build(deps): bump gitpython from 3.1.47 to 3.1.49
Closed
Number: #166
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 3
dependabot[bot]Association: Unknown
Comments: 3
Created:
May 03, 2026 at 02:23 AM UTC
(28 days ago)
(28 days ago)
Updated:
May 10, 2026 at 02:22 AM UTC
(21 days ago)
(21 days ago)
Closed:
May 10, 2026 at 02:22 AM UTC
(21 days ago)
(21 days ago)
Time to Close:
7 days
Labels:
dependencies python
dependencies python
Description:
Bumps gitpython from 3.1.47 to 3.1.49.
Release notes
Sourced from gitpython's releases.
3.1.49 - Security
What's Changed
- reject control chars in written values in configuration by
@Byronin gitpython-developers/GitPython#2137- Improve pure Python rev-parse coverage and behavior by
@Copilotin gitpython-developers/GitPython#2136Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.48...3.1.49
3.1.48 - Security
Accidentally deleted the previous GH release, it did mention the advisory this fixes.
What's Changed
- prevent out-of-repo access when manipulating references. by
@Byronin gitpython-developers/GitPython#2134Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.47...3.1.48
Commits
aee2fd5bump version to 3.1.491c4ea96Merge pull request #2136 from gitpython-developers/copilot/create-reproducing...6cf7ac3Address rev-parse review feedbackb049a13Merge pull request #2137 from gitpython-developers/fix-config-injectionbdbdf4bFix rev-parse CI issuesd7ce6fcImprove pure Python rev-parse coverage and behavior (#2135)8e24503avoid duplicate validation in set_valuec417af4reject control chars in written values in configuration5a15361a new release with safer reference creationdbfa264Merge pull request #2134 from gitpython-developers/validate-ref-creation- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Technical Details
| ID: | 15726440 |
| UUID: | 4370650234 |
| Node ID: | PR_kwDOD9nO_M7XuA3z |
| Host: | GitHub |
| Repository: | NHSDigital/sync-wrap |