Closed philipclaesson closed 1 year ago
Name | Link |
---|---|
Latest commit | aca303aadb760681308bc08497d10a0691bd49f3 |
Latest deploy log | https://app.netlify.com/sites/opal-docs/deploys/64e67291df922b00082c4c80 |
Thanks @philipclaesson ! :) @asafc / @roekatz what do you think ?
Gitpython has a vulnerability where it does not block insecure non-multi options in clone and clone_from. This popped up in our vulnerability scanner, so I thought it suggest to bump it.
https://avd.aquasec.com/nvd/2023/cve-2023-40267/
I have a hard time seeing it should pose a real security issue for OPAL users, but who knows. At the very least, it's nice to not get any critical vulnerability reports in vulnerability scanners.
The minor version bump suggest it should be an easy one. Complete changelog here: https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.32
Check List (Check all the applicable boxes)
Note to reviewers
I am not sure exactly how to test this further than the automated tests. Let me know if you want further action from my side.
I did not get the tests running on my local machine - would need approval on the test run: https://github.com/permitio/opal/actions/runs/5956379336