hooks:

-id:shellcheck

args:[--color]

exclude:^git/ext/

exclude:^test/fixtures/polyglot$|^git/ext/

-repo:https://github.com/pre-commit/pre-commit-hooks

rev:v4.4.0

version:2

build:

os:ubuntu-22.04

tools:

python:"3.12"

sphinx:

configuration:doc/source/conf.py

-Santos Gallegos <stsewd _at_ proton.me>

-Wenhan Zhu <wzhu.cosmos _at_ gmail.com>

-Eliah Kagan <eliah.kagan _at_ gmail.com>

-Ethan Lin <et.repositories _at_ gmail.com>

-Randy Eckman <emanspeaks _at_ gmail.com>

Portions derived from other open source works and are clearly marked.

3.1.40

3.1.41

sphinxcontrib-applehelp>=1.0.2,<=1.0.4

sphinxcontrib-htmlhelp>=2.0.0,<=2.0.1

Changelog

3.1.41

This release is relevant for security as it fixes a possible arbitary

code execution on Windows.

See this PR for details: https://github.com/gitpython-developers/GitPython/pull/1792

An advisory is available soon at: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

See the following for all changes.

https://github.com/gitpython-developers/GitPython/releases/tag/3.1.41

3.1.40

html_theme_options= {}

Iterator,

List,

Mapping,

Optional,

Sequence,

TYPE_CHECKING,

TextIO,

Callable[[bytes,"Repo","DiffIndex"],None],

],

stderr_handler:Union[None,Callable[[AnyStr],None],Callable[[List[AnyStr]],None]],

finalizer:Union[None,Callable[[Union[subprocess.Popen,"Git.AutoInterrupt"]],None]]=None,

finalizer:Union[None,Callable[[Union[Popen,"Git.AutoInterrupt"]],None]]=None,

decode_streams:bool=True,

kill_after_timeout:Union[None,float]=None,

)->None:

finalizer(process)

def_safer_popen_windows(

command:Union[str,Sequence[Any]],

*,

shell:bool=False,

env:Optional[Mapping[str,str]]=None,

**kwargs:Any,

)->Popen:

creationflags=subprocess.CREATE_NO_WINDOW|subprocess.CREATE_NEW_PROCESS_GROUP

ifshell:

safer_env= {}ifenvisNoneelsedict(env)

safer_env["NoDefaultCurrentDirectoryInExePath"]="1"

else:

withpatch_env("NoDefaultCurrentDirectoryInExePath","1"):

returnPopen(

command,

shell=shell,

env=safer_env,

creationflags=creationflags,

**kwargs,

)

ifos.name=="nt":

else:

defdashify(string:str)->str:

returnstring.replace("_","-")

ifos.name=="nt":

PROC_CREATIONFLAGS=subprocess.CREATE_NO_WINDOW|subprocess.CREATE_NEW_PROCESS_GROUP

else:

classGit(LazyMixin):

redacted_command,

'"kill_after_timeout" feature is not supported on Windows.',

)

maybe_patch_caller_env=patch_env("NoDefaultCurrentDirectoryInExePath","1")

else:

maybe_patch_caller_env=contextlib.nullcontext()

stdout_sink=PIPEifwith_stdoutelsegetattr(subprocess,"DEVNULL",None)oropen(os.devnull,"wb")

universal_newlines,

)

try:

withmaybe_patch_caller_env:

proc=Popen(

command,

env=env,

cwd=cwd,

bufsize=-1,

stdin=(istreamorDEVNULL),

stderr=PIPE,

stdout=stdout_sink,

shell=shell,

universal_newlines=universal_newlines,

creationflags=PROC_CREATIONFLAGS,

**subprocess_kwargs,

)

proc=safer_popen(

command,

env=env,

cwd=cwd,

bufsize=-1,

stdin=(istreamorDEVNULL),

stderr=PIPE,

stdout=stdout_sink,

shell=shell,

universal_newlines=universal_newlines,

**subprocess_kwargs,

)

exceptcmd_not_found_exceptionaserr:

raiseGitCommandNotFound(redacted_command,err)fromerr

else:

)

fromgit.cmdimportPROC_CREATIONFLAGS,handle_process_output,Git

fromgit.cmdimporthandle_process_output,Git,safer_popen

fromgit.compatimportdefenc,force_bytes,force_text,safe_decode

fromgit.excimportHookExecutionError,UnmergedEntriesError

fromgit.objects.funimport (

relative_hp=Path(hp).relative_to(index.repo.working_dir).as_posix()

cmd= [Git.GIT_PYTHON_BASH_EXECUTABLE,relative_hp]

process=subprocess.Popen(

process=safer_popen(

cmd+list(args),

env=env,

stdout=subprocess.PIPE,

stderr=subprocess.PIPE,

cwd=index.repo.working_dir,

creationflags=PROC_CREATIONFLAGS,

)

exceptExceptionasex:

raiseHookExecutionError(hp,ex)fromex

__all__= ("TreeModifier","Tree")

defgit_cmp(t1:TreeCacheTup,t2:TreeCacheTup)->int:

a,b=t1[2],t2[2]

len_a,len_b=len(a),len(b)

min_len=min(len_a,len_b)

min_cmp=cmp(a[:min_len],b[:min_len])

ifmin_cmp:

defmerge_sort(a:List[TreeCacheTup],cmp:Callable[[TreeCacheTup,TreeCacheTup],int])->None:

iflen(a)<2:

mid=len(a)//2

lefthalf=a[:mid]

righthalf=a[mid:]

merge_sort(lefthalf,cmp)

merge_sort(righthalf,cmp)

whilei<len(lefthalf)andj<len(righthalf):

ifcmp(lefthalf[i],righthalf[j])<=0:

a[k]=lefthalf[i]

else:

a[k]=righthalf[j]

whilei<len(lefthalf):

a[k]=lefthalf[i]

whilej<len(righthalf):

a[k]=righthalf[j]

classTreeModifier:

merge_sort(self._cache,git_cmp)

self._cache.sort(key=lambdax: (x[2]+"/")ifx[1]==Tree.tree_id<<12elsex[2])

defpy_where(program:str,path:Optional[PathLike]=None)->List[str]:

winprog_exts=_get_exe_extensions()

pytest-instafail

pytest-mock

pytest-sugar

sumtypes

echo'Ran intended hook.'>output.txt

from pathlib import Path

Path('payload.txt').write_text('Ran impostor hook!', encoding='utf-8')