Closed renovate[bot] closed 1 year ago
Patch and project coverage have no change.
Comparison is base (
3576b87
) 92.04% compared to head (7559fa0
) 92.04%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
==3.1.31
->==3.1.32
GitHub Vulnerability Alerts
CVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in
clone
andclone_from
, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.Release Notes
gitpython-developers/GitPython (GitPython)
### [`v3.1.32`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.32): - with another security update [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32) #### What's Changed - Bump cygwin/cygwin-install-action from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/gitpython-developers/GitPython/pull/1572](https://togithub.com/gitpython-developers/GitPython/pull/1572) - Fix up the commit trailers functionality by [@itsluketwist](https://togithub.com/itsluketwist) in [https://github.com/gitpython-developers/GitPython/pull/1576](https://togithub.com/gitpython-developers/GitPython/pull/1576) - Name top-level exceptions as private variables by [@Hawk777](https://togithub.com/Hawk777) in [https://github.com/gitpython-developers/GitPython/pull/1590](https://togithub.com/gitpython-developers/GitPython/pull/1590) - fix pypi long description by [@eUgEntOptIc44](https://togithub.com/eUgEntOptIc44) in [https://github.com/gitpython-developers/GitPython/pull/1603](https://togithub.com/gitpython-developers/GitPython/pull/1603) - Don't rely on **del** by [@r-darwish](https://togithub.com/r-darwish) in [https://github.com/gitpython-developers/GitPython/pull/1606](https://togithub.com/gitpython-developers/GitPython/pull/1606) - Block insecure non-multi options in clone/clone_from by [@Beuc](https://togithub.com/Beuc) in [https://github.com/gitpython-developers/GitPython/pull/1609](https://togithub.com/gitpython-developers/GitPython/pull/1609) #### New Contributors - [@Hawk777](https://togithub.com/Hawk777) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1590](https://togithub.com/gitpython-developers/GitPython/pull/1590) - [@eUgEntOptIc44](https://togithub.com/eUgEntOptIc44) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1603](https://togithub.com/gitpython-developers/GitPython/pull/1603) - [@r-darwish](https://togithub.com/r-darwish) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1606](https://togithub.com/gitpython-developers/GitPython/pull/1606) - [@Beuc](https://togithub.com/Beuc) made their first contribution in [https://github.com/gitpython-developers/GitPython/pull/1609](https://togithub.com/gitpython-developers/GitPython/pull/1609) **Full Changelog**: https://github.com/gitpython-developers/GitPython/compare/3.1.31...3.1.32Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.