search

BradenM / micropy-cli

Micropython Project Management Tool with VSCode support, Linting, Intellisense, Dependency Management, and more!
https://micropy-cli.readthedocs.io
MIT License
316 stars 25 forks source link

fix(deps): update dependency gitpython to v3.1.32 [security] #523

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
GitPython ==3.1.31 -> ==3.1.32 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Release Notes

gitpython-developers/GitPython (GitPython) ### [`v3.1.32`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.32): - with another security update [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32) #### What's Changed - Bump cygwin/cygwin-install-action from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/gitpython-developers/GitPython/pull/1572](https://togithub.com/gitpython-developers/GitPython/pull/1572) - Fix up the commit trailers functionality by [@​itsluketwist](https://togithub.com/itsluketwist) in [https://github.com/gitpython-developers/GitPython/pull/1576](https://togithub.com/gitpython-developers/GitPython/pull/1576) - Name top-level exceptions as private variables by [@​Hawk777](https://togithub.com/Hawk777) in [https://github.com/gitpython-developers/GitPython/pull/1590](https://togithub.com/gitpython-developers/GitPython/pull/1590) - fix pypi long description by [@​eUgEntOptIc44](https://togithub.com/eUgEntOptIc44) in [https://github.com/gitpython-developers/GitPython/pull/1603](https://togithub.com/gitpython-developers/GitPython/pull/1603) - Don't rely on **del** by [@​r-darwish](https://togithub.com/r-darwish) in [https://github.com/gitpython-developers/GitPython/pull/1606](https://togithub.com/gitpython-developers/GitPython/pull/1606) - Block insecure non-multi options in clone/clone_from by [@​Beuc](https://togithub.com/Beuc) in [https://github.com/gitpython-developers/GitPython/pull/1609](https://togithub.com/gitpython-developers/GitPython/pull/1609) #### New Contributors - [@​Hawk777](https://togithub.com/Hawk777) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1590](https://togithub.com/gitpython-developers/GitPython/pull/1590) - [@​eUgEntOptIc44](https://togithub.com/eUgEntOptIc44) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1603](https://togithub.com/gitpython-developers/GitPython/pull/1603) - [@​r-darwish](https://togithub.com/r-darwish) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1606](https://togithub.com/gitpython-developers/GitPython/pull/1606) - [@​Beuc](https://togithub.com/Beuc) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1609](https://togithub.com/gitpython-developers/GitPython/pull/1609) **Full Changelog**: https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (3576b87) 92.04% compared to head (7559fa0) 92.04%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #523 +/- ## ======================================= Coverage 92.04% 92.04% ======================================= Files 52 52 Lines 2817 2817 ======================================= Hits 2593 2593 Misses 224 224 ``` | [Flag](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | Coverage Δ | | |---|---|---| | [os-macOS-12](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `92.01% <ø> (ø)` | | | [os-ubuntu-latest](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `92.01% <ø> (ø)` | | | [os-windows-latest](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `91.87% <ø> (+0.03%)` | :arrow_up: | | [py-3.10](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `92.04% <ø> (ø)` | | | [py-3.11](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `91.54% <ø> (-0.47%)` | :arrow_down: | | [py-3.8](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `91.97% <ø> (ø)` | | | [py-3.9](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `91.82% <ø> (-0.18%)` | :arrow_down: | | [unittests](https://app.codecov.io/gh/BradenM/micropy-cli/pull/523/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars) | `92.04% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Braden+Mars#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.