❗️ Important security updates ❗️

This release contains security fixes for newly discovered high severity issues. These issues were privately reported to the GitProxy & FINOS teams. Special thanks to the following individuals for their contributions:

• @dgl for the initial report, analysis and reproductions
• @jescalada @fabiovincenzi @06kellyjac for implementing & reviewing the various fixes

The following advisories are resolved in this release:

• GHSA-qr93-8wwf-22g4
• GHSA-xxmh-rf63-qwjv
• GHSA-39p2-8hq9-fwj6
• GHSA-v98g-8rqx-g93g

All GitProxy users & implementations are strongly advised to upgrade to this latest version to receive these critical fixes. Additional bug fixes and enhancements are included below.

What's Changed

• fix: additional user api leaks by @andypols in #1098
• fix(deps): update dependency body-parser to v2 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1087
• chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml by @renovate[bot] in #1112
• fix: updated URL for FINOS community slack channel by @sam-holmes2 in #1011
• docs: update SECURITY.md with reporting guidance by @tabathad in #1117
• fix: dependency vulnerability fixes by @jescalada in #1103
• fix: default config validation error and extras by @jescalada in #1124
• fix: parsePush regression on tmp directory by @jescalada in #1118

New Contributors

• @tabathad made their first contribution in #1117

Full Changelog: v1.19.1...v1.19.2