Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update requests and urllib3 #2111

Merged
merged 1 commit into from
Aug 19, 2024
Merged

Update requests and urllib3 #2111

merged 1 commit into from
Aug 19, 2024

Conversation

mkosiarc
Copy link
Contributor

@mkosiarc mkosiarc commented Aug 19, 2024
edited
Loading

Updating requests to 2.32.3 and urllib3 to 1.26.19, patches security vulnerabilites as reported by

https://github.com/containerbuildsystem/atomic-reactor/security/dependabot?q=is%3Aopen+package%3Aurllib3%2Crequests

STONEBLD-2636

Maintainers will complete the following section

  • Commit messages are descriptive enough
  • Code coverage from testing does not decrease and new code is covered
  • Python type annotations added to new code
  • JSON/YAML configuration changes are updated in the relevant schema
  • Changes to metadata also update the documentation for the metadata
  • Pull request has a link to an osbs-docs PR for user documentation updates
  • New feature can be disabled from a configuration file

@mkosiarc
Update requests and urllib3
c4d5611 
Updating requests to 2.32.3 and urllib3 to 1.26.19, patches security
vulnerabilites as reported by

https://github.com/containerbuildsystem/atomic-reactor/security/dependabot?q=is%3Aopen+package%3Aurllib3%2Crequests

STONEBLD-2636

Signed-off-by: mkosiarc <[email protected]>
@mkosiarc
Copy link
Contributor Author

Updated the PR to use 2.32.3 version of requests, as the 2.32.0 version was yanked from PyPi due to other CVEs, see https://pypi.org/project/requests/#history

@mkosiarc mkosiarc merged commit 2f59919 into containerbuildsystem:master Aug 19, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chmeliik chmeliik chmeliik approved these changes

@MartinBasti MartinBasti MartinBasti approved these changes

@rcerven rcerven Awaiting requested review from rcerven

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mkosiarc @MartinBasti @chmeliik