openSUSE-SU-2024:0130-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0130-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2024:0130-1
Related
Published
2024-05-18T12:51:03Z
Modified
2024-05-18T12:51:03Z
Summary
Security update for git-cliff
Details

This update for git-cliff fixes the following issues:

  • update to 2.2.2:

    • (changelog) Allow adding custom context
    • (changelog) Ignore empty lines when using split_commits
    • (parser) Allow matching empty commit body
    • Documentation updates

  • update to 2.2.1:

    • Make rendering errors more verbose
    • Support detecting config from project manifest
    • Make the bump version rules configurable
    • bug fixes and documentation updates

  • CVE-2024-32650: rust-rustls: Infinite loop with proper client input fixes (boo#1223218)

  • Update to version 2.1.2:

    • feat(npm): add programmatic API for TypeScript
    • chore(fixtures): enable verbose logging for output
    • refactor(clippy): apply clippy suggestions
    • refactor(changelog): do not output to stdout when prepend is used
    • feat(args): add --tag-pattern argument
    • fix(config): fix commit parser regex in the default config
    • fix(github): sanitize the GitHub token in debug logs
    • chore(config): add animation to the header of the changelog
    • refactor(clippy): apply clippy suggestions
    • docs(security): update security policy
    • chore(project): add readme to core package
    • chore(embed): do not allow missing docs
    • chore(config): skip dependabot commits for dev updates
    • docs(readme): mention RustLab 2023 talk
    • chore(config): revamp the configuration files
    • chore(docker): update versions in Dockerfile
    • chore(example): use full links in GitHub templates
    • chore(project): bump MSRV to 1.74.1
    • revert(config): use postprocessors for checking the typos
    • feat(template): support using PR labels in the GitHub template
    • docs(configuration): fix typo
    • feat(args): add --no-exec flag for skipping command execution
    • chore(command): explicitly set the directory of command to current dir
    • refactor(ci): use hardcoded workspace members for cargo-msrv command
    • refactor(ci): simplify cargo-msrv installation
    • refactor(clippy): apply clippy suggestions
    • refactor(config): use postprocessors for checking the typos
    • chore(project): update copyright years
    • chore(github): update templates about GitHub integration
    • feat(changelog): set the timestamp of the previous release
    • feat(template): support using PR title in the GitHub template
    • feat(changelog): improve skipping via .cliffignore and --skip-commit
    • chore(changelog): disable the default behavior of next-version
    • fix(git): sort commits in topological order
    • test(changelog): use the correct version for missing tags
    • chore(changelog): use 0.1.0 as default next release if no tag is found
    • feat(github)!: support integration with GitHub repos
    • refactor(changelog): support --bump for processed releases
    • fix(cli): fix broken pipe when stdout is interrupted
    • test(fixtures): update the bumped value output to add prefix
    • feat(changelog): support tag prefixes with --bump
    • feat(changelog)!: set tag to 0.0.1 via --bump if no tags exist
    • fix(commit): trim the trailing newline from message
    • docs(readme): use the raw link for the animation
    • chore(example): remove limited commits example
    • feat(args): add -x short argument for --context
    • revert(deps): bump actions/upload-pages-artifact from 2 to 3
    • revert(deps): bump actions/deploy-pages from 3 to 4
    • chore(dependabot): group the dependency updates for creating less PRs
    • feat(parser): support using SHA1 of the commit
    • feat(commit): add merge_commit flag to the context
    • chore(mergify): don't update PRs for the main branch
    • fix(links): skip checking the GitHub commit URLs
    • fix(changelog): fix previous version links
    • feat(parser): support using regex scope values
    • test(fixture): update the date for example test fixture
    • docs(fixtures): add instructions for adding new fixtures
    • feat(args): support initialization with built-in templates
    • feat(changelog)!: support templating in the footer
    • feat(args): allow returning the bumped version
    • test(fixture): add test fixture for bumping version
    • fix: allow version bump with a single previous release
    • fix(changelog): set the correct previous tag when a custom tag is given
    • feat(args): set CHANGELOG.md as default missing value for output option
    • refactor(config): remove unnecessary newline from configs

  • Update to version 1.4.0:

    • Support bumping the semantic version via --bump
    • Add 'typos' check
    • Log the output of failed external commands -
    • breaking change: Support regex in 'tag_pattern' configuration
    • Add field and value matchers to the commit parser

  • Update to version 1.2.0:

    • Update clap and clap extras to v4
    • Make the fields of Signature public
    • Add a custom configuration file for the repository
    • Support placing configuration inside pyproject.toml
    • Generate SBOM/provenance for the Docker image
    • Support using regex group values
    • [breaking] Nested environment config overrides
    • Set max of limit_commits to the number of commits
    • Set the node cache dependency path
    • Use the correct argument in release script

  • Update to version 1.1.2:

    • Do not skip all tags when skip_tags is empty (#136)
    • Allow saving context to a file (#138)
    • Derive the tag order from commits instead of timestamp (#139)
    • Use timestamp for deriving the tag order (#139)

  • Update to version 1.1.1:

    • Relevant change: Update README.md about the NPM package
    • Fix type casting in base NPM package
    • Rename the package on Windows
    • Disable liquid parsing in README.md by using raw blocks
    • Support for generating changelog for multiple git repositories
    • Publish binaries for more platforms/architectures

  • Update to version 1.0.0:

    • Bug Fixes
      • Fix test fixture failures
    • Documentation
      • Fix GitHub badges in README.md
    • Features
      • [breaking] Replace --date-order by --topo-order
      • Allow running with --prepend and --output
      • [breaking] Use current time for --tag argument
      • Include completions and mangen in binary releases
      • Publish Debian package via release workflow
    • Miscellaneous Tasks
      • Run all test fixtures
      • Remove deprecated set-output usage
      • Update actions/checkout to v3
      • Comment out custom commit preprocessor
    • Refactor
      • Apply clippy suggestions
    • Styling
      • Update README.md about the styling of footer field
References

Affected packages

SUSE:Package Hub 15 SP5 / git-cliff

Package

Name
git-cliff
Purl
pkg:rpm/suse/git-cliff&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-cliff": "2.2.2-bp155.2.3.1",
            "git-cliff-bash-completion": "2.2.2-bp155.2.3.1",
            "git-cliff-zsh-completion": "2.2.2-bp155.2.3.1",
            "git-cliff-fish-completion": "2.2.2-bp155.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / git-cliff

Package

Name
git-cliff
Purl
pkg:rpm/opensuse/git-cliff&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-bp155.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "git-cliff": "2.2.2-bp155.2.3.1",
            "git-cliff-bash-completion": "2.2.2-bp155.2.3.1",
            "git-cliff-zsh-completion": "2.2.2-bp155.2.3.1",
            "git-cliff-fish-completion": "2.2.2-bp155.2.3.1"
        }
    ]
}