This fix only affects build-time dependencies. Version update was required for built crate, which pulled in the vulnerable libgit2-sys via its own dependencies.
The rest of the changes consist of: 1.) adjusting usage of the built crate for newer version, 2.) Adding git and cargo-lock as features to built crate (these are no longer default features), and 3.) Removal of deprecated function calls from codebase to accommodate.
Tested fully, and built_info fields such as built_info::GIT_VERSION, PKG_VERSION, DEPENDENCIES etc are all generating correct values.
Addresses the following security advisory from GitHub's dependabot: https://github.com/EpicCash/epic/security/dependabot/128
This fix only affects build-time dependencies. Version update was required for
builtcrate, which pulled in the vulnerablelibgit2-sysvia its own dependencies.The rest of the changes consist of: 1.) adjusting usage of the
builtcrate for newer version, 2.) Addinggitandcargo-lockas features tobuiltcrate (these are no longer default features), and 3.) Removal of deprecated function calls from codebase to accommodate.Tested fully, and
built_infofields such asbuilt_info::GIT_VERSION,PKG_VERSION,DEPENDENCIESetc are all generating correct values.