Build(deps): Bump gix-url from 0.35.2 to 0.36.0

[dependabot]

Bumps gix-url from 0.35.2 to 0.36.0.

Release notes

Sourced from gix-url's releases.

gix-url v0.36.0

Bug Fixes

• Implement percent-decoding in HTTP URLs for username, password and paths, and add whitespace rejection.
• Detect and fail if HTTP URLs contain whitespace for username, password and path
• disallow spaces in hosts

Commit Statistics

• 1 commit contributed to the release over the course of 2 calendar days.
• 3 days passed between releases.
• 0 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Merge pull request #2540 from GitoxideLabs/reporting (4d5ba23)

gix-url v0.35.3

Documentation

• add crate-root doctests

Bug Fixes

• Implement percent-decoding in HTTP URLs for username, password and paths, and add whitespace rejection.
• Detect and fail if HTTP URLs contain whitespace for username, password and path
• disallow spaces in hosts

Commit Statistics

• 6 commits contributed to the release.
• 1 commit was understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

• Uncategorized
  • Update changelogs prior to release (f9fbcba)
  • Merge pull request #2518 from GitoxideLabs/improvements (444a92b)

... (truncated)

Changelog

Sourced from gix-url's changelog.

0.36.0 (2024-05-22)

New Features

• checkout respects options for core.protectHFS and core.protectNTFS. This also adds gitoxide.core.protectWindows as a way to enforce additional restrictions that are usually only available on Windows.

  Note that core.protectNFS is always enabled by default, just like it is in Git.

Bug Fixes

• more robustness in the face of a trampling-herd of threads loading a single index. The motivating example is here: praetorian-inc/noseyparker#179

  Previously, it was possible for a trampling herd of threads to consolidate the disk state. Most of them would be 'needs-init' threads which could notice that the initialization already happened, and just use that.

  But a thread might be late for the party and somehow manages to not get any newly loaded index, and thus tries to consolidate with what's on disk again. Then it would again determine no change, and return nothing, causing the caller to abort and not find objects it should find because it wouldn't see the index that it should have seen.

  The reason the thread got into this mess is that the 'is-load-ongoing' flagging was racy itself, so it would not wait for ongoing loads and just conclude nothing happened. An extra delay (by yielding) now assures it either seees the loading state and waits for it, sees the newly loaded indices.

  Note that this issue can be reproduced with:

  './target/release/gix -r repo-with-one-pack -t10 --trace odb stats --extra-header-lookup'
  

Commit Statistics

• 6 commits contributed to the release over the course of 10 calendar days.
• 38 days passed between releases.
• 2 commits were understood as conventional.
• 0 issues like '(#ID)' were seen in commit messages

Commit Details

... (truncated)

Commits

• 53f880c Release gix-error v0.2.3, gix-date v0.15.3, gix-actor v0.41.0, gix-path v0.12...
• 09687eb fix CI - and probably prevent can't connect to localhost in journey tests
• d5f9bf5 feat: add Category::is_remote_tracking_branch().
• 87b2da8 address auto-review
• 731248f feat!: add sha-256 support to gix-ref.
• 91bfab0 Adapt to changes in gix-object
• d4439cd fix!: Limit Commit and Tag parsing to a given gix_hash::Kind
• 5127973 fix: Allow more pathological cases during parsing just like Git
• 91c854e fix!: remove winnow and replace it with hand-implemented parsers everywhere.
• b060eb2 fix!: remove winnow from the public gix-actor API for parsing (#2545)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: cargo, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.