diff mbox series

[layerindex-web] build(deps): bump gitpython from 3.1.32 to 3.1.37

Message ID 20230929150943.1645476-1-tim.orling@konsulko.com
State Accepted, archived
Commit a2e23f1e2008203280fce88cb59fbec31a1a1bb2
Delegated to: Tim Orling
Headers show
Series [layerindex-web] build(deps): bump gitpython from 3.1.32 to 3.1.37 | expand

Commit Message

Tim Orling Sept. 29, 2023, 3:09 p.m. UTC 
This release contains another security fix that further improves validation
of symbolic references and thus properly fixes this CVE:
https://github.com/advisories/GHSA-cwvm-v4w8-q58c (CVE-2023-41040).

https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/requirements.txt b/requirements.txt
index b86ac6e..5bc4659 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@  django-reversion-compare==0.14.1
 django-simple-captcha==0.5.14
 djangorestframework==3.13.1
 gitdb==4.0.9
-GitPython==3.1.32
+GitPython==3.1.37
 kombu==5.2.3
 mysqlclient==2.1.0
 Pillow==9.3.0