chore(deps): bump gix from 0.81.0 to 0.82.0

[dependabot]

Bumps gix from 0.81.0 to 0.82.0.

Release notes

Sourced from gix's releases.

gix v0.82.0 - hardened

Advisories with fixes

• GHSA-9857-6mw7-fq2m
• GHSA-p3hw-mv63-rf9w
• GHSA-f26g-jm89-4g65
• GHSA-x494-mj8g-cj27
• GHSA-pg4w-g64p-qwhj
• GHSA-fr8x-3vfx-f45h

Bug Fixes

• Correctly use $COMMON_DIR/info/exclude to make excludes work in worktrees. It turns out there is no per-worktree excludes file either.

• do not open .gitmodule files through symlinks This could lead to places outside of the repository that are attacker controller.

• don't follow submodule names with relative paths in them This made it possible to trick submodule repos to be opened outside of the actual repository.

• Restore Category::to_full_name() to be able to produce any full name. Previously it learned to reject certain invalid branch names, but this has to be done separately and led to some unpleasant changes in gix as well.

• reject refs/heads/HEAD as branch name during repo initialisation Also document that refs/heads/HEAD is allowed if FullName was created directly.

• Tree::peel_to_entry() peel to the final tree entry (and only if it's a tree)

• deduplicate entry-finding logic The logic for finding entries is duplicated 3 times.

  Use std::ops::ControlFlow for simpler, callback-friendly code.

• std::path::Component has infallible conversion to &[u8] Instead of relying on a fallible path and using a default value, we can convert directly between a Component and a &[u8].

Chore (BREAKING)

• Upgrade prodash and crosstermion to the latest version. This will fix the cargo deny issue as it brings in a newer lru crate.

New Features (BREAKING)

• enforce the specification of alloc_init_bytes to handle untrusted input This breaking change is intended to force a decision about how much memory allocation an untrusted party can command by tempering with binary file formats.
• Use imara-diff-v2 with git sliders processing The slider post-processing imrpoves the diff quality for about 8% slower diffs. Line-counts, however, will be 50% faster to compute.

Other

... (truncated)

Commits

• 0a844e7 Release gix-error v0.2.2, gix-date v0.15.2, gix-actor v0.40.1, gix-trace v0.1...
• f9fbcba update changelogs prior to release
• a1ad31b Run more fuzz artifacts as part of the test-suite
• 63b8419 Merge pull request #2530 from GitoxideLabs/advisories
• 0662237 feat(gix-bitmap): add Vec::from_bits(&[bool]) constructor, and `Vec::write_...
• 7429b15 address auto-review
• e64e3b8 Add corpus-builder scripts when corpus files are available; auto-run artifact...
• a96587c Merge pull request #2510 from GitoxideLabs/folder-identity-on-windows
• 0396152 add fuzz tests for 10 more crates, and related fixes
• 52485a9 fix: do not open .gitmodule files through symlinks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)