Update Rust crate git2 to v0.20.4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
git2	dependencies	patch	0.20.2 → 0.20.4

---

git2 has potential undefined behavior when dereferencing Buf struct

GHSA-j39j-6gw9-jw6h

More information

Details

If the Buf struct is dereferenced immediately after calling new() or default() on the Buf struct, a null pointer is passed to the unsafe function slice::from_raw_parts. According to the safety section documentation of the function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passing a null pointer will lead to undefined behavior.

Severity

• CVSS Score: 2.7 / 10 (Low)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

References

• https://github.com/rust-lang/git2-rs/issues/1211
• https://github.com/rust-lang/git2-rs/pull/1213
• https://github.com/rust-lang/git2-rs/commit/9e160f15bd056f82143109bb330573381e5de719
• https://rustsec.org/advisories/RUSTSEC-2026-0008.html
• https://github.com/advisories/GHSA-j39j-6gw9-jw6h

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

rust-lang/git2-rs (git2)

v0.20.4

Compare Source

v0.20.3

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.