WSL/tools/devops/requirements.txt at user/dkbennett/asyncoptimize - WSL - Gitea: Self-hosted GitHub

microsoft/WSL

mirror of https://github.com/microsoft/WSL.git synced 2026-06-01 01:49:36 -05:00

Files

Ben Hillis 6a462fb2a1 Bump GitPython to 3.1.50 to address CVE-2026-42215 bypass (#40504 )

Fixes Dependabot alerts #22 and #23. GitPython <= 3.1.49 has a newline injection vulnerability in config_writer() section parameter that bypasses the CVE-2026-42215 patch and enables RCE via core.hooksPath.

Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-05-12 01:30:34 +00:00

4 lines

67 B

Plaintext

Raw Permalink Blame History

 azure-devops==7.1.0b4
 click==8.1.3
 gitpython==3.1.50
 backoff==2.2.1