GMS-2020-7: Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs

October 27, 2020 (updated September 21, 2021)

Impact

Due to a sudden upstream breaking change by Bitly, versions of bitlyshortener can generate an invalid short URL when a vanity domain exists.

Patches

Upgrading bitlyshortener to or newer will prevent the generation of any such invalid short URLs.

References

Release notes

References

github.com/advisories/GHSA-r82c-j4mq-5xfw
github.com/impredicative/bitlyshortener/commit/3d412feb77f3daf6f71536463734c2119a55968d
github.com/impredicative/bitlyshortener/releases/tag/0.5.0
github.com/impredicative/bitlyshortener/security/advisories/GHSA-r82c-j4mq-5xfw
pypi.org/project/bitlyshortener/

Detect and mitigate GMS-2020-7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →