind OSSL_PARAM_modified and use it for seed_into (#2628)
  • 4e25c9b Fix process abort when verify/PSK callbacks fire after SSL_CTX swap (#2624)
  • 3dd8f42 Add PKeyRef::seed_into for ML-DSA/ML-KEM seed extraction (#2626)
  • 2c5e5a8 parallelize more builds in CI for cold caches (#2625)
  • 6685591 Add PKey::private_key_from_seed for ML-DSA/ML-KEM key import (#2621)
  • 8f8fdce Drop once_cell in favor of std::sync::{LazyLock, OnceLock} (#2623)
  • Additional commits viewable in compare view

Updates gix from 0.78.0 to 0.83.0

Release notes

Sourced from gix's releases.

gix v0.83.0

Bug Fixes

  • Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees. It turns out there is no per-worktree excludes file either.

Chore (BREAKING)

  • Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

Bug Fixes (BREAKING)

  • remove winnow and replace it with hand-implemented parsers everywhere. This will allow for simplified maintenance and editing (both human and machine) down the road, and enable additional performance optimisations.

    Parser compbinators to me ultimately were a failed experiment as I couldn't maintain them anyway, with it being too difficult for me to grasp and express everything in its very own kind of language, with a lot of different things to consider.

    Note that this also removes detailed errors from all parsers that previously used winnow, with the option to re-add those if there is demand.

Commit Statistics

  • 5 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Adapt to changes in gix-object (91bfab0)
    • Remove winnow and replace it with hand-implemented parsers everywhere. (91c854e)
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)
    • Merge pull request #2529 from GitoxideLabs/reflog-newline-handling (2c3a08e)
    • Adapt to changes in gix-error (2e2a126)

gix v0.82.0 - hardened

Advisories with fixes

... (truncated)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates gix-fs from 0.19.1 to 0.21.1

Release notes

Sourced from gix-fs's releases.

gix-fs v0.21.1

A security fix for GHSA-f89h-2fjh-2r9q, which could allow attackers to trick gix clone into writing outside of the repository.

Commit Statistics

  • 3 commits contributed to the release over the course of 2 calendar days.
  • 2 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelog of gix-fs prior to release (e26d378)
    • Revalidate cached stack leaves before directory reuse (93d0ff6)
    • Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)

gix-fs v0.21.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-fsck v0.21.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

... (truncated)

Changelog

Sourced from gix-fs's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.53.0 (2026-04-28)

0.52.1 (2026-04-24)

New Features

  • add gix free trust to easily check the assigned trust level of any given path This is particularly useful on Windows, which makes it easy to probe existing paths with ownership that might be complex to reproduce otherwise.

Commit Statistics

  • 6 commits contributed to the release over the course of 27 calendar days.
  • 32 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

  • Uncategorized
    • Merge pull request #2510 from GitoxideLabs/folder-identity-on-windows (a96587c)
    • Add gix free trust to easily check the assigned trust level of any given path (ab2016f)
    • Merge pull request #2513 from GitoxideLabs/v2-diff (2a5db88)
    • Thanks clippy (e4f380e)
    • Merge pull request #2494 from GitoxideLabs/improvements (50fb46f)
    • Adapt to changes in gix-config. (344218a)

0.52.0 (2026-03-22)

0.51.0 (2026-02-22)

... (truncated)

Commits
  • d3e4c17 Release gix-fs v0.21.1
  • e26d378 update changelog of gix-fs prior to release
  • 1d9bae2 address auto-review
  • 2facc6f Add a plan that consolidates all performance TODOs
  • f3cc6b9 document vulnerability of State::from_tree()
  • 05f36c4 Add `State::from_tree()`` benchmark coverage
  • 93d0ff6 Revalidate cached stack leaves before directory reuse
  • c2ae6cd Add clone reproducer for symlink prefix reuse checkout escape
  • 23af41a Merge pull request #2543 from cruessler/run-gix-worktree-stream-tests-with-sh...
  • b358d31 address auto-review
  • Additional commits viewable in compare view

Updates gix-pack from 0.65.0 to 0.70.0

Release notes

Sourced from gix-pack's releases.

gix-pack v0.70.0

Commit Statistics

  • 2 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Adapt to changes in gix-object (91bfab0)
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-pack v0.69.0

Chore

  • Add fuzz-testing That's the only way to be reasonably sure it will not panic when parsing malformed files.
  • add package.include directives to control which files are packaged.

Bug Fixes

  • secure reading of corruped or malformed pack files, pack index or multi-indices

New Features (BREAKING)

  • enforce the specification of alloc_init_bytes to handle untrusted input This breaking change is intended to force a decision about how much memory allocation an untrusted party can command by tempering with binary file formats.
  • parameterize data Previously we'd hardcode a memory map, but now this is parameterised with a trait to allow accessing data in a more abstract form. This is primarily meant to speedup fuzz testing, but may also be useful later for portability.

Bug Fixes (BREAKING)

  • remove insecure leb64 and secure leb64_from_read from overflows

Commit Statistics

  • 20 commits contributed to the release over the course of 32 calendar days.

... (truncated)

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates gix-transport from 0.53.0 to 0.57.0

Release notes

Sourced from gix-transport's releases.

gix-transport v0.57.0

Commit Statistics

  • 1 commit contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 0 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-transport v0.56.0

Bug Fixes

  • reject cross-authority redirects before reusing auth Tighten smart-HTTP redirect handling so credentials are not carried across redirects that change authority.

    • treat redirects as valid only when scheme, host, and effective port stay the same
    • reject redirects to a different host or port when deriving the redirected base URL
    • apply the same authority check in the reqwest redirect policy
    • keep the advisory reproducer backend-neutral so the redirected POST assertion holds for both curl and reqwest

    This fixes the credential-leak vector covered by GHSA-9857-6mw7-fq2m, where Basic auth from the original remote could be forwarded to a redirected endpoint.

Commit Statistics

  • 10 commits contributed to the release over the course of 32 calendar days.
  • 32 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Details

  • Uncategorized
    • Update changelogs prior to release (f9fbcba)
    • Merge pull request #2530 from GitoxideLabs/advisories (63b8419)
    • Address auto-review (7429b15)
    • Add corpus-builder scripts when corpus files are available; auto-run artifacts in test suite (e64e3b8)
    • Add fuzz tests for 10 more crates, and related fixes (0396152)

... (truncated)

Changelog

Sourced from gix-transport's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Commits
  • 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
  • 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
  • d5f9bf5 feat: add Category::is_remote_tracking_branch().
  • 87b2da8 address auto-review
  • 731248f feat!: add sha-256 support to gix-ref.
  • 91bfab0 Adapt to changes in gix-object
  • d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
  • 5127973 fix: Allow more pathological cases during parsing just like Git
  • 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
  • b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
  • Additional commits viewable in compare view

Updates wasmtime from 36.0.7 to 36.0.8

Release notes

Sourced from wasmtime's releases.

v36.0.8

36.0.8

Released 2026-04-30.

Fixed

  • Panic when allocating a table exceeding the size of the host's address space. GHSA-p8xm-42r7-89xg
Changelog

Sourced from wasmtime's changelog.

36.0.8

Released 2026-04-30.

Fixed

  • Panic when allocating a table exceeding the size of the host's address space. GHSA-p8xm-42r7-89xg
Commits

Updates gix from 0.80.0 to 0.83.0

Release notes

Sourced from gix's releases.

gix v0.83.0

Bug Fixes

  • Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees. It turns out there is no per-worktree excludes file either.

Chore (BREAKING)

  • Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

Bug Fixes (BREAKING)

  • remove winnow and replace it with hand-implemented parsers everywhere. This will allow for simplified maintenance and editing (both human and machine) down the road, and enable additional performance optimisations.

    Parser compbinators to me ultimately were a failed experiment as I couldn't maintain them anyway, with it being too difficult for me to grasp and express everything in its very own kind of language, with a lot of different things to consider.

    Note that this also removes detailed errors from all parsers that previously used winnow, with the option to re-add those if there is demand.

Commit Statistics

  • 5 commits contributed to the release over the course of 2 calendar days.
  • 3 days passed between releases.
  • 1 commit was understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Commit Det...

Description has been truncated

@dependabot
chore(deps): bump the cargo group across 6 directories with 6 updates
f4d2b19 
Bumps the cargo group with 2 updates in the / directory: [gix](https://github.com/GitoxideLabs/gitoxide) and [openssl](https://github.com/rust-openssl/rust-openssl).
Bumps the cargo group with 1 update in the /fuzz directory: [openssl](https://github.com/rust-openssl/rust-openssl).
Bumps the cargo group with 1 update in the /git-morph directory: [gix](https://github.com/GitoxideLabs/gitoxide).
Bumps the cargo group with 1 update in the /rpa-elysium directory: [wasmtime](https://github.com/bytecodealliance/wasmtime).
Bumps the cargo group with 2 updates in the /tools/rsr-certified directory: [gix](https://github.com/GitoxideLabs/gitoxide) and [openssl](https://github.com/rust-openssl/rust-openssl).
Bumps the cargo group with 1 update in the /tui directory: [openssl](https://github.com/rust-openssl/rust-openssl).


Updates `gix` from 0.78.0 to 0.83.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-v0.78.0...gix-v0.83.0)

Updates `gix-fs` from 0.19.1 to 0.21.1
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-fs-v0.19.1...gix-fs-v0.21.1)

Updates `gix-pack` from 0.65.0 to 0.70.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-pack-v0.65.0...gix-pack-v0.70.0)

Updates `gix-transport` from 0.53.0 to 0.57.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-transport-v0.53.0...gix-transport-v0.57.0)

Updates `openssl` from 0.10.78 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79)

Updates `openssl` from 0.10.78 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79)

Updates `gix` from 0.78.0 to 0.83.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-v0.78.0...gix-v0.83.0)

Updates `gix-fs` from 0.19.1 to 0.21.1
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-fs-v0.19.1...gix-fs-v0.21.1)

Updates `gix-pack` from 0.65.0 to 0.70.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-pack-v0.65.0...gix-pack-v0.70.0)

Updates `gix-transport` from 0.53.0 to 0.57.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-transport-v0.53.0...gix-transport-v0.57.0)

Updates `wasmtime` from 36.0.7 to 36.0.8
- [Release notes](https://github.com/bytecodealliance/wasmtime/releases)
- [Changelog](https://github.com/bytecodealliance/wasmtime/blob/v36.0.8/RELEASES.md)
- [Commits](bytecodealliance/wasmtime@v36.0.7...v36.0.8)

Updates `gix` from 0.80.0 to 0.83.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-v0.78.0...gix-v0.83.0)

Updates `gix-fs` from 0.19.1 to 0.21.1
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-fs-v0.19.1...gix-fs-v0.21.1)

Updates `gix-pack` from 0.67.0 to 0.70.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-pack-v0.65.0...gix-pack-v0.70.0)

Updates `gix-transport` from 0.55.0 to 0.57.0
- [Release notes](https://github.com/GitoxideLabs/gitoxide/releases)
- [Changelog](https://github.com/GitoxideLabs/gitoxide/blob/main/CHANGELOG.md)
- [Commits](GitoxideLabs/gitoxide@gix-transport-v0.53.0...gix-transport-v0.57.0)

Updates `openssl` from 0.10.78 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79)

Updates `openssl` from 0.10.78 to 0.10.79
- [Release notes](https://github.com/rust-openssl/rust-openssl/releases)
- [Commits](rust-openssl/rust-openssl@openssl-v0.10.78...openssl-v0.10.79)

---
updated-dependencies:
- dependency-name: gix
  dependency-version: 0.83.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: gix-fs
  dependency-version: 0.21.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-pack
  dependency-version: 0.70.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-transport
  dependency-version: 0.57.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix
  dependency-version: 0.83.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: gix-fs
  dependency-version: 0.21.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-pack
  dependency-version: 0.70.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-transport
  dependency-version: 0.57.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: wasmtime
  dependency-version: 36.0.8
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: gix
  dependency-version: 0.83.0
  dependency-type: direct:production
  dependency-group: cargo
- dependency-name: gix-fs
  dependency-version: 0.21.1
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-pack
  dependency-version: 0.70.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: gix-transport
  dependency-version: 0.57.0
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
- dependency-name: openssl
  dependency-version: 0.10.79
  dependency-type: indirect
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels May 8, 2026
@dependabot dependabot Bot mentioned this pull request May 8, 2026
Closed
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 8, 2026

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants