Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️ upgrades urllib3==1.26.5 to fix CVE-2021-33503 #2963

Merged
merged 5 commits into from
Apr 7, 2022
Merged

⬆️ upgrades urllib3==1.26.5 to fix CVE-2021-33503 #2963

merged 5 commits into from
Apr 7, 2022

Conversation

pcrespov
Copy link
Member

@pcrespov pcrespov commented Apr 5, 2022
edited

What do these changes do?

upgrades urllib3==1.26.5 to fix CVE-2021-33503 . This fixes vulnerability in director services as reported in
https://github.com/ITISFoundation/osparc-simcore/security/dependabot/97

Related issue/s

How to test

Checklist

@pcrespov pcrespov requested a review from sanderegg as a code owner April 5, 2022 18:35
@pcrespov pcrespov self-assigned this Apr 5, 2022
@pcrespov pcrespov changed the title ⬆️ maintenance: upgrades urllib3==1.26.5 to fix CVE-2021-33503 ⬆️ maintenance: fixes vulnerability CVE-2021-33503 Apr 5, 2022
@pcrespov pcrespov changed the title ⬆️ maintenance: fixes vulnerability CVE-2021-33503 ⬆️ maintenance: upgrades urllib3==1.26.5 to fix CVE-2021-33503 Apr 5, 2022
@pcrespov pcrespov changed the title ⬆️ maintenance: upgrades urllib3==1.26.5 to fix CVE-2021-33503 ⬆️ upgrades urllib3==1.26.5 to fix CVE-2021-33503 Apr 5, 2022
@pcrespov pcrespov added dependencies Pull requests that update a dependency file t:maintenance Some planned maintenance work security Pull requests that address a security vulnerability changelog:🔒️security labels Apr 5, 2022
@codecov
Copy link

codecov bot commented Apr 5, 2022
edited

Codecov Report

Merging #2963 (9a91b79) into master (ac4a00e) will decrease coverage by 0.8%.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff            @@
##           master   #2963     +/-   ##
========================================
- Coverage    79.6%   78.7%   -0.9%     
========================================
  Files         677     677             
  Lines       28308   28308             
  Branches     3652    3652             
========================================
- Hits        22534   22303    -231     
- Misses       5006    5252    +246     
+ Partials      768     753     -15
Flag Coverage Δ
integrationtests 64.5% <ø> (-1.2%) ⬇️
unittests 75.2% <ø> (+<0.1%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...re-sdk/src/simcore_sdk/node_ports/serialization.py 25.0% <0.0%> (-57.4%) ⬇️
...imcore-sdk/src/simcore_sdk/node_ports/nodeports.py 29.1% <0.0%> (-50.0%) ⬇️
...k/src/simcore_sdk/node_ports_common/filemanager.py 36.3% <0.0%> (-44.7%) ⬇️
...sdk/src/simcore_sdk/node_ports_common/dbmanager.py 43.0% <0.0%> (-43.1%) ⬇️
...es/simcore-sdk/src/simcore_sdk/node_ports/_item.py 66.4% <0.0%> (-28.0%) ⬇️
...sdk/src/simcore_sdk/node_ports/_data_items_list.py 55.2% <0.0%> (-10.6%) ⬇️
...k/src/simcore_sdk/node_ports/_schema_items_list.py 91.3% <0.0%> (-8.7%) ⬇️
...re_sdk/node_ports_common/client_session_manager.py 92.3% <0.0%> (-7.7%) ⬇️
.../simcore_sdk/node_ports_common/data_items_utils.py 92.5% <0.0%> (-7.5%) ⬇️
...rc/simcore_sdk/node_ports_common/storage_client.py 63.8% <0.0%> (-7.3%) ⬇️
... and 12 more

GitHK
GitHK reviewed Apr 6, 2022
View reviewed changes
scripts/common.Makefile Show resolved Hide resolved
services/director/requirements/_base.in Outdated Show resolved Hide resolved
@pcrespov pcrespov requested a review from GitHK April 6, 2022 07:08
GitHK
GitHK approved these changes Apr 6, 2022
View reviewed changes
Copy link
Contributor

@GitHK GitHK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

services/director/requirements/_base.in Show resolved Hide resolved
@mrnicegyu11
Copy link
Member

Thanks a lot!

@pcrespov pcrespov merged commit dae9ac7 into ITISFoundation:master Apr 7, 2022
@pcrespov pcrespov deleted the maintenance/urllib3-vulnerability branch April 7, 2022 08:16
@sanderegg sanderegg mentioned this pull request Apr 28, 2022
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GitHK GitHK GitHK approved these changes

@mrnicegyu11 mrnicegyu11 mrnicegyu11 approved these changes

@sanderegg sanderegg sanderegg approved these changes

Assignees

@pcrespov pcrespov

Labels
dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability t:maintenance Some planned maintenance work
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pcrespov @mrnicegyu11 @GitHK @sanderegg