build(deps): bump gitpython from 3.1.30 to 3.1.37 in /unfurl/templates/python3.10 (!253) · Merge requests · onecommons / unfurl

Merged Adam requested to merge dependabot/pip/unfurl/templates/python3.10/gitpython-3.1.37 into main Oct 10, 2023

Created by: dependabot[bot]

Bumps gitpython from 3.1.30 to 3.1.37.

Release notes

3.1.37 - a proper fix CVE-2023-41040

What's Changed

Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in gitpython-developers/GitPython#1654

Better document env_case test/fixture and cwd by @EliahKagan in gitpython-developers/GitPython#1657

Remove spurious executable permissions by @EliahKagan in gitpython-developers/GitPython#1658

Fix up checks in Makefile and make them portable by @EliahKagan in gitpython-developers/GitPython#1661

Fix URLs that were redirecting to another license by @EliahKagan in gitpython-developers/GitPython#1662

Assorted small fixes/improvements to root dir docs by @EliahKagan in gitpython-developers/GitPython#1663

Use venv instead of virtualenv in test_installation by @EliahKagan in gitpython-developers/GitPython#1664

Omit py_modules in setup by @EliahKagan in gitpython-developers/GitPython#1665

Don't track code coverage temporary files by @EliahKagan in gitpython-developers/GitPython#1666

Configure tox by @EliahKagan in gitpython-developers/GitPython#1667

Format tests with black and auto-exclude untracked paths by @EliahKagan in gitpython-developers/GitPython#1668

Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in gitpython-developers/GitPython#1673

Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in gitpython-developers/GitPython#1675

Remove @NoEffect annotations by @EliahKagan in gitpython-developers/GitPython#1677

Add more checks for the validity of refnames by @facutuesca in gitpython-developers/GitPython#1672

Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.36...3.1.37

3.1.35 - a fix for CVE-2023-41040

What's Changed

Bump actions/checkout from 3 to 4 by @dependabot in gitpython-developers/GitPython#1643

Fix 'Tree' object has no attribute '_name' when submodule path is normal path by @CosmosAtlas in gitpython-developers/GitPython#1645

Fix CVE-2023-41040 by @facutuesca in gitpython-developers/GitPython#1644

Only make config more permissive in tests that need it by @EliahKagan in gitpython-developers/GitPython#1648

Added test for PR #1645 submodule path by @CosmosAtlas in gitpython-developers/GitPython#1647

Fix Windows environment variable upcasing bug by @EliahKagan in gitpython-developers/GitPython#1650

New Contributors

@CosmosAtlas made their first contribution in gitpython-developers/GitPython#1645

@facutuesca made their first contribution in gitpython-developers/GitPython#1644

Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.34...3.1.35

3.1.34 - fix resource leaking

What's Changed

util: close lockfile after opening successfully by @skshetry in gitpython-developers/GitPython#1639

New Contributors

@skshetry made their first contribution in gitpython-developers/GitPython#1639

Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.33...3.1.34

v3.1.33 - with security fix

What's Changed

WIP Quick doc by @LeoDaCoda in gitpython-developers/GitPython#1608

Partial clean up wrt mypy and black by @bodograumann in gitpython-developers/GitPython#1617

Disable merge_includes in config writers by @bodograumann in gitpython-developers/GitPython#1618

... (truncated)

Commits

b27a89f fix makefile to compare commit hashes only
0bd2890 prepare next release
832b6ee remove unnecessary list comprehension to fix CI
e98f57b Merge pull request #1672 from trail-of-forks/robust-refname-checks
1774f1e Merge pull request #1677 from EliahKagan/no-noeffect
a4701a0 Remove @NoEffect annotations
d40320b Merge pull request #1675 from EliahKagan/rollback
d1c1f31 Merge pull request #1673 from EliahKagan/flake8
e480985 Tweak rollback logic in log.to_file
ff84b26 Refactor try-finally cleanup in git/
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.