Allow gix versions through 0.70

[musicinmybrain]

This just expands the range of allowed gix versions to include 0.69 and 0.70.

I confirmed that everything still builds and (having set up the checkout with git fetch upstream test/javascript:test/javascript) cargo test --workspace still passes.

[spenserblack]

Looks good, just need to fix the upper bound.

This would have been covered by scheduled dependabot updates. If there's any particular urgency for this change, I can get out a release quickly.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.20%. Comparing base (6777359) to head (3d4a9ce).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #501   +/-   ##
=======================================
  Coverage   71.20%   71.20%           
=======================================
  Files          18       18           
  Lines         521      521           
=======================================
  Hits          371      371           
  Misses        150      150           

Flag	Coverage Δ
--no-default-features	72.22% <ø> (ø)
--no-default-features --features color	70.82% <ø> (ø)
ubuntu-latest	71.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[musicinmybrain]

This would have been covered by scheduled dependabot updates. If there's any particular urgency for this change, I can get out a release quickly.

I don’t think so. I opened this because I was patching the rust-gengo package in Fedora, and I forgot that you have a rather reliable dependabot configuration (not all upstreams do).

It is true that the releases associated with gix 0.70 include gix-worktree-state 0.17.0, which fixes https://rustsec.org/advisories/RUSTSEC-2025-0001.html / GHSA-fqmf-w4xh-33rh, and that has been one motivation for getting everything updated in Fedora, but running cargo tree in a checkout of this repository indicates that gengo does not directly or indirectly use the gix-worktree-state crate, so it shouldn’t be affected.

[spenserblack]

Cool! So you've been helping package this project for Fedora?

[spenserblack]

@all-contributors add @musicinmybrain for platform

[allcontributors]

@spenserblack

I've put up a pull request to add @musicinmybrain! 🎉

[musicinmybrain]

Cool! So you've been helping package this project for Fedora?

Yes, I’m now maintaining a rust-gengo package, and a rust-gengo-bin package is awaiting review. Once that’s done, sudo dnf install gengo will be possible in Fedora, and probably for EPEL9 and EPEL10 users shortly thereafter.

(I also maintain rust-onefetch in Fedora, and I’ve been keeping an eye on o2sh/onefetch#1305.)

[spenserblack]

Got it, thanks for your support!

I don't know much about authoring packages for Fedora, but let me know if you would ever like a new release. The release process is very trivial on my end, so I'm happy to release as requested.