Skip to content

Develop #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Alex793x merged 2 commits into from
Jan 6, 2026

Merge pull request #267 from syncable-dev/dependabot/cargo/develop/re…

77f1749
Select commit
Loading
Failed to load commit list.
Sign in for the full log view
Merged

Develop #268

Merge pull request #267 from syncable-dev/dependabot/cargo/develop/re…
77f1749
Select commit
Loading
Failed to load commit list.
GitHub Actions / Security audit failed Jan 6, 2026 in 0s

Security advisories found

1 advisories

Details

Vulnerabilities

RUSTSEC-2025-0140

Non-utf8 String can be created with TimeBuf::as_str

Details
Package gix-date
Version 0.10.2
URL GitoxideLabs/gitoxide#2305
Date 2025-12-29
Patched versions >=0.12.0

The function gix_date::parse::TimeBuf::as_str can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string.

The bug can be prevented by adding str::from_utf8 to the function TimeBuf::write.

View more details on GitHub Actions