From 3b31224448e74fe9011e35a7356f44c6ef5daeda Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 8 Feb 2026 23:50:13 +0000
Subject: [PATCH] Update Rust crate git2 to v0.20.4 [SECURITY] (#48400)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [git2](https://redirect.github.com/rust-lang/git2-rs) |
workspace.dependencies | patch | `0.20.2` → `0.20.4` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-j39j-6gw9-jw6h](https://redirect.github.com/rust-lang/git2-rs/issues/1211)

If the Buf struct is dereferenced immediately after calling new() or
default() on the Buf struct, a null pointer is passed to the unsafe
function slice::from_raw_parts. According to the safety section
documentation of the function, data must be non-null and aligned even
for zero-length slices or slices of ZSTs. Thus, passing a null pointer
will lead to undefined behavior.

---

### Release Notes

<details>
<summary>rust-lang/git2-rs (git2)</summary>

###
[`v0.20.4`](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.3...git2-0.20.4)

[Compare
Source](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.3...git2-0.20.4)

###
[`v0.20.3`](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)

[Compare
Source](https://redirect.github.com/rust-lang/git2-rs/compare/git2-0.20.2...git2-0.20.3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone America/New_York,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

Release Notes:

- N/A

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Cargo.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c3c8af9c756c308d100d8ef3174dfe053c159aaa..812f738b96f7e06a45e7a715a2bfcd61f37b0cd5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7202,9 +7202,9 @@ dependencies = [
 
 [[package]]
 name = "git2"
-version = "0.20.2"
+version = "0.20.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2deb07a133b1520dc1a5690e9bd08950108873d7ed5de38dcc74d3b5ebffa110"
+checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b"
 dependencies = [
  "bitflags 2.10.0",
  "libc",
@@ -9373,9 +9373,9 @@ dependencies = [
 
 [[package]]
 name = "libgit2-sys"
-version = "0.18.2+1.9.1"
+version = "0.18.3+1.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c42fe03df2bd3c53a3a9c7317ad91d80c81cd1fb0caec8d7cc4cd2bfa10c222"
+checksum = "c9b3acc4b91781bb0b3386669d325163746af5f6e4f73e6d2d630e09a35f3487"
 dependencies = [
  "cc",
  "libc",