You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affirm that gitdb and smmap advisories can also be created
This expands `SECURITY.md` to affirm the claims in the new
`SECURITY.md` files in gitdb and smmap that vulnerabilities found
in them can be reported in the GitPython repository with the same
link as one would use to report a GitPython vulnerability, as well
as to note how the distinction between affected package can be
specified when it is known at the time a vulnerability is reported.
Along with gitpython-developers/smmap#59
and gitpython-developers/gitdb#117, this
fixesgitpython-developers/gitdb#116.
Copy file name to clipboardexpand all lines: SECURITY.md
+3-1
Original file line number
Diff line number
Diff line change
@@ -11,4 +11,6 @@ Only the latest version of GitPython can receive security updates. If a vulnerab
11
11
12
12
## Reporting a Vulnerability
13
13
14
-
Please report private portions of a vulnerability to <https://github.com/gitpython-developers/GitPython/security/advisories/new>. Doing so helps to receive updates and collaborate on the matter, without disclosing it publicliy right away.
14
+
Please report private portions of a vulnerability to <https://github.com/gitpython-developers/GitPython/security/advisories/new>. Doing so helps to receive updates and collaborate on the matter, without disclosing it publicly right away.
15
+
16
+
Vulnerabilities in GitPython's dependencies [gitdb](https://github.com/gitpython-developers/gitdb/blob/main/SECURITY.md) or [smmap](https://github.com/gitpython-developers/smmap/blob/main/SECURITY.md), which primarily exist to support GitPython, can be reported here as well, at that same link. The affected package (`GitPython`, `gitdb`, or `smmap`) can be included in the report, if known.
0 commit comments