search

SierraSoftworks / github-backup

Automatically backup your GitHub repositories
MIT License
1 stars 0 forks source link

chore(deps): Bump gix-path from 0.10.10 to 0.10.11 #65

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps gix-path from 0.10.10 to 0.10.11.

Release notes

Sourced from gix-path's releases.

gix-path v0.10.11

Bug Fixes

  • Don't require usable temp dir to get installation config When running git config -l ... to find the configuration file path associated with the git installation itself, the current working directory for the subprocess was set to the current directory prior to #1523, and to /tmp or a /tmp-like directory since #1523 (which improved performance and security).

    This builds on #1523, as well as on subsequent changes to run git in a way that its behavior depends less on its CWD, by making an even more robust choice of CWD for the subprocess, so that the CWD is less likely to be deeply nested or on network storage; more likely to exist; and, on Unix-like systems, less likely to contain a .git entry (though a git with security updates should refuse to take any configuration from such a repository unless it is owned by the user).

    Due to a combination of other measures that harden against malicious or unusual contents (especially setting GIT_DIR), the most significant benefit of this change is to fix the problem that a nonexistent temp dir would prevent the command from succeeding.

    The main way that could happen is if TMPDIR on Unix-like systems, or TMP or TEMP on Windows, is set to an incorrect value. Because these variables are sometimes reasonable to customize for specific purposes, it is plausible for them to be set to incorrect values by accident.

    Except on Windows, this always uses / as the CWD for the subprocess.

    On Windows, we use the Windows directory (usually C:\Windows) rather than the root of the system drive (usually C:\), because:

    • We are currently obtaining this information from environment variables, and it is possible for our own parent process to pass down an overly sanitized environment.

    Although this can be so sanitized we cannot find the Windows directory, this is less likely to occur than being unable to find the root of the system drive.

    This due to moderately broad awareness that the SystemRoot environment variable (which, somewhat confusingly, holds the path of the Windows directory, not the root of the system drive) should be preserved even when clearing most other variables.

    Some libraries will even automatically preserve SystemRoot when

... (truncated)

Commits
  • 012a754 Release gix-trace v0.1.10, gix-path v0.10.11
  • c759819 prepare changelogs prior to release.
  • d69c617 Merge pull request #1566 from Byron/merge
  • b91d909 thanks clippy
  • dfbc732 feat!: optionally store objects new objects in memory only.
  • ca5294a feat: add InMemoryPassThrough implementation.
  • b279957 feat: add tree-editing capabilities to Tree and Repository.
  • 7c48556 feat: TreeRef::to_owned() and Tree::into_owned() for a convenient way to ...
  • 39d8e03 Use a standard HashMap instead of one based on SHA1
  • b5dc45f Add benchmarks for the tree editor and the tree-editor cursor
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SierraSoftworks/github-backup/network/alerts).
codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 66.65%. Comparing base (9254d49) to head (0f8ca37). Report is 2 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #65 +/- ## ======================================= Coverage 66.65% 66.65% ======================================= Files 24 24 Lines 2081 2081 ======================================= Hits 1387 1387 Misses 694 694 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.