Update dependency dulwich to v1

[mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
dulwich	major	==0.20.23 → ==1.2.5

By merging this PR, the issue #63 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
High	8.8	CVE-2026-42305

---

Release Notes

dulwich/dulwich (dulwich)

v1.2.5: dulwich 1.2.5

Compare Source

This is a security release. All users are encouraged to upgrade.

Security fixes

• GHSA-gfhv-vqv2-4544 -- Validate submodule paths in porcelain.submodule_update (and thus porcelain.clone(recurse_submodules=True)). A crafted upstream repository could carry a submodule whose path was .git/hooks (or any other path inside .git or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)

• CVE-2026-42305 -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. validate_path_element_ntfs now also rejects Windows path separators, the alternate data stream marker :, NTFS 8.3 short-name aliases of .git, and reserved Windows device names. core.protectNTFS now defaults to true on every platform, and both core.protectNTFS and core.protectHFS are now read under their correct option names. (Reported by Christopher Toth)

• CVE-2026-42563 -- Shell-quote values substituted into ProcessMergeDriver commands. A malicious branch could inject shell commands when a merge driver referencing %P was configured. (Reported by Ravishanker Kusuma (hayageek))

• CVE-2026-47712 -- Sanitize commit subjects used in porcelain.format_patch filenames so a malicious subject (e.g. x/../../x) cannot direct the generated patch outside outdir. (Reported by Christopher Toth)

• receive.maxInputSize -- Honour receive.maxInputSize in ReceivePackHandler. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge dest_size and trigger hundreds of MB of allocation over git-receive-pack. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @​ University of Sydney)

v1.2.4

Compare Source

Tolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, #​2192)

v1.2.3

Compare Source

v1.2.2

Compare Source

v1.2.1

Compare Source

Changes since 1.2.0

• Derive the LFS endpoint as the remote's on-disk LFS store
  (<remote>/.git/lfs for worktrees, <remote>/lfs for bare repos)
  when remote.origin.url points at a local filesystem path or
  file:// URL, matching git-lfs behaviour. Previously the built-in
  smudge filter constructed an HTTP-style <remote>.git/info/lfs path
  that did not exist on disk, leaving LFS-tracked files as pointers
  when cloning from a local repo.

• Deduplicate objects when writing a multi-pack-index. Objects present
  in multiple packs (e.g. after git gc creates a cruft pack) would
  otherwise produce an OIDL chunk with repeated SHAs, causing
  git multi-pack-index verify to fail with "oid lookup out of order".
  (#​2152)

• Extend ignorecase and precomposeunicode support to index lookups.
  (#​1807)

v1.2.0: 1.2.0

Compare Source

Notable changes since 1.1.0

New features

• Add am command and porcelain.am() for applying mailbox-style email patches (git am), with state persistence for --continue, --skip, --abort, and --quit recovery (#​1692).
• Add apply command and porcelain.apply_patch() for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and --3way merge fallback (#​1784).
• Expand log command options: --oneline, --abbrev-commit, --author, --committer, --grep, --since/--after, --until/--before, -n/--max-count, --no-merges, --merges, --stat, -p/--patch, --name-only, and --follow (#​1779).
• Add support for push options (-o/--push-option) in push, enabling AGit flow and other server-side push option workflows.
• Add missing push options: --all, --tags, --delete, --dry-run, --prune, --set-upstream, --follow-tags, and --mirror (#​1844).
• Add support for atomic push operations (--atomic): either all ref updates succeed or none are applied (#​1781).
• Add support for extensions.relativeworktrees repository extension, allowing worktrees to use relative paths (#​2112).

Configuration support

• gc.pruneExpire — grace period before unreachable objects are pruned (#​1859).
• core.precomposeunicode — normalize NFD Unicode paths from macOS filesystems to NFC (#​1804).
• core.gitProxy — proxy command for git:// protocol connections (#​1850).
• core.maxStat — limit stat operations when checking for unstaged changes (#​1853).
• core.packedGitLimit — cap memory used for mmapped pack files, closing LRU packs when exceeded (#​1848).
• core.deltaBaseCacheLimit — cap memory used for caching delta base objects; defaults to 96 MiB (#​1849).
• http.userAgent — customize the User-Agent header (global and URL-specific); default is git/dulwich/{version}.

Fixes

• Fix GPG signature verification to raise BadSignature for all GPG errors, not just BadSignatures; also detect when GPG returns no signatures.
• Fix client incorrectly sending unborn argument in Git protocol v2 ls-refs requests to servers that don't advertise ls-refs=unborn, preventing clones from older servers like Gerrit 3.12.2 (#​2104).
• Improve error message in read_info_refs() to show the actual line content when parsing fails (#​2103).
• Preserve quoted trailing whitespace in config values (#​2145, Christopher Toth).
• Fix .gitignore parent re-include handling so a later !dir/ re-include allows a subsequent file-level negation to take effect (#​2141, N0zoM1z0).
• Fix host key verification in contrib/paramiko_vendor.py by loading known hosts and rejecting unknown SSH host keys by default (#​2123, quart27219).

Packaging

• No longer ship contrib/ as part of the distribution. The contrib/ directory has always been documented as unsupported and is now excluded from the installed package (#​2122).

v1.1.0: 1.1.0

Compare Source

What's Changed

• Add reference to c-git-compatibility doc in README.md by @​jelmer in jelmer#2069
• Implement cli commands for more porcelain by @​jelmer in jelmer#2071
• Support GIT_TRACE_PACKET by @​jelmer in jelmer#2073
• Fix cloning of SHA-256 repositories with protocol v2 by @​jelmer in jelmer#2074
• skip tests that require merge3 when it's not available by @​kulikjak in jelmer#2075
• Add test-minimal to CI; run tests without installing any optional dependencies by @​jelmer in jelmer#2076
• Update SECURITY.md by @​jelmer in jelmer#2077
• Don't skip 3.14 wheels by @​bowiechen in jelmer#2078
• Add Git protocol v2 packfile-uris client support by @​jelmer in jelmer#2079
• Attempt to fix occasional issues with long running lfs processes in tests by @​jelmer in jelmer#2081
• Allow passing commit and author timestamps into porcelain.commit by @​ading2210 in jelmer#2080
• Skip Python 3.14 x86_64/universal2 wheels on macOS by @​jelmer in jelmer#2082
• Improve exception message for tags by @​jelmer in jelmer#2083
• ci(deps): bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 by @​dependabot[bot] in jelmer#2084
• ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in jelmer#2085
• deps(deps-dev): bump ruff from 0.14.10 to 0.14.14 in the pip group by @​dependabot[bot] in jelmer#2086
• Add bundle URI support for faster clones and fetches by @​jelmer in jelmer#2087
• Add basic subtree support by @​jelmer in jelmer#2088
• Add support for core.trustctime configuration option by @​jelmer in jelmer#2091
• Fix LFS client selection for file:// URLs by @​jelmer in jelmer#2089
• Add support for core.commentChar configuration option (#​1852) by @​jelmer in jelmer#2092
• Add --unshallow support to fetch command by @​jelmer in jelmer#2093
• Add progress reporting during pack file downloads by @​jelmer in jelmer#2094
• Macos wheels fix by @​jelmer in jelmer#2095
• Disable git-lfs filter process in LFS status tests to fix flaky Windows failures by @​jelmer in jelmer#2096
• Server side hooks by @​jelmer in jelmer#2097
• Fix checkout skipping files with paths starting with '.git' by @​jelmer in jelmer#2098

New Contributors

• @​bowiechen made their first contribution in jelmer#2078
• @​ading2210 made their first contribution in jelmer#2080

Full Changelog: jelmer/dulwich@dulwich-1.0.0...dulwich-1.1.0

v1.0.0: 1.0.0

Compare Source

What's Changed

• More tests by @​jelmer in jelmer#2066
• Document C git compatibility by @​jelmer in jelmer#2067
• Remove deprecated functions by @​jelmer in jelmer#2068

Full Changelog: jelmer/dulwich@dulwich-0.25.2...dulwich-1.0.0

v0.25.2: dulwich-0.25.1

Compare Source

What's Changed

• Fix GPG signature test to handle InvalidSigners exception by @​jelmer in jelmer#2064
• Make object store close() idempotent and warn on unclosed resources by @​jelmer in jelmer#2065

Full Changelog: jelmer/dulwich@dulwich-0.25.1...dulwich-0.25.2

v0.25.1

Compare Source

Full Changelog: jelmer/dulwich@dulwich-0.25.0...dulwich-0.25.1

v0.25.0: v0.25.0

Compare Source

What's Changed

• ci(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in jelmer#1975
• deps(deps): bump pyo3 from 0.27.0 to 0.27.1 in the cargo group by @​dependabot[bot] in jelmer#1977
• ci(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in jelmer#1976
• deps(deps-dev): bump ruff from 0.13.2 to 0.14.3 in the pip group by @​dependabot[bot] in jelmer#1978
• Drop python 3.9 by @​jelmer in jelmer#1950
• fix(docs): add missing hyphen in date format in NEWS by @​Guts in jelmer#1979
• client: relax check to support subclasses of Urllib3HttpGitClient by @​skshetry in jelmer#1980
• pass key_filename and ssh_command to SSHGitClient by @​skshetry in jelmer#1981
• Add tests to verify client args are passed by @​jelmer in jelmer#1982
• Add mailinfo command by @​jelmer in jelmer#1983
• Add column formatting support by @​jelmer in jelmer#1984
• Fix warnings by @​jelmer in jelmer#1985
• Fix test_concurrent_ref_operations_compatibility by @​jelmer in jelmer#1986
• Fix typo in preamble by @​jelmer in jelmer#1987
• Add diagnose command by @​jelmer in jelmer#1988
• Add rerere support by @​jelmer in jelmer#1992
• Add reachability abstraction by @​jelmer in jelmer#1994
• update security support by @​jelmer in jelmer#1996
• Modernize by @​jelmer in jelmer#1997
• Implement core.sharedRepository configuration support (#​1804) by @​jelmer in jelmer#1942
• NEWS: Fix formatting for 0.24.10 by @​jelmer in jelmer#2000
• Optimize status performance by using stat matching to skip unchanged files by @​jelmer in jelmer#2001
• Improve error handling when trying to remove non-empty directory by @​kulikjak in jelmer#2004
• Implement restore and switch commands by @​jelmer in jelmer#2003
• skip tests that require merge3 when it's not available by @​kulikjak in jelmer#2002
• Use bitmap support by @​jelmer in jelmer#1995
• Fix doc warnings by @​jelmer in jelmer#2006
• Make Ref and ObjectID newtypes for improved typing by @​jelmer in jelmer#2008
• Fix get_unstaged_changes filter callback to expect Blob objects by @​jelmer in jelmer#2011
• Add basic midx support by @​jelmer in jelmer#1998
• avoid signing commits in stash by @​skshetry in jelmer#2012
• deps(deps): bump pyo3 from 0.27.1 to 0.27.2 in the cargo group by @​dependabot[bot] in jelmer#2014
• deps(deps-dev): bump the pip group with 2 updates by @​dependabot[bot] in jelmer#2015
• ci(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in jelmer#2016
• ci(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in jelmer#2017
• Ensure maintenance tests are run by @​jelmer in jelmer#2019
• Use nanosecond-resolution when comparing file entries by @​jelmer in jelmer#2013
• Move peeled tags protocol functions to dulwich.protocol by @​jelmer in jelmer#2020
• Move greenthreads to contrib/ by @​jelmer in jelmer#2021
• Add all to all files by @​jelmer in jelmer#2022
• Fix UTF-8 decode error in process filter protocol handling by @​jelmer in jelmer#2024
• Add --stat argument to diff by @​jelmer in jelmer#2026
• Make porcelain.add check explicit for None by @​ejfine in jelmer#2027
• Fix ParamikoSSHVendor interface compatibility with SSHVendor by @​jelmer in jelmer#2029
• Quote smudge path by @​jelmer in jelmer#2031
• Initial work splitting porcelain by @​jelmer in jelmer#2032
• Add tests for consistent license preamble, and to prevent os.environ use in lower layers by @​jelmer in jelmer#2033
• Install dulwich.porcelain by @​jelmer in jelmer#2035
• fix typing by @​radoering in jelmer#2036
• Split out worktree by @​jelmer in jelmer#2037
• Add comprehensive SHA256 support for Git repositories by @​jelmer in jelmer#1604
• dumb: Add fallback when HEAD is missing by @​anlambert in jelmer#2030

New Contributors

• @​Guts made their first contribution in jelmer#1979
• @​ejfine made their first contribution in jelmer#2027
• @​radoering made their first contribution in jelmer#2036

Full Changelog: jelmer/dulwich@dulwich-0.24.10...dulwich-0.25.0

v0.24.10: 0.24.10

Compare Source

• Fix compatibility with python 3.9. (@​jelmer, #​1991)

Full Changelog: jelmer/dulwich@dulwich-0.24.9...dulwich-0.24.10

v0.24.9

Compare Source

• Fix passing key_filename and ssh_command parameters to SSHGitClient by @​skshetry

• Relax check to support subclasses of Urllib3HttpGitClient. Fixes
  regression from 0.24.2 where subclasses of Urllib3HttpGitClient would
  not receive the config object. by @​skshetry

• Fix test_concurrent_ref_operations_compatibility test flakiness by @​jelmer

• Fix warnings in test suite by @​jelmer

Full Changelog: jelmer/dulwich@dulwich-0.24.8...dulwich-0.24.9

v0.24.8

Compare Source

What's Changed

• Support ref namespaces by @​jelmer in jelmer#1957
• Add Rust test step to CI workflow. by @​jelmer in jelmer#1958
• Add support for GIT_FLUSH environment variable by @​jelmer in jelmer#1959
• Add support for recursive submodule updates by @​jelmer in jelmer#1961
• Add maintenance subcommand by @​jelmer in jelmer#1960
• Add interpret-trailers command by @​jelmer in jelmer#1962
• Add support for replace command by @​jelmer in jelmer#1963
• Fix config file leakage in compat tests by @​jelmer in jelmer#1964
• Various bundle fixes by @​jelmer in jelmer#1965
• Implement advanced Git object specification support by @​jelmer in jelmer#1966
• Add rust implementation of create_delta by @​jelmer in jelmer#1956
• Add support for dulwich stripspace by @​jelmer in jelmer#1967
• Fix TypeError when passing refspec to clone() by @​jelmer in jelmer#1968
• Drop authors by @​jelmer in jelmer#1970
• Add per-URL http.extraHeader configuration support by @​jelmer in jelmer#1969
• Add support for GIT_REFLOG_ACTION environment variable by @​jelmer in jelmer#1971
• Make generate_pack_data() arguments consistent and keyword-only by @​jelmer in jelmer#1972
• Bump typing-extensions by @​jelmer in jelmer#1974

Full Changelog: jelmer/dulwich@dulwich-0.24.7...dulwich-0.24.8

v0.24.7: 0.24.7

Compare Source

What's Changed

• Use make_commit() from test utils in test files by @​jelmer in jelmer#1943
• Enhance fetch with missing options by @​jelmer in jelmer#1944
• Add sparse index support for improved performance with large repositories by @​jelmer in jelmer#1946
• Fix SSH connections with custom ssh command by @​jelmer in jelmer#1947
• Work around typing module bug in Python 3.9.0/3.9.1 by @​jelmer in jelmer#1949
• And support for local files in LFS by @​jelmer in jelmer#1953
• Add support for core.fsyncObjectFiles configuration option by @​jelmer in jelmer#1954
• Add bitmap support by @​jelmer in jelmer#1952

Full Changelog: jelmer/dulwich@dulwich-0.24.6...dulwich-0.24.7

v0.24.6: 0.24.6

Compare Source

What's Changed

• Restore pool_manager parameter to transport functions by @​jelmer in jelmer#1929
• Support show-branch by @​jelmer in jelmer#1931
• Add support for git mailsplit command by @​jelmer in jelmer#1930
• Add dulwich config CLI command by @​jelmer in jelmer#1933
• Add support for git cherry command by @​jelmer in jelmer#1932
• Ensure files are closed by @​jelmer in jelmer#1935
• Add support for octopus merge strategy by @​jelmer in jelmer#1934
• Add convenience functions for dealing with refs by @​jelmer in jelmer#1937
• Implement recursive merge strategy for handling multiple merge bases by @​jelmer in jelmer#1936
• Add support for git grep command by @​jelmer in jelmer#1938
• Fix import failure when sys.stdin is None by @​jelmer in jelmer#1940
• Implement git reflog expire and delete commands by @​jelmer in jelmer#1941

Full Changelog: jelmer/dulwich@dulwich-0.24.5...dulwich-0.24.6

v0.24.5: 0.24.5

Compare Source

What's Changed

• Fix LFS status tests cleanup issue on Windows Python 3.14 by @​jelmer in jelmer#1924
• Fix HTTP authentication with credentials in URLs by @​jelmer in jelmer#1926

Full Changelog: jelmer/dulwich@dulwich-0.24.4...dulwich-0.24.5

v0.24.4: 0.24.4

Compare Source

What's Changed

• Fix pypi publish action version by @​jelmer in jelmer#1890
• Add remaining typing by @​jelmer in jelmer#1891
• Disable android wheels build, which currently fails due to 403s on by @​jelmer in jelmer#1892
• fix typing by @​jelmer in jelmer#1893
• deps(deps): bump memchr from 2.7.5 to 2.7.6 in the cargo group by @​dependabot[bot] in jelmer#1901
• ci(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in jelmer#1900
• deps(deps): bump the pip group with 2 updates by @​dependabot[bot] in jelmer#1902
• ci(deps): bump docker/setup-qemu-action from 3.2.0 to 3.6.0 by @​dependabot[bot] in jelmer#1899
• ci(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jelmer#1897
• ci(deps): bump dependabot/fetch-metadata from 2.2.0 to 2.4.0 by @​dependabot[bot] in jelmer#1898
• Use immutable container type annotations where appropriate by @​jelmer in jelmer#1903
• Add extract_signature() method to Commit and Tag by @​jelmer in jelmer#1905
• Fix BlackboxTestCase to respect Python venv path by @​mgorny in jelmer#1906
• Add DependencyMissing class by @​jelmer in jelmer#1907
• More typing fixes by @​jelmer in jelmer#1908
• Implement GPG signing and verification support for commits and tags by @​jelmer in jelmer#1909
• Add support for GIT_TRACE environment variable by @​jelmer in jelmer#1910
• Fix Git filter protocol to handle two-phase response format by @​jelmer in jelmer#1911
• Add git worktree repair command by @​jelmer in jelmer#1912
• Add support for dulwich verify-tag command by @​jelmer in jelmer#1914
• Add support for git var command by @​jelmer in jelmer#1913
• Add support for dulwich verify-commit command by @​jelmer in jelmer#1915
• Add support for dulwich merge-base command by @​jelmer in jelmer#1916
• Avoid PyObject, deprecated in PyO3 0.26 by @​jelmer in jelmer#1917
• Add python 3.14 support by @​jelmer in jelmer#1918
• Re-enable Android wheels build by @​mhsmith in jelmer#1919
• Attempt to fix 3.14 errors by @​jelmer in jelmer#1920
• Fix pypi-publish action version by @​jelmer in jelmer#1921
• Fix pack copy test for Windows Python 3.14 by @​jelmer in jelmer#1922
• Fix LFS status tests cleanup issue on Windows Python 3.14 by @​jelmer in jelmer#1923

New Contributors

• @​mhsmith made their first contribution in jelmer#1919

Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.4

v0.24.3: 0.24.3

Compare Source

What's Changed

• Fix pypi publish action version by @​jelmer in jelmer#1890
• Add remaining typing by @​jelmer in jelmer#1891
• Disable android wheels build, which currently fails due to 403s on by @​jelmer in jelmer#1892
• fix typing by @​jelmer in jelmer#1893
• deps(deps): bump memchr from 2.7.5 to 2.7.6 in the cargo group by @​dependabot[bot] in jelmer#1901
• ci(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in jelmer#1900
• deps(deps): bump the pip group with 2 updates by @​dependabot[bot] in jelmer#1902
• ci(deps): bump docker/setup-qemu-action from 3.2.0 to 3.6.0 by @​dependabot[bot] in jelmer#1899
• ci(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jelmer#1897
• ci(deps): bump dependabot/fetch-metadata from 2.2.0 to 2.4.0 by @​dependabot[bot] in jelmer#1898
• Use immutable container type annotations where appropriate by @​jelmer in jelmer#1903
• Add extract_signature() method to Commit and Tag by @​jelmer in jelmer#1905
• Fix BlackboxTestCase to respect Python venv path by @​mgorny in jelmer#1906
• Add DependencyMissing class by @​jelmer in jelmer#1907
• More typing fixes by @​jelmer in jelmer#1908
• Implement GPG signing and verification support for commits and tags by @​jelmer in jelmer#1909
• Add support for GIT_TRACE environment variable by @​jelmer in jelmer#1910
• Fix Git filter protocol to handle two-phase response format by @​jelmer in jelmer#1911
• Add git worktree repair command by @​jelmer in jelmer#1912
• Add support for dulwich verify-tag command by @​jelmer in jelmer#1914
• Add support for git var command by @​jelmer in jelmer#1913
• Add support for dulwich verify-commit command by @​jelmer in jelmer#1915
• Add support for dulwich merge-base command by @​jelmer in jelmer#1916

Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.3

v0.24.2: 0.24.2

Compare Source

What's Changed

• Fix worktree CLI tests to properly change to repository directory by @​jelmer in jelmer#1739
• Add temporary_worktree context manager by @​jelmer in jelmer#1742
• Add more typing by @​jelmer in jelmer#1743
• Add more typing by @​jelmer in jelmer#1744
• Add more typing by @​jelmer in jelmer#1745
• Add colorized diff support for show command by @​jelmer in jelmer#1746
• Add more typing by @​jelmer in jelmer#1747
• Fix Windows path handling regression in checkout operations by @​jelmer in jelmer#1752
• Add more docstrings by @​jelmer in jelmer#1753
• Fix Windows config loading to only use current Git installation by @​jelmer in jelmer#1755
• Add interactive rebase support by @​jelmer in jelmer#1756
• Run tests on Android by @​jelmer in jelmer#1757
• Add docstrings for everything by @​jelmer in jelmer#1754
• Disable android test for now by @​jelmer in jelmer#1758
• Add more typing by @​jelmer in jelmer#1750
• Fix merge functionality to handle missing merge3 dependency gracefully by @​jelmer in jelmer#1760
• ci(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in jelmer#1763
• deps(deps): bump ruff from 0.12.4 to 0.12.8 by @​dependabot[bot] in jelmer#1764
• ci(deps): bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in jelmer#1762
• refs: handle per-worktree and shared refs on read and on reflog writes by @​skshetry in jelmer#1749
• Revert accidental API change by @​jelmer in jelmer#1766
• Add object_store.iter_commit_contents() by @​mathrick in jelmer#1761
• Add recipes to documentation by @​mathrick in jelmer#1767
• deps(deps): bump ruff from 0.12.8 to 0.12.9 by @​dependabot[bot] in jelmer#1772
• Factor out checks for merge3 module to a function by @​mathrick in jelmer#1771
• Fix handling of CRLF line endings with core.autocrlf = input by @​jelmer in jelmer#1773
• Add support for http.extraHeader configuration by @​jelmer in jelmer#1774
• Add support for patiencediff by @​jelmer in jelmer#1820
• Reduce test noise by @​jelmer in jelmer#1818
• Add IPv6 support for git:// protocol URLs by @​jelmer in jelmer#1821
• Optimize LFS performance by avoiding redundant disk writes by @​jelmer in jelmer#1864
• Improve new contributor experience by @​mathrick in jelmer#1768
• deps(deps): bump ruff from 0.12.9 to 0.12.10 by @​dependabot[bot] in jelmer#1867
• Add porcelain.shortlog function to summarize commits by author by @​UsamaQaisrani in jelmer#1865
• group items in dependabot by @​jelmer in jelmer#1869
• deps(deps): bump mypy from 1.17.0 to 1.17.1 in the pip group by @​dependabot[bot] in jelmer#1870
• Fix TreeEntry typing to not allow None values by @​jelmer in jelmer#1871
• add --all flag to branch command by @​xifOO in jelmer#1866
• add --remotes to branch command by @​xifOO in jelmer#1872
• Fix subprocess filter performance issues (#​1789) by @​jelmer in jelmer#1868
• add --merged to branch command by @​xifOO in jelmer#1873
• add --no-merged to branch command by @​xifOO in jelmer#1874
• add --contains to branch command by @​xifOO in jelmer#1875
• deps(deps): bump ruff from 0.12.10 to 0.12.11 in the pip group by @​dependabot[bot] in jelmer#1877
• Add support for core.whitespace and core.safecrlf by @​jelmer in jelmer#1879
• Add support for core.preloadIndex configuration setting by @​jelmer in jelmer#1682
• add --column to branch command by @​xifOO in jelmer#1876
• Fix test failures by adding missing test modules and fixing filter tests by @​jelmer in jelmer#1881
• add --list to branch command by @​xifOO in jelmer#1882
• Appease deps.dev by @​jelmer in jelmer#1883
• Remove me from AUTHORS list by @​warrd in jelmer#1884
• Support TMPDIR as example system directory in symlink test by @​jelmer in jelmer#1887
• Fix ruff issues by @​jelmer in jelmer#1886

New Contributors

• @​mathrick made their first contribution in jelmer#1761
• @​UsamaQaisrani made their first contribution in jelmer#1865
• @​xifOO made their first contribution in jelmer#1866
• @​warrd made their first contribution in jelmer#1884

Full Changelog: jelmer/dulwich@dulwich-0.24.1...dulwich-0.24.2

v0.24.1

Compare Source

What's Changed

• Require typing_extensions on Python 3.10. by @​jelmer in jelmer#1736

Full Changelog: jelmer/dulwich@dulwich-0.24.0...dulwich-0.24.1

v0.24.0: 0.24.0

Compare Source

What's Changed

• deps(deps): bump ruff from 0.12.1 to 0.12.2 by @​dependabot[bot] in jelmer#1676
• Add basic reflog command by @​jelmer in jelmer#1675
• gc: improve test coverage by @​jelmer in jelmer#1679
• Add autogc disable mechanisms for API users by [@​jelmer](https://redirect.g