[Snyk:High] Upgrade gitpython(due by 01/7/2023)

[cnlucas]

Introduced through gitpython@3.1.27

Exploit maturity
No known exploit

Detailed paths

Introduced through: project@0.0.0 › gitpython@3.1.27
Fix: No remediation path available. 

Security information Factors contributing to the scoring:

Snyk: [CVSS 8.1](https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858) - High Severity
NVD: Not available. NVD has not yet published its analysis.

Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview

GitPython is a python library used to interact with Git repositories

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

[pkfec]

Related #https://github.com/gitpython-developers/GitPython/issues/1515

[pkfec]

A newer version of Gitpython v3.1.30 is released on 12/29/2022 and is available here GitPython v3.1.30