From fc657588e8c1d778e97248e268691e0504021cd9 Mon Sep 17 00:00:00 2001
From: Haowei Cai <haoweic@google.com>
Date: Wed, 26 Dec 2018 23:01:08 -0800
Subject: [PATCH] Cherrypick potential security fix CVE-2018-20060

to release-8.0.1
ref: https://github.com/kubernetes-client/python/pull/707
---
 CHANGELOG.md     | 3 +++
 requirements.txt | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 505ba056fc..5992ecf461 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,9 @@
 - Refresh GCP auth tokens on API retrieval [kubernetes-client/python-base#92](https://github.com/kubernetes-client/python-base/pull/92)
 - Fix kubeconfig loading failure when server uri contains trailing slash [kubernetes-client/python-base#45](https://github.com/kubernetes-client/python-base/pull/45)
 
+**Security Fix:**
+- Bump urllib3 version to pick up security fix for CVE-2018-20060 [kubernetes-client/python#707](https://github.com/kubernetes-client/python/pull/707)
+
 # v8.0.0
 **New Feature:**
 - Add utility to create API resource from yaml file [kubernetes-client/python#655](https://github.com/kubernetes-client/python/pull/655)
diff --git a/requirements.txt b/requirements.txt
index 3bf9656a52..5d84599325 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ certifi>=14.05.14 # MPL
 six>=1.9.0  # MIT
 python-dateutil>=2.5.3  # BSD
 setuptools>=21.0.0  # PSF/ZPL
-urllib3>=1.19.1,!=1.21  # MIT
+urllib3>=1.23  # MIT
 pyyaml>=3.12  # MIT
 google-auth>=1.0.1  # Apache-2.0
 ipaddress>=1.0.17;python_version=="2.7"  # PSF