From 769f7946bcac5c0ba763d63c5192658d594c40ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20H=C3=A6gland?= Date: Mon, 11 May 2026 07:17:39 +0200 Subject: [PATCH] Bump GitPython to 3.1.50 to fix three security advisories Fixes dependabot alerts #20, #21, #22: - GHSA-7545-fcxq-7j24 (CVE-2026-44243): path traversal in reference APIs - GHSA-v87r-6q3f-2j67 (CVE-2026-44244): newline injection in set_value() value - GHSA-mv93-w799-cj2w: newline injection in set_value() section parameter --- python/sphinx_docs/poetry.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/sphinx_docs/poetry.lock b/python/sphinx_docs/poetry.lock index 0a42ad2..7565997 100644 --- a/python/sphinx_docs/poetry.lock +++ b/python/sphinx_docs/poetry.lock @@ -287,14 +287,14 @@ smmap = ">=3.0.1,<6" [[package]] name = "gitpython" -version = "3.1.47" +version = "3.1.50" description = "GitPython is a Python library used to interact with Git repositories" optional = false python-versions = ">=3.7" groups = ["main", "dev"] files = [ - {file = "gitpython-3.1.47-py3-none-any.whl", hash = "sha256:489f590edfd6d20571b2c0e72c6a6ac6915ee8b8cd04572330e3842207a78905"}, - {file = "gitpython-3.1.47.tar.gz", hash = "sha256:dba27f922bd2b42cb54c87a8ab3cb6beb6bf07f3d564e21ac848913a05a8a3cd"}, + {file = "gitpython-3.1.50-py3-none-any.whl", hash = "sha256:d352abe2908d07355014abdd21ddf798c2a961469239afec4962e9da884858f9"}, + {file = "gitpython-3.1.50.tar.gz", hash = "sha256:80da2d12504d52e1f998772dc5baf6e553f8d2fcfe1fcc226c9d9a2ee3372dcc"}, ] [package.dependencies]