chore(deps): update dependency simple-git to v3.36.0#9
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update dependency simple-git to v3.36.0#9renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
bot
force-pushed
the
renovate/simple-git-3.x-lockfile
branch
2 times, most recently
from
dd7ef97 to
1c0b374
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/simple-git-3.x-lockfile
branch
from
1c0b374 to
0023f53
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.27.0→3.36.0Release Notes
steveukx/git-js (simple-git)
v3.36.0Compare Source
Minor Changes
89a2294: Extend known exploitable configuration keys and per-task environment variables.Note -
ParsedVulnerabilitiesfromargv-parseris removed in favour of a readonly array ofVulnerabilityto match usage insimple-git, rolled into the newvulnerabilityCheckfor simpler access to the identified issues.Thanks to @zebbern for identifying the need to block
core.fsmonitor.Thanks to @kodareef5 for identifying the need to block
GIT_CONFIG_COUNTenvironment variables and--template/mergerelated config.Patch Changes
1ad57e8: Remove conflicting node:buffer import89a2294]675570a]v3.35.2Compare Source
Patch Changes
0cf9d8c: Improvements for mono-repo publishing pipeline0cf9d8c]v3.35.1Compare Source
Patch Changes
0de400e: Update monorepo version handling during publish0de400e]v3.35.0Compare Source
Minor Changes
3d8708b: Updating publish configPatch Changes
3d8708b]v3.34.0Compare Source
Minor Changes
2b68331: Revised dependency tree to add helper modules as dependencies in mainsimple-gitPatch Changes
2e1f51c: Enhances scanning of arguments before passing on to the spawnedchild_process.Caters for
-cflags prefixing thegittask (used when setting global inline config) and suffixing with either-c,--configor--config-env. Detectsgit configoperations that write to the configuration.Updated dependencies [
2e1f51c]v3.33.0Compare Source
Minor Changes
a263635: Usepathspecwrappers for remote and local paths when running eithergit.cloneorgit.mirrortoavoid leaving them less open for unexpected outcomes when passing unsanitised data into these tasks.
Patch Changes
e253a0d: Enhancedgit -cchecks inunsafeplugin.Thanks to @JohannesLks for identifying the issue
v3.32.3Compare Source
Patch Changes
f704208: Enhancedprotocol.allowchecks inallowUnsafeExtProtocolhandling.Thanks to @CodeAnt-AI-Security for identifying the issue
v3.32.2Compare Source
Patch Changes
8d02097: Enhanced clone unsafe switch detection.v3.32.1Compare Source
Patch Changes
23b070f: Fix regex for detecting unsafe clone optionsThanks to @stevenwdv for reporting this issue.
v3.32.0Compare Source
Minor Changes
1effd8e: Enhances theunsafeplugin to block additional cases where the-uswitch may be disguisedalong with other single character options.
Thanks to @JuHwiSang for identifying this as vulnerability.
Patch Changes
d5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.v3.31.1Compare Source
Patch Changes
a44184f: Resolve NPM publish stepsv3.30.0Compare Source
Minor Changes
bc77774: Correctly identify current branch name when usinggit.statusin a cloned empty repo.Previously
git.statuswould report the current branch name asNo. Thank you to @MaddyGuthridge for identifying this issue.v3.29.0Compare Source
Minor Changes
240ec64: Support for absolute paths on Windows when usinggit.checkIngore, previously Windows would reportpaths with duplicate separators
\\\\between directories.Following this change all paths returned from
git.checkIgnorewill be normalized throughnode:path,this should have no impact on non-windows users where the
gitbinary doesn't wrap absolute paths withquotes.
Thanks to @Maxim-Mazurok for reporting this issue.
9872f84: Support the use ofgit.branch(['--show-current'])to limit the branch list to only the current branch.Thanks to @peterbe for pointing out the use-case.
5736bd8: Change to biome for lint and formatv3.28.0Compare Source
Minor Changes
2adf47d: Allow repeating git options like{'--opt': ['value1', 'value2']}Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.