Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update urllib to 1.26.5 for a CVE found in previous versions #210

Merged
merged 1 commit into from Oct 28, 2022
Merged

update urllib to 1.26.5 for a CVE found in previous versions #210

merged 1 commit into from Oct 28, 2022

Conversation

cdoern
Copy link
Collaborator

@cdoern cdoern commented Oct 4, 2022
edited

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 4, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cdoern

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Oct 4, 2022
@cdoern
Copy link
Collaborator Author

cdoern commented Oct 4, 2022

@TomSweeneyRedHat PTAL I think this is what is needed

@jwhonce
Copy link
Member

jwhonce commented Oct 4, 2022

@cdoern Have you verified that version of the urllib3 library is available on RHEL and the other supported OSes? That has been an issue in the past. Otherwise, you lucked out that the version bump didn't break requests library. That has been an issue in the past.

/cc @lsm5 @jnovy

@openshift-ci openshift-ci bot requested a review from lsm5 October 4, 2022 18:59
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 4, 2022

@jwhonce: GitHub didn't allow me to request PR reviews from the following users: jnovy.

Note that only containers members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

@cdoern Have you verified that version of the urllib3 library is available on RHEL and the other supported OSes? That has been an issue in the past. Otherwise, you lucked out that the version bump didn't break requests library. That has been an issue in the past.

/cc @lsm5 @jnovy

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@lsm5
Copy link
Member

lsm5 commented Oct 5, 2022

@cdoern would be good to mention the full CVE ID in the commit message.

@jwhonce thanks, I'll check with @TomSweeneyRedHat and @jnovy on the package versions in RHEL

@TomSweeneyRedHat
Copy link
Member

Yes, please include the full CVE in the commit message. Also, in the description or a comment, please include a link to the BZ that this is fixing. As far as the versions go, Jindrich is the man to check with.

@rhatdan
Copy link
Member

rhatdan commented Oct 19, 2022

@cdoern Please update so we can merge.

@cdoern
Copy link
Collaborator Author

cdoern commented Oct 28, 2022

sorry for the delay, I think this is set.

@rhatdan
Copy link
Member

rhatdan commented Oct 28, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Oct 28, 2022
@rhatdan rhatdan merged commit 3871d6e into containers:main Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lsm5 lsm5 Awaiting requested review from lsm5

Assignees

@rhatdan rhatdan

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@cdoern @jwhonce @lsm5 @TomSweeneyRedHat @rhatdan