Uprev libgit to v1.3.1 (#911)

🔒 This is a security release to provide compatibility with git's changes to address [CVE 2022-24765](https://github.blog/2022-04-12-git-security-vulnerability-announced/). libgit2 (and by extension git2go) are not directly affected by this vulnerability, because libgit2 does not directly invoke any executable. But we are providing these changes as a security release for any users that use libgit2 for repository discovery and then also use git on that repository. In this release, we will now validate that the user opening the repository is the same user that owns the on-disk repository. This is to match git's behavior. In addition, we are providing several correctness fixes where invalid input can lead to a crash. These may prevent possible denial of service attacks. At this time there are not known exploits to these issues.
2022-04-14 16:09:59 +02:00 · 2022-04-14 16:09:59 +02:00 · 7bff4ca7ad
parent eae00773cc
commit 7bff4ca7ad
2 changed files with 2 additions and 2 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -62,7 +62,7 @@ jobs:
      fail-fast: false
      matrix:
        libgit2:
-          - 'v1.3.0'
+          - 'v1.3.1'
    name: Go (system-wide, dynamic)

    runs-on: ubuntu-20.04
--- a/vendor/libgit2
+++ b/vendor/libgit2
@ -1 +1 @@
-Subproject commit b7bad55e4bb0a285b073ba5e02b01d3f522fc95d
+Subproject commit 1f5e7f9add5c8bbc602b14feaec216c8877c3c84