ishepard
commented
9 months ago Hi! Unfortunately newer versions of GitPython do not use properly git stat, which breaks many functions in Pydriller. I opened an issue some time ago: https://github.com/gitpython-developers/GitPython/issues/1556
We don't have a fix yet, I'll have to work on it, or someone from the community maybe
The GitPython dependency, which is pinned to 3.1.30 is vulnerable to a Remote Code Execution attack and needs to be updated to version 3.1.32.
Unfortunately, the packages that use pydriller are now forced to ship the vulnerable GitPython, which is not acceptable. Can you please give a timeline when you plan to fix this issue?
See CVE details here: https://osv.dev/vulnerability/GHSA-pr76-5cm5-w9cj