---
- branch: MAIN
  date: Fri Dec 22 19:14:43 UTC 2023
  files:
  - new: '1.72'
    old: '1.71'
    path: pkgsrc/devel/git-lfs/Makefile
    pathrev: pkgsrc/devel/git-lfs/Makefile@1.72
    type: modified
  - new: '1.16'
    old: '1.15'
    path: pkgsrc/devel/git-lfs/distinfo
    pathrev: pkgsrc/devel/git-lfs/distinfo@1.16
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/devel/git-lfs/go-modules.mk
    pathrev: pkgsrc/devel/git-lfs/go-modules.mk@1.5
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/devel/git-lfs/patches/patch-go.mod
    pathrev: pkgsrc/devel/git-lfs/patches/patch-go.mod@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/devel/git-lfs/patches/patch-go.sum
    pathrev: pkgsrc/devel/git-lfs/patches/patch-go.sum@1.1
    type: added
  id: 20231222T191443Z.69c9b8ff5ec27fd37f42abd4efa1f2c3caf80e4c
  log: |
    git-lfs: update to 3.4.1 (security)

    This fixes the following vulnerability:

    Vulnerability: GO-2023-1571
        Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
      More info: https://pkg.go.dev/vuln/GO-2023-1571
      Module: golang.org/x/net
        Found in: golang.org/x/net@v0.0.0-20211112202133-69e39bad7dc2
        Fixed in: golang.org/x/net@v0.7.0

    3.4.1
    -----
    This is a bugfix release which resolves a bug introduced in the
    v3.4.0 release, where Git LFS may crash if the Git credential manager
    returns credentials containing one or more empty fields.

    3.4.0
    -----
    This release is a feature release which includes support for generating
    shell scripts for command-line tab-completion of Git LFS commands with
    the new git-lfs-completion(1) command, providing multiple headers to Git
    credential helpers (a new feature as of Git 2.41), and installing Git LFS
    with a Git configuration file stored under the XDG configuration path.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/git-lfs'
  unixtime: '1703272483'
  user: bsiegert