diff --git a/.python-version b/.python-version new file mode 100644 index 0000000..e4fba21 --- /dev/null +++ b/.python-version @@ -0,0 +1 @@ +3.12 diff --git a/packages/codeflash-core/changelogs/fix-dependabot-python-version.md b/packages/codeflash-core/changelogs/fix-dependabot-python-version.md new file mode 100644 index 0000000..a4f55cf --- /dev/null +++ b/packages/codeflash-core/changelogs/fix-dependabot-python-version.md @@ -0,0 +1,3 @@ +### Fixes + +- Bump gitpython>=3.1.47 to resolve security advisories (unsafe option check, command injection) diff --git a/packages/codeflash-core/pyproject.toml b/packages/codeflash-core/pyproject.toml index e6c3058..c4b27b0 100644 --- a/packages/codeflash-core/pyproject.toml +++ b/packages/codeflash-core/pyproject.toml @@ -1,10 +1,10 @@ [project] name = "codeflash-core" -version = "0.1.0" +version = "0.1.1.dev0" requires-python = ">=3.9" dependencies = [ "attrs>=26.1.0", - "gitpython>=3.1.0", + "gitpython>=3.1.47", "posthog>=3.0.0", "requests>=2.32.0", "sentry-sdk>=2.0.0", diff --git a/packages/codeflash-python/changelogs/fix-dependabot-python-version.md b/packages/codeflash-python/changelogs/fix-dependabot-python-version.md new file mode 100644 index 0000000..a4f55cf --- /dev/null +++ b/packages/codeflash-python/changelogs/fix-dependabot-python-version.md @@ -0,0 +1,3 @@ +### Fixes + +- Bump gitpython>=3.1.47 to resolve security advisories (unsafe option check, command injection) diff --git a/packages/codeflash-python/pyproject.toml b/packages/codeflash-python/pyproject.toml index da2e8bd..ba6b750 100644 --- a/packages/codeflash-python/pyproject.toml +++ b/packages/codeflash-python/pyproject.toml @@ -1,12 +1,12 @@ [project] name = "codeflash-python" -version = "0.1.1.dev0" +version = "0.1.2.dev0" requires-python = ">=3.9" dependencies = [ "codeflash-core", "coverage[toml]>=7.0", "dill>=0.3", - "gitpython>=3.1", + "gitpython>=3.1.47", "isort>=5.0", "jedi>=0.19", "junitparser>=3.2", diff --git a/uv.lock b/uv.lock index edd7132..4b28994 100644 --- a/uv.lock +++ b/uv.lock @@ -602,7 +602,7 @@ requires-dist = [ [[package]] name = "codeflash-core" -version = "0.1.0" +version = "0.1.1.dev0" source = { editable = "packages/codeflash-core" } dependencies = [ { name = "attrs" }, @@ -616,7 +616,7 @@ dependencies = [ [package.metadata] requires-dist = [ { name = "attrs", url = "https://github.com/KRRT7/attrs/releases/download/26.1.0.post1/attrs-26.1.0.post1-py3-none-any.whl" }, - { name = "gitpython", specifier = ">=3.1.0" }, + { name = "gitpython", specifier = ">=3.1.47" }, { name = "platformdirs", specifier = ">=4.0.0" }, { name = "posthog", specifier = ">=3.0.0" }, { name = "requests", specifier = ">=2.32.0" }, @@ -648,7 +648,7 @@ requires-dist = [{ name = "codeflash-core", editable = "packages/codeflash-core" [[package]] name = "codeflash-python" -version = "0.1.1.dev0" +version = "0.1.2.dev0" source = { editable = "packages/codeflash-python" } dependencies = [ { name = "codeflash-core" }, @@ -676,7 +676,7 @@ requires-dist = [ { name = "coverage", extras = ["toml"], specifier = ">=7.0" }, { name = "crosshair-tool", marker = "python_full_version < '3.15'", specifier = ">=0.0.78" }, { name = "dill", specifier = ">=0.3" }, - { name = "gitpython", specifier = ">=3.1" }, + { name = "gitpython", specifier = ">=3.1.47" }, { name = "isort", specifier = ">=5.0" }, { name = "jedi", specifier = ">=0.19" }, { name = "junitparser", specifier = ">=3.2" }, @@ -1451,14 +1451,14 @@ wheels = [ [[package]] name = "gitpython" -version = "3.1.46" +version = "3.1.49" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "gitdb" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/df/b5/59d16470a1f0dfe8c793f9ef56fd3826093fc52b3bd96d6b9d6c26c7e27b/gitpython-3.1.46.tar.gz", hash = "sha256:400124c7d0ef4ea03f7310ac2fbf7151e09ff97f2a3288d64a440c584a29c37f", size = 215371, upload-time = "2026-01-01T15:37:32.073Z" } +sdist = { url = "https://files.pythonhosted.org/packages/e1/63/210aaa302d6a0a78daa67c5c15bbac2cad361722841278b0209b6da20855/gitpython-3.1.49.tar.gz", hash = "sha256:42f9399c9eb33fc581014bedd76049dfbaf6375aa2a5754575966387280315e1", size = 219367, upload-time = "2026-04-29T00:31:20.478Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/6a/09/e21df6aef1e1ffc0c816f0522ddc3f6dcded766c3261813131c78a704470/gitpython-3.1.46-py3-none-any.whl", hash = "sha256:79812ed143d9d25b6d176a10bb511de0f9c67b1fa641d82097b0ab90398a2058", size = 208620, upload-time = "2026-01-01T15:37:30.574Z" }, + { url = "https://files.pythonhosted.org/packages/fd/6f/b842bfa6f21d6f87c57f9abf7194225e55279d96d869775e19e9f7236fc5/gitpython-3.1.49-py3-none-any.whl", hash = "sha256:024b0422d7f84d15cd794844e029ffebd4c5d42a7eb9b936b458697ef550a02c", size = 212190, upload-time = "2026-04-29T00:31:18.412Z" }, ] [[package]]