Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: gitpython-developers/GitPython
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.1.29
Choose a base ref
...
head repository: gitpython-developers/GitPython
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.1.30
Choose a head ref
  • 20 commits
  • 17 files changed
  • 7 contributors

Commits on Oct 13, 2022

  1. Add datetime.datetime type to commit_date and author_date

    @SergeantMenacingGarlic
    SergeantMenacingGarlic committed Oct 13, 2022
    Configuration menu
    Copy the full SHA
    8f51abd View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2022

  1. Merge pull request #1501 from SergeantMenacingGarlic/date_types 

    Add datetime.datetime type to commit_date and author_date
    @Byron
    Byron authored Oct 14, 2022
    Configuration menu
    Copy the full SHA
    183cf35 View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2022

  1. fix CI by allowing the file protocol as well.

    @Byron
    Byron committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    4171333 View commit details
    Browse the repository at this point in the history

  2. Bump cygwin/cygwin-install-action from 2 to 3 

    Bumps [cygwin/cygwin-install-action](https://github.com/cygwin/cygwin-install-action) from 2 to 3.
- [Release notes](https://github.com/cygwin/cygwin-install-action/releases)
- [Commits](cygwin/cygwin-install-action@v2...v3)

---
updated-dependencies:
- dependency-name: cygwin/cygwin-install-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot @Byron
    dependabot[bot] authored and Byron committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    17ff263 View commit details
    Browse the repository at this point in the history

Commits on Dec 21, 2022

  1. Fix command injection 

    Add `--` in some commands that receive user input
and if interpreted as options could lead to remote
code execution (RCE).

There may be more commands that could benefit from `--`
so the input is never interpreted as an option,
but most of those aren't dangerous.

Fixed commands:

- push
- pull
- fetch
- clone/clone_from and friends
- archive (not sure if this one can be exploited, but it doesn't hurt
  adding `--` :))

For anyone using GitPython and exposing any of the GitPython methods to users,
make sure to always validate the input (like if starts with `--`).
And for anyone allowing users to pass arbitrary options, be aware
that some options may lead fo RCE, like `--exc`, `--upload-pack`,
`--receive-pack`, `--config` (#1516).

Ref #1517
    @stsewd
    stsewd committed Dec 21, 2022
    Configuration menu
    Copy the full SHA
    fbf9c7e View commit details
    Browse the repository at this point in the history

  2. Fix CI 

    Taken from #1516
    @stsewd
    stsewd committed Dec 21, 2022
    Configuration menu
    Copy the full SHA
    3c51865 View commit details
    Browse the repository at this point in the history

Commits on Dec 22, 2022

  1. Add test

    @stsewd
    stsewd committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    7918fcc View commit details
    Browse the repository at this point in the history

  2. update changelog

    @Byron
    Byron committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    2aae532 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'fix-cmd-injection'

    @Byron
    Byron committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    787359d View commit details
    Browse the repository at this point in the history

Commits on Dec 23, 2022

  1. Forbid unsafe protocol URLs in Repo.clone{,_from}() 

    Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)

Fixes #1515
    @s-t-e-v-e-n-k @stsewd
    s-t-e-v-e-n-k authored and stsewd committed Dec 23, 2022
    Configuration menu
    Copy the full SHA
    2625ed9 View commit details
    Browse the repository at this point in the history

Commits on Dec 24, 2022

  1. Block unsafe options and protocols by default

    @stsewd
    stsewd committed Dec 24, 2022
    Configuration menu
    Copy the full SHA
    e6108c7 View commit details
    Browse the repository at this point in the history

Commits on Dec 27, 2022

  1. Updates from review

    @stsewd
    stsewd committed Dec 27, 2022
    Configuration menu
    Copy the full SHA
    fd2c6da View commit details
    Browse the repository at this point in the history

  2. Update/add tests for Repo.clone*

    @stsewd
    stsewd committed Dec 27, 2022
    Configuration menu
    Copy the full SHA
    b92f01a View commit details
    Browse the repository at this point in the history

Commits on Dec 28, 2022

  1. More tests

    @stsewd
    stsewd committed Dec 28, 2022
    Configuration menu
    Copy the full SHA
    c8ae33b View commit details
    Browse the repository at this point in the history

  2. Submodule tests

    @stsewd
    stsewd committed Dec 28, 2022
    Configuration menu
    Copy the full SHA
    9dc4392 View commit details
    Browse the repository at this point in the history

Commits on Dec 29, 2022

  1. Updates from review

    @stsewd
    stsewd committed Dec 29, 2022
    Configuration menu
    Copy the full SHA
    f4f2658 View commit details
    Browse the repository at this point in the history

  2. Document PushInfoList

    @skinitimski @Byron
    skinitimski authored and Byron committed Dec 29, 2022
    Configuration menu
    Copy the full SHA
    5bce9b4 View commit details
    Browse the repository at this point in the history

  3. Fix type hint on create_tag 

    pycharm yells at me without this
    @drewcassidy @Byron
    drewcassidy authored and Byron committed Dec 29, 2022
    Configuration menu
    Copy the full SHA
    ae6a6e4 View commit details
    Browse the repository at this point in the history

  4. Merge pull request #1521 from stsewd/block-insecure-options 

    Block insecure options and protocols by default
    @Byron
    Byron authored Dec 29, 2022
    Configuration menu
    Copy the full SHA
    678a8fe View commit details
    Browse the repository at this point in the history

  5. adjust changelog prior to release

    @Byron
    Byron committed Dec 29, 2022
    Configuration menu
    Copy the full SHA
    141cd65 View commit details
    Browse the repository at this point in the history
Loading