Commit c34ef52
Bump GitPython to 3.1.47 to fix two security advisories
Fixes GHSA-rpm5-65cw-6hj4 (CVSS 8.8, command injection via
underscore-form `upload_pack=`/`receive_pack=` kwargs that bypass the
unsafe-option check) and GHSA-x2qx-6953-8485 (CVSS 8.1, argument
injection through `multi_options` validated before `shlex.split`).
Both are fixed in 3.1.47. The `^3.1.44` constraint in pyproject.toml
already permits this, so only the lockfile changes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent e265b52 commit c34ef52
1 file changed
Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments