Skip to content

Commit

Permalink
[universal] Update urllib3 package due to GHSA-g4mx-q9vg-27p4 (#843)
Browse files Browse the repository at this point in the history 
* [patch-python] Bump `urllib3` version to address CVE-2023-45803

* Add test

* Restart checks

* Restart checks

* Restart checks
  • Loading branch information
@alexander-smolyakov
alexander-smolyakov authored Nov 8, 2023
1 parent b703500 commit ffea7d7
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/universal/.devcontainer/local-features/patch-python/install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,6 @@ update_package() {

# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897
update_package /usr/local/python/3.9.*/bin/python setuptools 65.5.1

# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
update_package /usr/local/python/3.10.*/bin/python urllib3 2.0.7
1 change: 1 addition & 0 deletions src/universal/test-project/test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ ls -la /home/codespace
## Python - current
checkPythonPackageVersion "python" "setuptools" "65.5.1"
checkPythonPackageVersion "python" "requests" "2.31.0"
checkPythonPackageVersion "python" "urllib3" "2.0.7"

## Python 3.9
checkPythonPackageVersion "/usr/local/python/3.9.*/bin/python" "setuptools" "65.5.1"
Expand Down

0 comments on commit ffea7d7

Please sign in to comment.