Advisories for Cargo/Libgit2-Sys package

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are:

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to this vulnerability. The following versions of the libgit2-sys Rust crate have been released: libgit2-sys 0.14.2, updating the underlying libgit2 C library to version 1.5.1. …