Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add minimal version contrain to urllib3 #32031

merged 1 commit into from Feb 20, 2020

Add minimal version contrain to urllib3 #32031

merged 1 commit into from Feb 20, 2020


Copy link

frenck commented Feb 20, 2020

Proposed change

Add minimal version constraint to ensure we always deal with CVE-2019-11236 & CVE-2019-11324.


Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Example entry for configuration.yaml:

# Example configuration.yaml

Additional information

  • This PR fixes or closes issue: fixes #
  • This PR is related to issue:
  • Link to documentation pull request:


  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • The code has been formatted using Black (black --fast homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • Untested files have been added to .coveragerc.

The integration reached or maintains the following Integration Quality Scale:

  • No score or internal
  • 馃 Silver
  • 馃 Gold
  • 馃弳 Platinum
@project-bot project-bot bot added this to Needs review in Dev Feb 20, 2020
@frenck frenck added this to the 0.106.0 milestone Feb 20, 2020

This comment has been minimized.

Copy link

codecov bot commented Feb 20, 2020

Codecov Report

Merging #32031 into dev will decrease coverage by <.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             dev   #32031      +/-   ##
- Coverage   94.7%   94.69%   -0.01%     
  Files        766      766              
  Lines      55587    55587              
- Hits       52643    52640       -3     
- Misses      2944     2947       +3
Impacted Files Coverage 螖
homeassistant/components/template/ 96.34% <0%> (-1.37%) 猬囷笍

Continue to review full report at Codecov.

Legend - Click here to learn more
螖 = absolute <relative> (impact), 酶 = not affected, ? = missing data
Powered by Codecov. Last update 1c81e8a...1688d8d. Read the comment docs.

@frenck frenck changed the title Add minimal version constraint to urllib3 Add minimal version contrain to urllib3 Feb 20, 2020
@frenck frenck merged commit bf1092e into dev Feb 20, 2020
11 checks passed
11 checks passed
CI Build #20200220.60 succeeded
CI (FullCheck Mypy) FullCheck Mypy succeeded
CI (FullCheck Pylint) FullCheck Pylint succeeded
CI (Overview CheckFormat) Overview CheckFormat succeeded
CI (Overview Lint) Overview Lint succeeded
CI (Overview Validate) Overview Validate succeeded
CI (Tests PyTest Python37) Tests PyTest Python37 succeeded
cla-bot Everyone involved has signed the CLA
codecov/patch Coverage not affected when comparing 1c81e8a...1688d8d
codecov/project Absolute coverage decreased by -0.01, only covered lines were removed
docs-missing Documentation ok.
Dev automation moved this from Needs review to Done Feb 20, 2020
@frenck frenck deleted the frenck-2020-0217 branch Feb 20, 2020
balloob added a commit that referenced this pull request Feb 20, 2020
@lock lock bot locked and limited conversation to collaborators Feb 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can鈥檛 perform that action at this time.