{"affected":[{"ecosystem_specific":{"binaries":[{"git-cliff":"2.2.2-bp155.2.3.1","git-cliff-bash-completion":"2.2.2-bp155.2.3.1","git-cliff-fish-completion":"2.2.2-bp155.2.3.1","git-cliff-zsh-completion":"2.2.2-bp155.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"git-cliff","purl":"pkg:rpm/suse/git-cliff&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.2-bp155.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"git-cliff":"2.2.2-bp155.2.3.1","git-cliff-bash-completion":"2.2.2-bp155.2.3.1","git-cliff-fish-completion":"2.2.2-bp155.2.3.1","git-cliff-zsh-completion":"2.2.2-bp155.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"git-cliff","purl":"pkg:rpm/opensuse/git-cliff&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.2-bp155.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for git-cliff fixes the following issues:\n\n- update to 2.2.2:\n  * (changelog) Allow adding custom context\n  * (changelog) Ignore empty lines when using split_commits\n  * (parser) Allow matching empty commit body\n  * Documentation updates\n\n- update to 2.2.1:\n  * Make rendering errors more verbose\n  * Support detecting config from project manifest\n  * Make the bump version rules configurable\n  * bug fixes and documentation updates\n- CVE-2024-32650: rust-rustls: Infinite loop with proper client\n  input fixes (boo#1223218)\n\n- Update to version 2.1.2:\n  * feat(npm): add programmatic API for TypeScript\n  * chore(fixtures): enable verbose logging for output\n  * refactor(clippy): apply clippy suggestions\n  * refactor(changelog): do not output to stdout when prepend is used\n  * feat(args): add `--tag-pattern` argument\n  * fix(config): fix commit parser regex in the default config\n  * fix(github): sanitize the GitHub token in debug logs\n  * chore(config): add animation to the header of the changelog\n  * refactor(clippy): apply clippy suggestions\n  * docs(security): update security policy\n  * chore(project): add readme to core package\n  * chore(embed): do not allow missing docs\n  * chore(config): skip dependabot commits for dev updates\n  * docs(readme): mention RustLab 2023 talk\n  * chore(config): revamp the configuration files\n  * chore(docker): update versions in Dockerfile\n  * chore(example): use full links in GitHub templates\n  * chore(project): bump MSRV to 1.74.1\n  * revert(config): use postprocessors for checking the typos\n  * feat(template): support using PR labels in the GitHub template\n  * docs(configuration): fix typo\n  * feat(args): add `--no-exec` flag for skipping command execution\n  * chore(command): explicitly set the directory of command to current dir\n  * refactor(ci): use hardcoded workspace members for cargo-msrv command\n  * refactor(ci): simplify cargo-msrv installation\n  * refactor(clippy): apply clippy suggestions\n  * refactor(config): use postprocessors for checking the typos\n  * chore(project): update copyright years\n  * chore(github): update templates about GitHub integration\n  * feat(changelog): set the timestamp of the previous release\n  * feat(template): support using PR title in the GitHub template\n  * feat(changelog): improve skipping via `.cliffignore` and `--skip-commit`\n  * chore(changelog): disable the default behavior of next-version\n  * fix(git): sort commits in topological order\n  * test(changelog): use the correct version for missing tags\n  * chore(changelog): use 0.1.0 as default next release if no tag is found\n  * feat(github)!: support integration with GitHub repos\n  * refactor(changelog): support `--bump` for processed releases\n  * fix(cli): fix broken pipe when stdout is interrupted\n  * test(fixtures): update the bumped value output to add prefix\n  * feat(changelog): support tag prefixes with `--bump`\n  * feat(changelog)!: set tag to `0.0.1` via `--bump` if no tags exist\n  * fix(commit): trim the trailing newline from message\n  * docs(readme): use the raw link for the animation\n  * chore(example): remove limited commits example\n  * feat(args): add `-x` short argument for `--context`\n  * revert(deps): bump actions/upload-pages-artifact from 2 to 3\n  * revert(deps): bump actions/deploy-pages from 3 to 4\n  * chore(dependabot): group the dependency updates for creating less PRs\n  * feat(parser): support using SHA1 of the commit\n  * feat(commit): add merge_commit flag to the context\n  * chore(mergify): don't update PRs for the main branch\n  * fix(links): skip checking the GitHub commit URLs\n  * fix(changelog): fix previous version links\n  * feat(parser): support using regex scope values\n  * test(fixture): update the date for example test fixture\n  * docs(fixtures): add instructions for adding new fixtures\n  * feat(args): support initialization with built-in templates\n  * feat(changelog)!: support templating in the footer\n  * feat(args): allow returning the bumped version\n  * test(fixture): add test fixture for bumping version\n  * fix: allow version bump with a single previous release\n  * fix(changelog): set the correct previous tag when a custom tag is given\n  * feat(args): set `CHANGELOG.md` as default missing value for output option\n  * refactor(config): remove unnecessary newline from configs\n\n- Update to version 1.4.0:\n  * Support bumping the semantic version via `--bump`\n  * Add 'typos' check\n  * Log the output of failed external commands -\n  * breaking change: Support regex in 'tag_pattern' configuration\n  * Add field and value matchers to the commit parser\n\n- Update to version 1.2.0:\n  * Update clap and clap extras to v4 \n  * Make the fields of Signature public\n  * Add a custom configuration file for the repository\n  * Support placing configuration inside pyproject.toml \n  * Generate SBOM/provenance for the Docker image\n  * Support using regex group values \n  * [breaking] Nested environment config overrides \n  * Set max of limit_commits to the number of commits \n  * Set the node cache dependency path\n  * Use the correct argument in release script\n\n- Update to version 1.1.2:\n  * Do not skip all tags when skip_tags is empty (#136)\n  * Allow saving context to a file (#138)\n  * Derive the tag order from commits instead of timestamp (#139)\n  * Use timestamp for deriving the tag order (#139)\n\n- Update to version 1.1.1:\n  * Relevant change: Update README.md about the NPM package\n  * Fix type casting in base NPM package\n  * Rename the package on Windows\n  * Disable liquid parsing in README.md by using raw blocks\n  * Support for generating changelog for multiple git repositories\n  * Publish binaries for more platforms/architectures\n\n- Update to version 1.0.0:\n  * Bug Fixes\n    - Fix test fixture failures\n  * Documentation\n    - Fix GitHub badges in README.md\n  * Features\n    - [breaking] Replace --date-order by --topo-order\n    - Allow running with --prepend and --output\n    - [breaking] Use current time for --tag argument\n    - Include completions and mangen in binary releases\n    - Publish Debian package via release workflow\n  * Miscellaneous Tasks\n    - Run all test fixtures\n    - Remove deprecated set-output usage\n    - Update actions/checkout to v3\n    - Comment out custom commit preprocessor\n  * Refactor\n    - Apply clippy suggestions\n  * Styling\n    - Update README.md about the styling of footer field\n","id":"openSUSE-SU-2024:0130-1","modified":"2024-05-18T12:51:03Z","published":"2024-05-18T12:51:03Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RLZMKRAPDN7C43S56JAGULAWF4RXGB2S/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32650"}],"related":["CVE-2024-32650"],"summary":"Security update for git-cliff","upstream":["CVE-2024-32650"]}