Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update setup.py #114

Merged
merged 3 commits into from
Aug 21, 2023
Merged

fix: update setup.py #114

merged 3 commits into from
Aug 21, 2023

Conversation

sabuhigr
Copy link
Contributor

@sabuhigr sabuhigr commented Aug 17, 2023
edited
Loading

google-auth-httplib2:0.1.0 | Reference: CVE-2021-21240 | CVSS Score: 7.5 | Category: CWE-400 | httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #113 馃

@sabuhigr
Update setup.py
7a3e47c 
google-auth-httplib2:0.1.0 | Reference: CVE-2021-21240 | CVSS Score: 7.5 | Category: CWE-400 | httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
@sabuhigr sabuhigr requested review from a team as code owners August 17, 2023 07:15
@google-cla
Copy link

google-cla bot commented Aug 17, 2023

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Aug 17, 2023
@arithmetic1728 arithmetic1728 changed the title Update setup.py fix: update setup.py Aug 17, 2023
@conventional-commit-lint-gcf
Copy link

conventional-commit-lint-gcf bot commented Aug 17, 2023
edited
Loading

馃 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot
https://conventionalcommits.org/

@arithmetic1728 arithmetic1728 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 17, 2023
@arithmetic1728
Copy link
Contributor

@sabuhigr could you sign the CLA? Thanks!

@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 17, 2023
@arithmetic1728
Copy link
Contributor

@sabuhigr and amend the commit message to "fix: update setup.py" using git commit --amend, thanks!

@sabuhigr
Copy link
Contributor Author

I have signed, @arithmetic1728.Thanks!

@sabuhigr sabuhigr marked this pull request as draft August 18, 2023 11:12
@sabuhigr sabuhigr marked this pull request as ready for review August 18, 2023 11:13
@clundin25 clundin25 added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Aug 21, 2023
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 21, 2023
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 21, 2023
@clundin25 clundin25 merged commit d6a0e3d into googleapis:main Aug 21, 2023
7 checks passed
@release-please release-please bot mentioned this pull request Aug 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arithmetic1728 arithmetic1728 Awaiting requested review from arithmetic1728

Assignees
No one assigned
Labels
size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Need to upgrade httplib2 package to use >= 0.19.0 because of vulnerabilitiy
4 participants
@sabuhigr @arithmetic1728 @yoshi-kokoro @clundin25