Update dependency libgit2/libgit2 to v1.7.2

This MR contains the following updates:

Package	Type	Update	Change
libgit2/libgit2	ironbank-github	patch	v1.7.1 -> v1.7.2

---

⚠ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

libgit2/libgit2 (libgit2/libgit2)

v1.7.2: libgit2 v1.7.2

Compare Source

🔒 This is a security release with multiple changes.

• A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.

• A bug in git_index_add is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.

• A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.

The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add and git_revparse_single bugs, and providing details and reproduction steps during their responsible disclosure.

All users of the v1.7 release line are recommended to upgrade.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.