An idiomatic, lean, fast & safe pure Rust implementation of Git
assure worktree-roots aren't pruned with pathspecs that are never meant for them. Previously, when pathspecs were defined, the classification of the worktree-root would also be using them. This means that depending on the pathspec, worktree-roots would be pruned, which in turn makes it impossible to recurse into them.
Now pathspecs are disabled when classifying the worktree-root directory.
gix-dir
patch release (6ca6fa6)A maintenance release without user-facing changes.
gix-dir
patch release (6ca6fa6)A maintenance release without user-facing changes.
gix-dir
patch release (6ca6fa6)A maintenance release without user-facing changes.
gix-dir
patch release (6ca6fa6)Prevent usernames with leading -
from being passed to SSH
This detects ambiguous usernames in dangerous cases where they
would be passed to external commands to form SSH connections, if
they would be misinterpreted as option arguments.
This change is analogous to https://github.com/Byron/gitoxide/commit/b06a0dd781accad317fdec5f86f069df4c21875c, hardening gix-transport
and
applications that use it against options smuggled in URLs, but for
the non-mandatory username portion of a URL, rather than the host
and path portions that were covered there.
For example, commands like these no longer pass -F...
options to
ssh
:
gix clone 'ssh://[email protected]/abc' gix clone -- '[email protected]:abc/def'
Instead, they refuse to run ssh
, producing the error:
Error: Username '-Fconfigfile' could be mistaken for a command-line argument
forward curl
rustls feature from gix-transport
to avoid curl
in gix
.
This removes the curl
dependency just for configuring it, and removes
a hazard which became evident with reqwest.
reqwest
dependency update as breaking
Related to https://github.com/Byron/gitoxide/pull/1327 .curl
rustls feature from gix-transport
to avoid curl
in gix
. (https://github.com/Byron/gitoxide/commit/98cfbec51276bbd6caa48fd6d8942247df091c94)reqwest
dependency update as breaking (https://github.com/Byron/gitoxide/commit/e30436982903e82a0c635bec58dfee1fff33fed8)gix-transport
with minor edits to comments (https://github.com/Byron/gitoxide/commit/996310ba1408fe746c6de43cb24dc1e809fd4d57)Url::host_as_argument()
in ssh::connect()
(https://github.com/Byron/gitoxide/commit/cf59f574f97f9a3ca489c603674d0ec76e498e1e)-
host names aren't used in -G
check (https://github.com/Byron/gitoxide/commit/902367fb452787a8fd8305676fa9c5a827646490)-G
test (https://github.com/Byron/gitoxide/commit/524739b9189d007dab2f0dde38ce59dabd20d737)user@-arg...
in prepare_invocation (https://github.com/Byron/gitoxide/commit/29116236de3ca0ee97f60f1ad4024f74490bb2cd)-
from being passed to SSH (https://github.com/Byron/gitoxide/commit/f56ad390a5569d0129b7b16632991d18b9ddb4f7)Please note that this release contains a security fix originally implemented in gix-transport
via this PR which prevents ssh
options to be smuggled into the ssh
command-line invocation with a username provided to a clone or fetch URL.
Details can be found in the advisory.
into_index_worktree_iter()
now takes an iterator, instead of a Vec.
This makes the API more consistent, and one can pass None
as well.
show submodules in status independently of their active state.
Even inactive submodules are shown in the status by git status
,
so gix
should do the same.
First observed in https://github.com/helix-editor/helix/pull/5645#issuecomment-2016798212
forward curl
rustls feature from gix-transport
to avoid curl
in gix
.
This removes the curl
dependency just for configuring it, and removes
a hazard which became evident with reqwest.
topo
more similar to Ancestors
, but also rename Ancestors
to Simple
Clippy helped 1 time to make code idiomatic.
curl
rustls feature from gix-transport
to avoid curl
in gix
. (https://github.com/Byron/gitoxide/commit/98cfbec51276bbd6caa48fd6d8942247df091c94)gix-traverse
(https://github.com/Byron/gitoxide/commit/1cfeb11f1fe9ad9c7b9084840ed7f5c5877f2f9a)topo
more similar to Ancestors
, but also rename Ancestors
to Simple
(https://github.com/Byron/gitoxide/commit/2a9c178326b7f13ba6bc1f89fc2b9d9facbecf48)gix-traverse
(https://github.com/Byron/gitoxide/commit/6154bf3a346d69f9749271d50e4f3aacdcbad4d0)into_index_worktree_iter()
now takes an iterator, instead of a Vec. (https://github.com/Byron/gitoxide/commit/18b2921aaa28df536faf74098d5f1f13d34148f9)is_path_excluded()
in documentation (https://github.com/Byron/gitoxide/commit/c13632959e287f31a00c1ba8fc6e97470f0cd734)gix-index
(https://github.com/Byron/gitoxide/commit/1e1fce11a968ebbcede1135ccbd0b03e749a1267)add gix status --ignored
support
add gix status --index-worktree-renames
This enables rename-tracking between worktree and index, something
that Git also doesn't do or doesn't do by default.
It is, however, available in git2
.
gix status
with submodule and rewrite support.
Submodule changes are now picked up as long as the submodule is
in the index.
Further, it's possible to enable rename-tracking between
index and worktree separately.
add gix is-clean|is-changed
It's a good way to compare the time it takes to run a full status
compared to a quick is-dirty check.
gix submodules list --dirty-suffix
for dirty-information
This is a submodule-centric and greatly simplified way of obtaining
describe information with dirty-suffix.
Note that status
information is also possible, but it seems
hard to display nicely, which this command isn't great at
in the first place.
add gix commit describe --dirty-suffix
That way a suffix will be added depending on the dirty-state of the repository.
gix status --format
to communicate the current format is very simple. (23bea36)gix status --ignored
support (84c74ff)gix status --index-worktree-renames
(66e87cd)gix status
with submodule and rewrite support. (61c002b)gix is-clean|is-changed
(98b3680)gix submodules list --dirty-suffix
for dirty-information (afd20ca)gix commit describe --dirty-suffix
(58231b4)This release also updates reqwest
to v0.12, bringing hyper 1.0 and a more recent rustls
version.
curl
into a workspace package (adee500)A maintenance release without user-facing changes, but with a reqwest
update that uses more recent tls and hyper versions.
curl
into a workspace package (adee500)A maintenance release without user-facing changes.