Update dependency configobj to v5.0.9 [SECURITY]

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
configobj	==5.0.6 -> ==5.0.9

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

---

Release Notes

DiffSK/configobj (configobj)

v5.0.9: 5.0.9

Compare Source

What's Changed

• Address CVE-2023-26112 ReDoS by @​cdcadman in #​236
• Drop Python 2 support and compatibility code by @​jelmer in #​237
• Extra 2014 by @​jelmer in #​245
• setup.py: fix license tag by @​yegorich in #​241
• Update minimum python to 3.7 everywhere, and add 3.12 by @​jelmer in #​246

New Contributors

• @​cdcadman made their first contribution in #​236
• @​yegorich made their first contribution in #​241

Full Changelog: DiffSK/configobj@v5.0.8...v5.0.9

v5.0.8: confirming things work in newer python versions

Compare Source

5.0.7 originally did this work, but 5.0.8 fixes a regression (#​230)

v5.0.7

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.