build(deps): bump gitpython from 3.1.47 to 3.1.50
Open
Number: #169
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 2
dependabot[bot]Association: Unknown
Comments: 2
Created:
May 10, 2026 at 02:22 AM UTC
(21 days ago)
(21 days ago)
Updated:
May 10, 2026 at 02:23 AM UTC
(21 days ago)
(21 days ago)
Labels:
dependencies python
dependencies python
Description:
Bumps gitpython from 3.1.47 to 3.1.50.
Release notes
Sourced from gitpython's releases.
3.1.49 - Security
What's Changed
- reject control chars in written values in configuration by
@Byronin gitpython-developers/GitPython#2137- Improve pure Python rev-parse coverage and behavior by
@Copilotin gitpython-developers/GitPython#2136Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.48...3.1.49
3.1.48 - Security
Accidentally deleted the previous GH release, it did mention the advisory this fixes.
What's Changed
- prevent out-of-repo access when manipulating references. by
@Byronin gitpython-developers/GitPython#2134Full Changelog: https://github.com/gitpython-developers/GitPython/compare/3.1.47...3.1.48
Commits
5a294a6bump version to 3.1.50d7b029fMerge pull request #2142 from gitpython-developers/fix-validate-config-key-ne...5453842Validate config key section names before writing1085a7cMerge pull request #2128 from meliezer/fix-worktree-git-dirb7f5fdeMerge pull request #2141 from gitpython-developers/dependabot/submodules/git/...4e8cd45Bump git/ext/gitdb from335c0f6to53c94d69e94459Merge pull request #2140 from gitpython-developers/dependabot/pre_commit/pre-...714e2e1Xfail Windows symlink-capable index mutation testb17f113Bump https://github.com/astral-sh/ruff-pre-commitaee2fd5bump version to 3.1.49- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Technical Details
| ID: | 15726436 |
| UUID: | 4414401362 |
| Node ID: | PR_kwDOD9nO_M7Z73EE |
| Host: | GitHub |
| Repository: | NHSDigital/sync-wrap |