[jira] [Updated] (HBASE-26821) Bump urllib3 in /dev-support/git-jira-release-audit

Wed, 09 Mar 2022 11:48:05 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-26821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Kyle Purtell updated HBASE-26821:
----------------------------------------
    Description: 
Bumps urllib3 from 1.25.8 to 1.26.5 to resolve two dependabot warnings

    - CRLF injection (Moderate) urllib3 (pip) · 
dev-support/git-jira-release-audit/requirements.txt

    - Catastrophic backtracking in URL authority parser when passed URL 
containing many @ characters (High) urllib3 (pip) · 
dev-support/git-jira-release-audit/requirements.txt

Bumps cryptography from 2.8 to 3.3.2 to resolve one dependabot warning

    - RSA decryption vulnerable to Bleichenbacher timing vulnerability 
(Moderate) cryptography (pip) · 
dev-support/git-jira-release-audit/requirements.txt



  was:
Bumps urllib3 from 1.25.8 to 1.26.5 to resolve two dependabot warnings

CRLF injection (Moderate)
urllib3 (pip) · dev-support/git-jira-release-audit/requirements.txt 

Catastrophic backtracking in URL authority parser when passed URL containing 
many @ characters (High)
urllib3 (pip) · dev-support/git-jira-release-audit/requirements.txt 



> Bump urllib3 in /dev-support/git-jira-release-audit
> ---------------------------------------------------
>
>                 Key: HBASE-26821
>                 URL: https://issues.apache.org/jira/browse/HBASE-26821
>             Project: HBase
>          Issue Type: Bug
>          Components: dependabot
>            Reporter: Andrew Kyle Purtell
>            Assignee: Andrew Kyle Purtell
>            Priority: Minor
>             Fix For: 3.0.0-alpha-3
>
>
> Bumps urllib3 from 1.25.8 to 1.26.5 to resolve two dependabot warnings
>     - CRLF injection (Moderate) urllib3 (pip) · 
> dev-support/git-jira-release-audit/requirements.txt
>     - Catastrophic backtracking in URL authority parser when passed URL 
> containing many @ characters (High) urllib3 (pip) · 
> dev-support/git-jira-release-audit/requirements.txt
> Bumps cryptography from 2.8 to 3.3.2 to resolve one dependabot warning
>     - RSA decryption vulnerable to Bleichenbacher timing vulnerability 
> (Moderate) cryptography (pip) · 
> dev-support/git-jira-release-audit/requirements.txt



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to