Version bump urllib3 to 1.26.5 #1610
Conversation
|
Hi, if this PR could be approved and merged that would be great! I am working on a project where elasticsearch-curator's hard dependency on urllib3 v1.26.4 is causing a high severity security vulnerability. |
|
Apologies. I’m on vacation until July 13. I will get to it as soon as I can
|
|
Hi! I just wanted to check-in about this update since it's been a bit. Hope all is well! |
|
Also bumping this, thanks! |
|
Hi @untergeek, just inquiring when this is expected to get merged 👍 |
|
Just barely back from time off for a death in the family, as well as a wedding. Hopefully can address in the next few days. |
|
@untergeek It looks like ci/cd failed due to an elasticsearch client incompatibility. You can read about it here: The issue arose in elasticsearch version 7.14.0, so it could be good to cap the version as |
|
Also, is there any time estimate on when the next elasticsearch-curator version will be released so that we can consume these changes? Thanks :) |
|
Ah sorry, back when I did the PR it still passed CI successfully - it was before the latest licensing issues. Does not pass anymore, like @mau-alex-ruiz pointed out (https://travis-ci.org/github/elastic/curator/jobs/774705198) I guess in this particular case, dropping ES 5.x.x support could be another alternative. |
|
Not worried about the client issue. 5.6 is so old I'm removing testing for that. Anyone still needing to use 5.6 can use v5.8.4 or older. The current PR undergoing testing has stripped that out, and bumped a few other dependent modules. We'll see how that shakes out. |
Updates version of urllib3 dependency to 1.26.5 to avoid GHSA-q2q7-5pp4-w6pg.
Fixes #1609