CVE-2021-42771

Advisory

Cutty 0.14.0 updates its dependency 'babel' to v2.9.1 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

:boom: Breaking Changes

* 💥 [entrypoints] Remove options `cutty create --skip-if-file-exists` and `--overwrite-if-exists` (600) cjolowicz
* 💥 [entrypoints] Remove option `cutty update --skip` (594) cjolowicz
* 💥 [entrypoints] Rename option `--directory` to `--template-directory` (572) cjolowicz
* 💥 [entrypoints] Rename option `cutty create --output-dir` to `--cwd` (571) cjolowicz
* 💥 [projects] Do not create long-living branches to track project updates (565) cjolowicz
* 💥 [projects] Reset existing `cutty/latest` branch in `cutty link` (548) cjolowicz
* 💥 [entrypoints] Rename option `--no-input` to `--non-interactive` (544) cjolowicz
* 💥 [entrypoints] Rename option `--checkout` to `--revision` (543) cjolowicz

:rocket: Features

* 🚸 [projects] Improve commit messages for root commit and project creation (596) cjolowicz
* ✨ [services] Read project configuration from cutty.json if it exists, in `cutty link` (593) cjolowicz
* ✨ [projects] Create empty root commit in projects (583) cjolowicz
* ✨ [projects] Improve commit message when skipping an update (568) cjolowicz
* ✨ [projects] Bail on `cutty update --{continue,abort,skip}` without update in progress (567) cjolowicz
* 💥 [services] Use cutty.json to determine the base revision for updates (558) cjolowicz
* ✨ [projects] Store template revision in cutty.json (556) cjolowicz

:beetle: Fixes

* 🐛 [projects] Do not leak branch if project generation fails (590) cjolowicz
* 🐛 [projects] Do not commit untracked files in `cutty link` (589) cjolowicz
* 🐛 [util] Do not commit untracked files in `cutty update` (582) cjolowicz
* 🐛 [projects] Do not apply changes from revision already in cutty.json (569) cjolowicz

:rotating_light: Testing

* ☑️ [functional] Add another test for `cutty create` with untracked files (588) cjolowicz
* ✅ [functional] Add test for `cutty update` after reverted update (551) cjolowicz

:hammer: Refactoring

* 🔨 [services] Reuse `projects.build` in `services.create` (604) cjolowicz
* 🔨 [projects] Extract attribute `Project.template` with template metadata (603) cjolowicz
* 💡 [services] Drop "Cookiecutter" from docstrings (602) cjolowicz
* 🔨 [projects] Extract function `buildproject` from `services.{update,link}` (601) cjolowicz
* 🔨 [projects] Rename functions `ProjectRepository.{continue{update => _},abort{update => }}` (599) cjolowicz
* 🔨 [projects] Extract function `_create` from `update` (597) cjolowicz
* 🔨 [projects] Merge function `ProjectRepository.link` into `ProjectRepository.import_` (595) cjolowicz
* 🔨 [projects] Add `files` parameter to function `ProjectRepository.link` (592) cjolowicz
* 🔨 [projects] Hide root commit creation from `ProjectRepository` interface (587) cjolowicz
* 🔨 [projects] Move functions `{create,link,update}commitmessage` to `messages` (586) cjolowicz
* ✨ [projects] Do not commit untracked files in `cutty create` (585) cjolowicz
* 🔨 [projects] Pass `projectdir` to `storeproject` (584) cjolowicz
* 🔨 [projects] Re-extract function `ProjectRepository.link` (580) cjolowicz
* 🔨 [projects] Extract function `ProjectRepository.import_`, inline function `ProjectRepository.update` (579) cjolowicz
* 🔨 [projects] Extract function `ProjectBuilder.commit(message)`, derive attribute `ProjectBuilder.path` (578) cjolowicz
* 🔨 [projects] Store commit ID in `ProjectBuilder.commit` instead of `pygit2.Commit` (577) cjolowicz
* 🔨 [projects] Extract class `ProjectBuilder` from `ProjectRepository` (576) cjolowicz
* 🔨 [services] Use unpacking to concatenate bindings in `update` and `link` (575) cjolowicz
* 🔨 [projects] Extract functions `ProjectRepository.{store,root}` (574) cjolowicz
* 🔨[services] Use positional parameter for bindings in `generate` (573) cjolowicz
* 🔨[services] Slide `generate` before `Repository.worktree` (570) cjolowicz
* 🔨 [projects] Do not squash initial empty commit in `ProjectRepository.reset` (566) cjolowicz
* 🔨 [projects] Represent template directory as pathlib.Path (557) cjolowicz
* 🔨 [util] Remove obsolete workaround when pruning git worktrees (554) cjolowicz
* 🚚 [projects] Move `ProjectConfig` from `templates` to `projects` (553) cjolowicz

:package: Dependencies

* ⬆️ [poetry] Bump dependencies (598) cjolowicz
* ⬆️ [poetry] Bump dependencies (591) cjolowicz
* Bump actions/checkout from 2.3.4 to 2.3.5 (581) dependabot
* ⬆️ Bump httpx from 0.19.0 to 0.20.0 (564) dependabot
* ⬆️ Bump typeguard from 2.12.1 to 2.13.0 (561) dependabot
* ⬆️ Bump coverage from 6.0.1 to 6.0.2 (563) dependabot
* ⬆️ Bump pip from 21.2.4 to 21.3 in /.github/workflows (562) dependabot
* ⬆️ Bump click from 8.0.1 to 8.0.3 (560) dependabot
* ⬆️ Bump flake8 from 3.9.2 to 4.0.1 (559) dependabot
* ⬆️ Bump pygit2 from 1.6.1 to 1.7.0 (552) dependabot
* ⬆️ Bump coverage from 6.0 to 6.0.1 (550) dependabot
* ⬆️ Bump yarl from 1.6.3 to 1.7.0 (549) dependabot
* ⬆️ Bump xdoctest from 0.15.9 to 0.15.10 (547) dependabot
* ⬆️ Bump jinja2 from 3.0.1 to 3.0.2 (546) dependabot
* ⬆️ Bump poetry from 1.1.10 to 1.1.11 in /.github/workflows (545) dependabot
* ⬆ Update cookiecutter-hypermodern-python to 391a7c2 (542) cjolowicz
* ⬆️ Bump coverage from 5.5 to 6.0 (541) dependabot

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771