Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork939
Affirm that gitdb and smmap advisories can also be created#1991
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
770e4b8 to0459b9aCompareThis expands `SECURITY.md` to affirm the claims in the new`SECURITY.md` files in gitdb and smmap that vulnerabilities foundin them can be reported in the GitPython repository with the samelink as one would use to report a GitPython vulnerability, as wellas to note how the distinction between affected package can bespecified when it is known at the time a vulnerability is reported.Along withgitpython-developers/smmap#59andgitpython-developers/gitdb#117, thisfixesgitpython-developers/gitdb#116.
0459b9a tob20de09CompareEliahKagan commentedJan 5, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
The setup-wsl action failed on Windows in Python 3.12 here (here'sthe log). It is extremely unlikely to relate to the actual change in this PR, which modifies only I do wonder if Alpine Linux for WSL is more likely to have this problem than Debian, which was used before and which I believe setup-wsl still downloads from a different source. Edit: Hmm, actually, it failed both in my fork on the
This is odd because it only failed with Python 3.12. But as far as I know, setup-wsl should not be using Python in any way! One possibility is that there was a temporary outage in access to the download, and that because this push was after the PR was opened (it was a force push to fix a typo), the jobs started at almost the same time, and thus reached that step at almost the same time, where they both encountered the transient error at the same time. Edit 2: It reran successfully. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks a lot, this will do perfectly!
206201c intogitpython-developers:mainUh oh!
There was an error while loading.Please reload this page.
The links ingitpython-developers#1991 did not work, as I got the branch names wrong.
Actually, the links I added are broken! The branch name part of the URLs is wrong, so they give not-found errors. (I had tested the links from gitdb and smmap to here, but not the ones here to gitdb and smmap.) I've opened#1992 to fix this. |
This expands
SECURITY.mdto affirm the claims in the newSECURITY.mdfiles in gitdb and smmap that vulnerabilities found in them can be reported in the GitPython repository with the same link as one would use to report a GitPython vulnerability, as well as to note how the distinction between affected package can be specified when it is known at the time a vulnerability is reported.Along withgitpython-developers/smmap#59 andgitpython-developers/gitdb#117, thisfixesgitpython-developers/gitdb#116.