build(deps): bump gitpython from 3.1.45 to 3.1.50

[dependabot]

Bumps gitpython from 3.1.45 to 3.1.50.

Release notes

Sourced from gitpython's releases.

3.1.49 - Security

What's Changed

• reject control chars in written values in configuration by @​Byron in gitpython-developers/GitPython#2137
• Improve pure Python rev-parse coverage and behavior by @​Copilot in gitpython-developers/GitPython#2136

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

• prevent out-of-repo access when manipulating references. by @​Byron in gitpython-developers/GitPython#2134

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

3.1.47 - with security fixes

Advisories

• GHSA-rpm5-65cw-6hj4
• GHSA-x2qx-6953-8485

What's Changed

• Prepare next release by @​Byron in gitpython-developers/GitPython#2095
• Bump git/ext/gitdb from 335c0f6 to 4c63ee6 by @​dependabot[bot] in gitpython-developers/GitPython#2096
• DOC: README Add urls and updated a relative url by @​Timour-Ilyas in gitpython-developers/GitPython#2098
• Fix GitConfigParser ignoring multiple [include] path entries by @​daniel7an in gitpython-developers/GitPython#2100
• Switch back from Alpine to Debian for WSL by @​EliahKagan in gitpython-developers/GitPython#2108
• Bump git/ext/gitdb from 4c63ee6 to 5c1b303 by @​dependabot[bot] in gitpython-developers/GitPython#2106
• Run gc.collect() twice in test_rename on Python 3.12 by @​EliahKagan in gitpython-developers/GitPython#2109
• fix: guard AutoInterrupt terminate during interpreter shutdown by @​lweyrich1 in gitpython-developers/GitPython#2105
• Improve CI infrastructure for pre-commit by @​EliahKagan in gitpython-developers/GitPython#2110
• Bump the pre-commit group with 5 updates by @​dependabot[bot] in gitpython-developers/GitPython#2111
• Upgrade Sphinx for 3.14 support; drop doc build support on 3.8; test 3.14 by @​EliahKagan in gitpython-developers/GitPython#2112
• Fix Repo.active_branch resolution for reftable-backed repositories by @​Copilot in gitpython-developers/GitPython#2114
• docs: warn about GitDB performance with large commits by @​mvanhorn in gitpython-developers/GitPython#2115
• cmd: fix kwarg formatting in docstring example by @​UweSchwaeke in gitpython-developers/GitPython#2117
• Bump https://github.com/astral-sh/ruff-pre-commit from v0.15.5 to 0.15.8 in the pre-commit group by @​dependabot[bot] in gitpython-developers/GitPython#2122
• Add trailer support for commit creation by @​Krishnachaitanyakc in gitpython-developers/GitPython#2116
• Harden commit trailer subprocess handling and align trailer I/O paths by @​Copilot in gitpython-developers/GitPython#2125
• git.cmd.Git.execute(..): fix with_stdout=False by @​ngie-eign in gitpython-developers/GitPython#2126
• Make sure that multi-options are checked after splitting them with shlex by @​Byron in gitpython-developers/GitPython#2130
• Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 by @​WesR in gitpython-developers/GitPython#2131

New Contributors

• @​Timour-Ilyas made their first contribution in gitpython-developers/GitPython#2098
• @​daniel7an made their first contribution in gitpython-developers/GitPython#2100
• @​lweyrich1 made their first contribution in gitpython-developers/GitPython#2105
• @​Copilot made their first contribution in gitpython-developers/GitPython#2114

... (truncated)

Commits

• 5a294a6 bump version to 3.1.50
• d7b029f Merge pull request #2142 from gitpython-developers/fix-validate-config-key-ne...
• 5453842 Validate config key section names before writing
• 1085a7c Merge pull request #2128 from meliezer/fix-worktree-git-dir
• b7f5fde Merge pull request #2141 from gitpython-developers/dependabot/submodules/git/...
• 4e8cd45 Bump git/ext/gitdb from 335c0f6 to 53c94d6
• 9e94459 Merge pull request #2140 from gitpython-developers/dependabot/pre_commit/pre-...
• 714e2e1 Xfail Windows symlink-capable index mutation test
• b17f113 Bump https://github.com/astral-sh/ruff-pre-commit
• aee2fd5 bump version to 3.1.49
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Low risk lockfile-only dependency update; main impact is any behavioral/security changes introduced by the newer gitpython release.

Overview
Updates the uv.lock resolution for gitpython from 3.1.45 to 3.1.50, including refreshed sdist/wheel artifact hashes/metadata for the new version.

^{Reviewed by Cursor Bugbot for commit 3605856. Bugbot is set up for automated code reviews on this repo. Configure here.}

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}