From 29c4d0aa3f04e6d99dff016311029415589d1524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferenc=20G=C3=A9czi?= Date: Tue, 22 Feb 2022 00:00:00 +0000 Subject: [PATCH] fix(requirements): Increase minimum required urllib3 version This commit increases the minimum required urllib3 version to 1.26.5, which is currently the lowes, without known CVE vulnerability. For further info on the particular vulnerability see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503 --- setup.py | 2 +- tests/requirements-27.txt | 2 +- tests/requirements-310.txt | 2 +- tests/requirements-asynqp-legacy-flask-markupsafe.txt | 2 +- tests/requirements-asynqp.txt | 2 +- tests/requirements-cassandra.txt | 2 +- tests/requirements-gevent.txt | 2 +- tests/requirements.txt | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/setup.py b/setup.py index ea99eeff..22440d0f 100644 --- a/setup.py +++ b/setup.py @@ -66,7 +66,7 @@ def check_setuptools(): 'opentracing>=2.3.0', 'requests>=2.6.0', 'six>=1.12.0', - 'urllib3<1.27,>=1.21.1'], + 'urllib3<1.27,>=1.26.5'], entry_points={ 'instana': ['string = instana:load'], 'flask': ['string = instana:load'], # deprecated: use same as 'instana' diff --git a/tests/requirements-27.txt b/tests/requirements-27.txt index 13156be5..327eab49 100644 --- a/tests/requirements-27.txt +++ b/tests/requirements-27.txt @@ -32,4 +32,4 @@ spyne>=2.9,<=2.12.14 suds-jurko>=0.6 tornado>=4.5.3,<6.0 uvicorn>=0.12.2;python_version>="3.6" -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements-310.txt b/tests/requirements-310.txt index 7c1d4bc5..b524ca90 100644 --- a/tests/requirements-310.txt +++ b/tests/requirements-310.txt @@ -41,4 +41,4 @@ spyne>=2.13.16 suds-jurko>=0.6 uvicorn>=0.13.4 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements-asynqp-legacy-flask-markupsafe.txt b/tests/requirements-asynqp-legacy-flask-markupsafe.txt index 40094aa8..792f4f36 100644 --- a/tests/requirements-asynqp-legacy-flask-markupsafe.txt +++ b/tests/requirements-asynqp-legacy-flask-markupsafe.txt @@ -13,4 +13,4 @@ markupsafe==2.0.1 mock>=2.0.0 nose>=1.0 pytest>=4.6 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements-asynqp.txt b/tests/requirements-asynqp.txt index 4aca73ec..b4e53603 100644 --- a/tests/requirements-asynqp.txt +++ b/tests/requirements-asynqp.txt @@ -4,4 +4,4 @@ flask>=2.0.0,<3.0.0 mock>=2.0.0 nose>=1.0 pytest>=4.6 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements-cassandra.txt b/tests/requirements-cassandra.txt index 1b6f7468..ec211da9 100644 --- a/tests/requirements-cassandra.txt +++ b/tests/requirements-cassandra.txt @@ -2,4 +2,4 @@ cassandra-driver>=3.20.2 mock>=2.0.0 nose>=1.0 pytest>=4.6 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 \ No newline at end of file +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements-gevent.txt b/tests/requirements-gevent.txt index 4149115e..2e966894 100644 --- a/tests/requirements-gevent.txt +++ b/tests/requirements-gevent.txt @@ -4,4 +4,4 @@ mock>=2.0.0 nose>=1.0 pyramid>=1.2 pytest>=4.6 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 \ No newline at end of file +urllib3[secure]<1.27,>=1.26.5 diff --git a/tests/requirements.txt b/tests/requirements.txt index c38c1441..bb0185b1 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -29,4 +29,4 @@ spyne>=2.13.16 suds-jurko>=0.6 tornado>=4.5.3,<6.0 uvicorn>=0.13.4 -urllib3[secure]!=1.25.0,!=1.25.1,<1.27,>=1.21.1 +urllib3[secure]<1.27,>=1.26.5