Message ID | 20230929150943.1645476-1-tim.orling@konsulko.com |
---|---|
State | Accepted, archived |
Commit | a2e23f1e2008203280fce88cb59fbec31a1a1bb2 |
Delegated to: | Tim Orling |
Headers | show |
Series | [layerindex-web] build(deps): bump gitpython from 3.1.32 to 3.1.37 | expand |
diff --git a/requirements.txt b/requirements.txt index b86ac6e..5bc4659 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ django-reversion-compare==0.14.1 django-simple-captcha==0.5.14 djangorestframework==3.13.1 gitdb==4.0.9 -GitPython==3.1.32 +GitPython==3.1.37 kombu==5.2.3 mysqlclient==2.1.0 Pillow==9.3.0
This release contains another security fix that further improves validation of symbolic references and thus properly fixes this CVE: https://github.com/advisories/GHSA-cwvm-v4w8-q58c (CVE-2023-41040). https://github.com/gitpython-developers/GitPython/blob/main/doc/source/changes.rst Signed-off-by: Tim Orling <tim.orling@konsulko.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)