New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency gitpython to v3.1.41 #13

Open

mend-for-github-com wants to merge 1 commit into devel from whitesource-remediate/gitpython-3.x

mend-for-github-com bot commented Aug 11, 2023 •

edited

Loading

This PR contains the following updates:

Package	Update	Change
gitpython	patch	`==3.1.29` -> `==3.1.41`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2023-40267
High	7.8	CVE-2023-40590
High	7.8	CVE-2024-22190
Medium	4.0	CVE-2023-41040

Release Notes

gitpython-developers/GitPython (gitpython)

`v3.1.41`: - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

Add __all__ in git.exc by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1719
Set submodule update cadence to weekly by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1721
Never modify sys.path by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1720
Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1722
Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1725
Use zero-argument super() by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1726
Remove obsolete note in _iter_packed_refs by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1727
Reorganize test_util and make xfail marks precise by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1729
Clarify license and make module top comments more consistent by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1730
Deprecate compat.is_, rewriting all uses by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1732
Revise and restore some module docstrings by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1735
Make the rmtree callback Windows-only by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1739
List all non-passing tests in test summaries by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1740
Document some minor subtleties in test_util.py by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1749
Always read metadata files as UTF-8 in setup.py by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1748
Test native Windows on CI by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1745
Test macOS on CI by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1752
Let close_fds be True on all platforms by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1753
Fix IndexFile.from_tree on Windows by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1751
Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1754
Don't return with operand when conceptually void by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1755
Group .gitignore entries by purpose by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1758
Adding dubious ownership handling by @marioaag in https://github.com/gitpython-developers/GitPython/pull/1746
Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1759
Overhaul noqa directives by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1760
Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1761
Bump actions/setup-python from 4 to 5 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1763
Don't install black on Cygwin by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1766
Extract all "import gc" to module level by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1765
Extract remaining local "import gc" to module level by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1768
Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1767
Enable CodeQL by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1769
Replace some uses of the deprecated mktemp function by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1770
Bump github/codeql-action from 2 to 3 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1773
Run some Windows environment variable tests only on Windows by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1774
Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1776
Improve hooks tests by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1777
Fix if items of Index is of type PathLike by @stegm in https://github.com/gitpython-developers/GitPython/pull/1778
Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1780
Revert "Don't install black on Cygwin" by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1783
Add missing pip in $PATH on Cygwin CI by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1784
Shorten Iterable docstrings and put IterableObj first by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1785
Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1786
Pre-deprecate setting Git.USE_SHELL by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1782
Deprecate Git.USE_SHELL by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1787
In handle_process_output don't forward finalizer result by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1788
Fix mypy warning "Missing return statement" by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1789
Fix two remaining Windows untrusted search path cases by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1792

New Contributors

@marioaag made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1746
@stegm made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1778

Full Changelog: gitpython-developers/GitPython@3.1.40...3.1.41

`v3.1.40`: - fix downstream CI

What's Changed

Add missing info in Submodule.remove docstring by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1714
Have init script clone submodules unconditionally by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1715

Full Changelog: gitpython-developers/GitPython@3.1.38...3.1.40

`v3.1.38`

What's Changed

Add missing assert keywords by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1678
Make clear every test's status in every CI run by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1679
Fix new link to license in readme by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1680
Drop unneeded flake8 suppressions by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1681
Update instructions and test helpers for git-daemon by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1684
Fix Git.execute shell use and reporting bugs by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1687
No longer allow CI to select a prerelease for 3.12 by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1689
Clarify Git.execute and Popen arguments by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1688
Ask git where its daemon is and use that by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1697
Fix bugs affecting exception wrapping in rmtree callback by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1700
Fix dynamically-set all variable by @DeflateAwning in https://github.com/gitpython-developers/GitPython/pull/1659
Fix small #1662 regression due to #1659 by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1701
Drop obsolete info on yanking from security policy by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1703
Have Dependabot offer submodule updates by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1702
Bump git/ext/gitdb from 49c3178 to 8ec2390 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1704
Bump git/ext/gitdb from 8ec2390 to 6a22706 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1705
Update readme for milestone-less releasing by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1707
Run Cygwin CI workflow commands in login shells by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1709

New Contributors

@DeflateAwning made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1659

Full Changelog: gitpython-developers/GitPython@3.1.37...3.1.38

`v3.1.37`: - a proper fix CVE-2023-41040

What's Changed

Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1654
Better document env_case test/fixture and cwd by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1657
Remove spurious executable permissions by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1658
Fix up checks in Makefile and make them portable by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1661
Fix URLs that were redirecting to another license by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1662
Assorted small fixes/improvements to root dir docs by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1663
Use venv instead of virtualenv in test_installation by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1664
Omit py_modules in setup by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1665
Don't track code coverage temporary files by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1666
Configure tox by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1667
Format tests with black and auto-exclude untracked paths by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1668
Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1673
Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1675
Remove @NoEffect annotations by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1677
Add more checks for the validity of refnames by @facutuesca in https://github.com/gitpython-developers/GitPython/pull/1672

Full Changelog: gitpython-developers/GitPython@3.1.36...3.1.37

`v3.1.36`

`v3.1.35`: - a fix for CVE-2023-41040

What's Changed

Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1643
Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in https://github.com/gitpython-developers/GitPython/pull/1645
Fix CVE-2023-41040 by @facutuesca in https://github.com/gitpython-developers/GitPython/pull/1644
Only make config more permissive in tests that need it by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1648
Added test for PR #1645 submodule path by @CosmosAtlas in https://github.com/gitpython-developers/GitPython/pull/1647
Fix Windows environment variable upcasing bug by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1650

New Contributors

@CosmosAtlas made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1645
@facutuesca made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1644

Full Changelog: gitpython-developers/GitPython@3.1.34...3.1.35

`v3.1.34`: - fix resource leaking

What's Changed

util: close lockfile after opening successfully by @skshetry in https://github.com/gitpython-developers/GitPython/pull/1639

New Contributors

@skshetry made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1639

Full Changelog: gitpython-developers/GitPython@3.1.33...3.1.34

`v3.1.33`: - with security fix

What's Changed

WIP Quick doc by @LeoDaCoda in https://github.com/gitpython-developers/GitPython/pull/1608
Partial clean up wrt mypy and black by @bodograumann in https://github.com/gitpython-developers/GitPython/pull/1617
Disable merge_includes in config writers by @bodograumann in https://github.com/gitpython-developers/GitPython/pull/1618
feat: full typing for "progress" parameter in Repo class by @madebylydia in https://github.com/gitpython-developers/GitPython/pull/1634
Fix CVE-2023-40590 by @EliahKagan in https://github.com/gitpython-developers/GitPython/pull/1636
#1566 Creating a lock now uses python built-in "open()" method to work arou… by @HageMaster3108 in https://github.com/gitpython-developers/GitPython/pull/1619

New Contributors

@LeoDaCoda made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1608
@bodograumann made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1617
@EliahKagan made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1636
@HageMaster3108 made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1619

Full Changelog: gitpython-developers/GitPython@3.1.32...3.1.33

`v3.1.32`: - with another security update

What's Changed

Bump cygwin/cygwin-install-action from 3 to 4 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1572
Fix up the commit trailers functionality by @itsluketwist in https://github.com/gitpython-developers/GitPython/pull/1576
Name top-level exceptions as private variables by @Hawk777 in https://github.com/gitpython-developers/GitPython/pull/1590
fix pypi long description by @eUgEntOptIc44 in https://github.com/gitpython-developers/GitPython/pull/1603
Don't rely on del by @r-darwish in https://github.com/gitpython-developers/GitPython/pull/1606
Block insecure non-multi options in clone/clone_from by @Beuc in https://github.com/gitpython-developers/GitPython/pull/1609

New Contributors

@Hawk777 made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1590
@eUgEntOptIc44 made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1603
@r-darwish made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1606
@Beuc made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1609

Full Changelog: gitpython-developers/GitPython@3.1.31...3.1.32

`v3.1.31`

What's Changed

Fix Sphinx rendering errors by @stephan-cr in https://github.com/gitpython-developers/GitPython/pull/1524
tests: Use command -v instead of third-party which program by @mgorny in https://github.com/gitpython-developers/GitPython/pull/1525
fix/add allow_unsafe_* params in docstrings + fix typo by @obfusk in https://github.com/gitpython-developers/GitPython/pull/1530
use tempfile.TemporaryDirectory & fix clone_from_unsafe_protocol tests by @obfusk in https://github.com/gitpython-developers/GitPython/pull/1531
Fix some resource leaks by open file handles by @marlamb in https://github.com/gitpython-developers/GitPython/pull/1532
fix files list on file rename by @teknoraver in https://github.com/gitpython-developers/GitPython/pull/1537
Declare support for Python 3.11 by @hugovk in https://github.com/gitpython-developers/GitPython/pull/1541
Fix ignored by @Lightborne in https://github.com/gitpython-developers/GitPython/pull/1545
Fix timezone parsing functions for non-hour timezones by @jcowgill in https://github.com/gitpython-developers/GitPython/pull/1547
Enable user to override default diff -M arg by @mellowed100 in https://github.com/gitpython-developers/GitPython/pull/1551
Remove optional from two member variables by @Sineaggi in https://github.com/gitpython-developers/GitPython/pull/1550
Fix RecursionError when iterating streams by @eric-wieser in https://github.com/gitpython-developers/GitPython/pull/1554
Fix get_values() so it correctly loads section names by @Codym48 in https://github.com/gitpython-developers/GitPython/pull/1555

New Contributors

@stephan-cr made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1524
@obfusk made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1530
@marlamb made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1532
@teknoraver made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1537
@Lightborne made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1545
@jcowgill made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1547
@mellowed100 made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1551
@Sineaggi made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1550
@Codym48 made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1555

Full Changelog: gitpython-developers/GitPython@3.1.30...3.1.31

`v3.1.30`: - with important security fixes

See https://github.com/gitpython-developers/GitPython/issues/1515 for details.

What's Changed

Add datetime.datetime type to commit_date and author_date by @SergeantMenacingGarlic in https://github.com/gitpython-developers/GitPython/pull/1501
Bump cygwin/cygwin-install-action from 2 to 3 by @dependabot in https://github.com/gitpython-developers/GitPython/pull/1514
Fix command injection by @stsewd in https://github.com/gitpython-developers/GitPython/pull/1518
Document PushInfoList by @skinitimski in https://github.com/gitpython-developers/GitPython/pull/1522
Fix type hint on create_tag by @drewcassidy in https://github.com/gitpython-developers/GitPython/pull/1523
Block insecure options and protocols by default by @stsewd in https://github.com/gitpython-developers/GitPython/pull/1521

New Contributors

@SergeantMenacingGarlic made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1501
@skinitimski made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1522
@drewcassidy made their first contribution in https://github.com/gitpython-developers/GitPython/pull/1523

Full Changelog: gitpython-developers/GitPython@3.1.29...3.1.30

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix label


          Update dependency gitpython to v3.1.41

533ccdf

mend-for-github-com bot force-pushed the whitesource-remediate/gitpython-3.x branch from 3bcf8dc to 533ccdf Compare

January 14, 2024 03:20

mend-for-github-com bot changed the title ~~Update dependency gitpython to v3.1.32~~ Update dependency gitpython to v3.1.41

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels