Skip to content

chore(deps): bump gitpython from 3.1.46 to 3.1.50#198

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/gitpython-3.1.50
Closed

chore(deps): bump gitpython from 3.1.46 to 3.1.50#198
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/gitpython-3.1.50

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 9, 2026
edited
Loading

Bumps gitpython from 3.1.46 to 3.1.50.

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

3.1.49 - Security

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

3.1.47 - with security fixes

Advisories

What's Changed

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 9, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 9, 2026 03:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 9, 2026
@dependabot dependabot Bot mentioned this pull request May 9, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 9, 2026
edited
Loading

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketsecurity==2.2.92.dev3

Docker image: socketdev/cli:pr-198

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 9, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​gitpython@​3.1.46 ⏵ 3.1.5093100 +50100100100

View full report

@socket-security-staging
Copy link
Copy Markdown

socket-security-staging Bot commented May 9, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedpypi/​gitpython@​3.1.46 ⏵ 3.1.5093100 +50100100100

View full report

@lelia lelia mentioned this pull request May 18, 2026
Closed
10 tasks
@dependabot dependabot Bot force-pushed the dependabot/uv/gitpython-3.1.50 branch from ca1a0ce to 218c394 Compare May 18, 2026 21:42
lelia added a commit that referenced this pull request May 19, 2026
@lelia
chore(deps): bump 8 main app dependencies to dependabot-validated ver…
facccb3 
…sions

Bundles the following Dependabot PRs into uv.lock (regenerated):
- urllib3       2.6.3   -> 2.7.0     (closes #200)
- gitpython     3.1.46  -> 3.1.50    (closes #198)
- python-dotenv 1.2.1   -> 1.2.2     (closes #190)
- pytest        9.0.2   -> 9.0.3     (closes #188)
- uv            0.9.21  -> 0.11.6    (closes #184)
- cryptography  46.0.5  -> 46.0.7    (closes #181)
- pygments      2.19.2  -> 2.20.0    (closes #177)
- requests      2.32.5  -> 2.33.0    (closes #175)

All eight target versions were verified through Socket Firewall (sfw) on the
full transitive dependency tree (15 packages including transitive deps fetched
clean; no malware/typosquat/supply-chain alerts).

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot dependabot Bot force-pushed the dependabot/uv/gitpython-3.1.50 branch from 218c394 to 256e433 Compare May 21, 2026 18:57
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 21, 2026
edited
Loading

Version Check Failed

Please increment...

lelia added a commit that referenced this pull request May 29, 2026
@lelia
chore(deps): bump 9 main-app dependencies to Dependabot-validated ver…
4ef99cc 
…sions

Bundles the nine open Dependabot PRs against the main app into a single
uv.lock regeneration:

- urllib3       2.6.3   -> 2.7.0     (closes #200)
- gitpython     3.1.46  -> 3.1.50    (closes #198)
- python-dotenv 1.2.1   -> 1.2.2     (closes #190)
- pytest        9.0.2   -> 9.0.3     (closes #188)
- uv            0.9.21  -> 0.11.6    (closes #184)
- cryptography  46.0.5  -> 46.0.7    (closes #181)
- pygments      2.19.2  -> 2.20.0    (closes #177)
- requests      2.32.5  -> 2.33.0    (closes #175)
- idna          3.11    -> 3.15      (closes #205, CVE-2026-45409)

idna 3.14 fixed CVE-2026-45409 -- a quadratic-time DoS vector via
oversized inputs that bypassed the earlier CVE-2024-3651 mitigation.
The other bumps are version-currentness hygiene.

All nine target versions verified through Socket Firewall (sfw) on the
full transitive dependency tree; no malware / typosquat / supply-chain
alerts surfaced.

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
@lelia lelia mentioned this pull request May 29, 2026
Merged
5 tasks
@dependabot dependabot Bot force-pushed the dependabot/uv/gitpython-3.1.50 branch from 256e433 to 8643ded Compare May 29, 2026 20:38
@dependabot
chore(deps): bump gitpython from 3.1.46 to 3.1.50
c1f0a82 
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.46 to 3.1.50.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.46...3.1.50)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump gitpython from 3.1.46 to 3.1.50 chore(deps): bump gitpython from 3.1.46 to 3.1.50 May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/gitpython-3.1.50 branch from 8643ded to c1f0a82 Compare May 29, 2026 21:13
lelia added a commit that referenced this pull request May 29, 2026
@lelia
chore(deps): bump 9 main-app dependencies to latest
53e4a1b 
Bundles the nine open Dependabot PRs against the main app into a single
uv.lock regeneration. Where Dependabot's target trailed the latest published
release, we went to the current latest and re-verified through sfw:

- urllib3       2.6.3   -> 2.7.0     (closes #200)
- gitpython     3.1.46  -> 3.1.50    (closes #198)
- python-dotenv 1.2.1   -> 1.2.2     (closes #190)
- pytest        9.0.2   -> 9.0.3     (closes #188)
- uv            0.9.21  -> 0.11.17   (closes #210; Dependabot targeted 0.11.15)
- cryptography  46.0.5  -> 46.0.7    (closes #181)
- pygments      2.19.2  -> 2.20.0    (closes #177)
- requests      2.32.5  -> 2.33.0    (closes #175)
- idna          3.11    -> 3.15      (closes #205, CVE-2026-45409)

idna 3.14 fixed CVE-2026-45409 -- a quadratic-time DoS via oversized inputs
that bypassed the earlier CVE-2024-3651 mitigation. The rest are hygiene.

All nine final versions verified clean through Socket Firewall (sfw) on the
full transitive tree.

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
lelia added a commit that referenced this pull request May 29, 2026
@lelia
chore(deps): bump 9 main-app dependencies to latest
19a035e 
Bundles the nine open Dependabot PRs against the main app into a single
uv.lock regeneration. Where Dependabot's target trailed the latest published
release, we went to the current latest and re-verified through sfw:

- urllib3       2.6.3   -> 2.7.0     (closes #200)
- gitpython     3.1.46  -> 3.1.50    (closes #198)
- python-dotenv 1.2.1   -> 1.2.2     (closes #190)
- pytest        9.0.2   -> 9.0.3     (closes #188)
- uv            0.9.21  -> 0.11.17   (closes #210; Dependabot targeted 0.11.15)
- cryptography  46.0.5  -> 46.0.7    (closes #181)
- pygments      2.19.2  -> 2.20.0    (closes #177)
- requests      2.32.5  -> 2.33.0    (closes #175)
- idna          3.11    -> 3.15      (closes #205, CVE-2026-45409)

idna 3.14 fixed CVE-2026-45409 -- a quadratic-time DoS via oversized inputs
that bypassed the earlier CVE-2024-3651 mitigation. The rest are hygiene.

All nine final versions verified clean through Socket Firewall (sfw) on the
full transitive tree.

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
@lelia lelia closed this in 6969361 May 29, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 29, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/gitpython-3.1.50 branch May 29, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants