Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update gitpython to 3.1.30 #83

Merged
merged 1 commit into from
Jan 17, 2023
Merged

Update gitpython to 3.1.30 #83

merged 1 commit into from
Jan 17, 2023

Conversation

ddl-fpoblete
Copy link
Contributor

@ddl-fpoblete ddl-fpoblete commented Jan 17, 2023
edited
Loading

Description

PR to fix a vulnerability with [email protected]

Vulnerability found in gitpython version 3.1.29
  Vulnerability ID: 52322
  Affected spec: <3.1.30
  ADVISORY: Gitpython 3.1.30 includes a fix for CVE-2022-24439:
  Gitpython is vulnerable to Remote Code Execution (RCE) due to improper user
  input validation, which makes it possible to inject a maliciously crafted
  remote URL into the clone command. Exploiting this vulnerability is possible
  because the library makes external calls to git without sufficient
  sanitization of input arguments.
  CVE-2022-24439
  For more information, please visit https://pyup.io/v/[52](https://github.com/dominodatalab/domino-data/actions/runs/3942747608/jobs/6746760375#step:10:53)322/f17

Related Issue

Type of Change

  • 📚 Examples / docs / tutorials / dependencies update
  • 🔧 Bug fix (non-breaking change which fixes an issue)
  • 🥂 Improvement (non-breaking change which improves an existing feature)
  • 🚀 New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to change)
  • 🔐 Security fix

Checklist

  • I've read the CONTRIBUTING.md guide.
  • I've updated the code style using make codestyle.
  • I've written tests for all new methods and classes that I created.
  • I've written the docstring in Google format for all the methods and classes that I used.

@ddl-fpoblete ddl-fpoblete marked this pull request as ready for review January 17, 2023 20:20
@github-actions
Copy link

github-actions bot commented Jan 17, 2023
edited
Loading

✅ Result of Pytest Coverage

---------- coverage: platform linux, python 3.10.9-final-0 -----------

Name Stmts Miss Cover
domino_data/init.py 7 2 71%
domino_data/_feature_store/init.py 0 0 100%
domino_data/_feature_store/client.py 41 3 93%
domino_data/_feature_store/exceptions.py 9 0 100%
domino_data/_feature_store/git.py 43 1 98%
domino_data/_feature_store/logging.py 7 0 100%
domino_data/_feature_store/run.py 16 16 0%
domino_data/_feature_store/sync.py 98 9 91%
domino_data/auth.py 84 12 86%
domino_data/configuration_gen.py 158 0 100%
domino_data/data_sources.py 265 15 94%
domino_data/logging.py 10 0 100%
domino_data/training_sets/init.py 0 0 100%
domino_data/training_sets/client.py 126 10 92%
domino_data/training_sets/model.py 42 0 100%
TOTAL 906 68 92%

~ 55 passed in 19.25s ~

@ddl-fpoblete ddl-fpoblete merged commit bd325a8 into main Jan 17, 2023
@ddl-fpoblete ddl-fpoblete deleted the gitpython-3.1.30 branch January 17, 2023 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronit-basu ronit-basu ronit-basu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ddl-fpoblete @ronit-basu