Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update urllib3 to 1.26.18 or above #12556

Closed
1 task done
ayappanec opened this issue Mar 4, 2024 · 1 comment · Fixed by #12518
Closed
1 task done

Update urllib3 to 1.26.18 or above #12556

ayappanec opened this issue Mar 4, 2024 · 1 comment · Fixed by #12518
Labels
S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior

Comments

@ayappanec
Copy link

Description

urllib3 versions 1.26.17 or below are affected by the security vulnerability CVE-2023-45803
GHSA-g4mx-q9vg-27p4

Is it possible to update urllib3 vendor bundle inside pip to 1.26.18 or above ?

Expected behavior

No response

pip version

main

Python version

main

OS

AIX, Linux

How to Reproduce

urllib3 version is 1.26.17 inside pip _vendor directory

Output

No response

Code of Conduct
@ayappanec ayappanec added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Mar 4, 2024
@pfmoore
Copy link
Member

pfmoore commented Mar 4, 2024

This should happen automatically as part of our next scheduled release (in April) when we'll update all our vendored dependencies to their latest releases.

@sbidoul sbidoul mentioned this issue Mar 10, 2024
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade vendored dependencies sbidoul/pip
2 participants
@pfmoore @ayappanec