Bump git2 from 0.14.2 to 0.14.4

[dependabot]

Bumps git2 from 0.14.2 to 0.14.4.

Commits

• d6f4560 git2 0.14.4 and libgit2-sys 0.13.4
• 6316180 Implement Tree::get_name using Tree::get_name_bytes to avoid duplication
• 23a5340 Add Tree::get_name_bytes to handle non-UTF-8 entry names
• 31d3ff0 Add binding for git_commit_body
• 9d33858 git2 0.14.3 and libgit2-sys 0.13.3
• d8ee105 Avoid unconditional dependency on libssh2-sys when using zlib-ng-compat (#833)
• 2d391e9 Update Readme (#834)
• 71a2466 clarify license
• 4d104dd rustfmt
• 3bc2640 Don't let pkg-config add system lib dirs to the search path
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dandavison]

@dependabot rebase

[martinetd]

Note this effectively makes delta require rust 1.60 as explained in
rust-lang/git2-rs#838 (comment)

actual error for search engines

error: failed to select a version for the requirement `libgit2-sys = "^0.13.4"`
candidate versions found which didn't match: 0.13.2+1.4.2, 0.13.1+1.4.2, 0.13.0+1.4.1, ...
location searched: crates.io index
required by package `git2 v0.14.4`
    ... which satisfies dependency `git2 = "^0.14.4"` of package `git-delta v0.13.0 (/home/martinet/code/delta)`

debian testing still only ships 1.59 so I reverted this commit locally for now...

[dandavison]

Thanks very much @martinetd, I've reverted it in master.

Incidentally, dependabot is a bit of a minefield! I wonder whether I should really be using it? I'm not going to study the consequences of each update carefully. I'm open to any advice here.

[martinetd]

Incidentally, dependabot is a bit of a minefield! I wonder whether I should really be using it? I'm not going to study the consequences of each update carefully. I'm open to any advice here.

tough one. dependabot can be quite handy and I didn't check thoroughly but if you have confidence in CI coverage I'd say it's probably OK -- these should catch most problems, and it's better to keep things updated than forget and run cargo outdated once in a blue moon.

In this particular case the issue is that CI uses rustup, which will always pick an up to date version of rust vs. distros which lag behind quite a bit.
I think the best thing to do would be to decide on which distros you want to support natively and cut a line -- anything older can still build with rustup. Once that's decided updating CI to use that distro's rust version should avoid this kind of problems again, but that might be a bit annoying...

Adding a new rust version column to the matrix that'd be stable for most, and sprinkle some older versions is easy enough (untested):

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c78ae7860ca3..b81f70f4ef24 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,20 +14,21 @@ jobs:
     strategy:
       matrix:
         job:
-          - { os: macos-latest,   target: x86_64-apple-darwin,         use-cross: false }
-          - { os: windows-latest, target: x86_64-pc-windows-msvc,      use-cross: false }
-          - { os: ubuntu-latest , target: x86_64-unknown-linux-gnu,    use-cross: false }
-          - { os: ubuntu-latest,  target: x86_64-unknown-linux-musl,   use-cross: true }
-          - { os: ubuntu-latest,  target: i686-unknown-linux-gnu,      use-cross: true }
-          - { os: ubuntu-latest,  target: arm-unknown-linux-gnueabihf, use-cross: true }
-          - { os: ubuntu-latest,  target: aarch64-unknown-linux-gnu,   use-cross: true }
+          - { os: macos-latest,   target: x86_64-apple-darwin,         use-cross: false, toolchain: stable }
+          - { os: windows-latest, target: x86_64-pc-windows-msvc,      use-cross: false, toolchain: stable }
+          - { os: ubuntu-latest , target: x86_64-unknown-linux-gnu,    use-cross: false, toolchain: stable }
+          - { os: ubuntu-latest,  target: x86_64-unknown-linux-musl,   use-cross: true, toolchain: stable }
+          - { os: ubuntu-latest,  target: i686-unknown-linux-gnu,      use-cross: true, toolchain: stable }
+          - { os: ubuntu-latest,  target: arm-unknown-linux-gnueabihf, use-cross: true, toolchain: stable }
+          - { os: ubuntu-latest,  target: aarch64-unknown-linux-gnu,   use-cross: true, toolchain: stable }
+          - { os: ubuntu-latest , target: x86_64-unknown-linux-gnu,    use-cross: false, toolchain: 1.48.0 } # debian stable version
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
+          toolchain: ${{ matrix.job.toolchain }}
           target: ${{ matrix.job.target }}
           profile: minimal
           override: true
@@ -55,7 +56,7 @@ jobs:
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
+          toolchain: ${{ matrix.job.toolchain }}
           profile: minimal
           override: true
       - name: Build for release
@@ -80,7 +81,7 @@ jobs:
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
+          toolchain: ${{ matrix.job.toolchain }}
           profile: minimal
           override: true
           components: rustfmt
@@ -99,7 +100,7 @@ jobs:
       - name: Install Rust
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
+          toolchain: ${{ matrix.job.toolchain }}
           profile: minimal
           override: true
           components: clippy
@@ -115,10 +116,10 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-      - name: Install stable toolchain
+      - name: Install ${{ matrix.job.toolchain }} toolchain
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: stable
+          toolchain: ${{ matrix.job.toolchain }}
           override: true
       - name: Run cargo-tarpaulin
         uses: actions-rs/tarpaulin@v0.1

but actively tracking for a distro's version which would be better is quite annoying; I don't know if it's worth doing.