From 4b7dced595a3615685bd7c4f408f907cedd33767 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:46:35 +0000 Subject: [PATCH 1/2] Bump gitpython from 3.1.32 to 3.1.34 in /scripts Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.32 to 3.1.34. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.32...3.1.34) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/requirements.txt b/scripts/requirements.txt index b0cf0dc732..7d3fa2bef0 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -2,6 +2,6 @@ pip # License: MIT PyYAML==6.0 # License: BSD -gitpython==3.1.32 +gitpython==3.1.34 # License: BSD Jinja2==3.0.3 From b72a36ebe8a0d2aa2d4e0096baa036b401452c4a Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Fri, 8 Sep 2023 11:54:38 -0500 Subject: [PATCH 2/2] capture dependency bump in changelog --- CHANGELOG.next.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md index 946960f9ad..8dcc64616d 100644 --- a/CHANGELOG.next.md +++ b/CHANGELOG.next.md @@ -49,6 +49,12 @@ Thanks, you're awesome :-) --> #### Improvements * Improved documentation formatting to better follow the contributing guide. #2226 +### Tooling and Artifact Changes + +#### Improvements + +* Bump `gitpython` dependency from 3.1.30 to 3.1.34 for security fixes. #2251, #2264 +