CGA-q6hc-mrph-w252

This vulnerability affects gix-date 0.11.1, a transitive dependency of starship v1.24.2. The vulnerability is fixed in gix-date >= 0.12.0, but upgrading is blocked by version incompatibilities in the dependency chain.

Dependency Chain:

• starship v1.24.2 → gix v0.76.0
• gix v0.76.0 requires gix-date ^0.11.1 (0.11.x only)
• Fix requires gix-date >= 0.12.0 (incompatible with gix 0.76.0)

The gix v0.76.0 constraint (^0.11.1) prevents upgrading gix-date to 0.12.0. Upgrading gix-date requires gix 0.77.0+, which in turn requires new starship release. starship v1.24.2 is currently the latest upstream release (as of 2026-01-12). Build attempted regarding gix-date 0.12.0 upgrade and failed. In order to remediate this vulnerability, upstream must release a new version of starship that uses gix 0.77.0 or later, which supports gix-date 0.12.0+.