chore(deps): update dependency git-lfs/git-lfs to v3.6.1 in dockerfile (main) #5258
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
requested review from
lukemassa and
nitrocode
and removed request for
a team
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.6.0->3.6.1Release Notes
git-lfs/git-lfs (git-lfs/git-lfs)
v3.6.1Compare Source
This release introduces a security fix for all platforms, which has been assigned CVE-2024-53263.
When requesting credentials from Git for a remote host, prior versions of Git LFS passed portions of the host's URL to the
git-credential(1)command without checking for embedded line-ending control characters, and then sent any credentials received back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker might have been able to retrieve a user's Git credentials.Git LFS now prevents bare line feed (LF) characters from being included in the values sent to the
git-credential(1)command, and also prevents bare carriage return (CR) characters from being included unless thecredential.protectProtocolconfiguration option is set to a value equivalent tofalse.We would like to extend a special thanks to the following open-source contributors:
Bugs
Packages
Up to date packages are available on PackageCloud and Homebrew.
RPM RHEL 7/CentOS 7
RPM RHEL 8/Rocky Linux 8
RPM RHEL 9/Rocky Linux 9
Debian 10
Debian 11
Debian 12
SHA-256 hashes:
git-lfs-darwin-amd64-v3.6.1.zip
b53c361e6c85479507ed39ba99b87ec0888ac52f5afd2084fc68af4103081391
git-lfs-darwin-arm64-v3.6.1.zip
83b4ea3b0c72ba19e3bc46e47e92476f4505cc96693333b9fa0a314dddacc4ba
git-lfs-freebsd-386-v3.6.1.tar.gz
976e6123166ad54cd752a70a50f10d3cac22d35afc622f9ad1129320dc463bce
git-lfs-freebsd-amd64-v3.6.1.tar.gz
77c58f7d9ff207efa371fcf048900fa404d12393434c23c767a2f7dbabd0d8e1
git-lfs-linux-386-v3.6.1.tar.gz
62dd22e2cde54c051faaf58b5432f033a0cb6bf366d00648b1bc1b9ed1e819e1
git-lfs-linux-amd64-v3.6.1.tar.gz
2138d2e405a12f1a088272e06790b76699b79cb90d0317b77aafaf35de908d76
git-lfs-linux-arm-v3.6.1.tar.gz
7e3e7df9d7cc663efab9d996c67af17d99afe8b0ce2fc002703cac0b8826f4f7
git-lfs-linux-arm64-v3.6.1.tar.gz
1c2720ff53528fbe769633d448d830aa7b682141e3c4f6a9f26b9cf3b2548d0a
git-lfs-linux-loong64-v3.6.1.tar.gz
0135b9fa6c8a13d4c7cec6e434b6cc4391b74321aa13743dd7e8f14bd33648f8
git-lfs-linux-ppc64le-v3.6.1.tar.gz
86d42801b6e70522560eb3e33c0512f9733b3dad1ca08471cd135f445029cdfb
git-lfs-linux-riscv64-v3.6.1.tar.gz
e26adb02957e859385159d60dd642b800a265d3fcd38590266d3428aefb4ddba
git-lfs-linux-s390x-v3.6.1.tar.gz
c9aa0391ac58c5ed695fceec891c953d12fe78ae31ecbd5fd3cb4204cf8273a9
git-lfs-v3.6.1.tar.gz
1417b7ee9a8fba8d649a89f070fdcde8b2593ca2caa74e3e808d2bb35d5ca5f7
git-lfs-windows-386-v3.6.1.zip
74fd0d4c9ea314719b6890667b0e528c4467726e1a7302e68221afba806a69b5
git-lfs-windows-amd64-v3.6.1.zip
aaca788e04f91676e58654d5ecf96cf03c76768a63b3a6918281a9678884c20c
git-lfs-windows-arm64-v3.6.1.zip
ad40ab00a73ef4bf63c969472d0e5a824686b495dbc01ea8e9e4cc456c49a4b0
git-lfs-windows-v3.6.1.exe
5492bd2d7b37fcb821f48cac17895feb2506d26ad4cde996a30940e86dfecc27
hashes.asc
a5d1256409e83743608fdc43716bd1dc2fbffe00b5f116016d5886187874dcab
sha256sums.asc
4f16f1db8a18631ac9b21cce1545a692373e2b5edc8e211cd959c447d14dfef2
Configuration
📅 Schedule: Branch creation - "* 0-3 * * *" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.