[
https://issues.apache.org/jira/browse/HBASE-26821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Kyle Purtell updated HBASE-26821:
----------------------------------------
Summary: Bump dependencies in /dev-support/git-jira-release-audit (was:
Bump urllib3 in /dev-support/git-jira-release-audit)
> Bump dependencies in /dev-support/git-jira-release-audit
> --------------------------------------------------------
>
> Key: HBASE-26821
> URL: https://issues.apache.org/jira/browse/HBASE-26821
> Project: HBase
> Issue Type: Bug
> Components: dependabot
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Minor
> Fix For: 3.0.0-alpha-3
>
>
> Bumps urllib3 from 1.25.8 to 1.26.5 to resolve two dependabot warnings
> - CRLF injection (Moderate) urllib3 (pip) ·
> dev-support/git-jira-release-audit/requirements.txt
> - Catastrophic backtracking in URL authority parser when passed URL
> containing many @ characters (High) urllib3 (pip) ·
> dev-support/git-jira-release-audit/requirements.txt
> Bumps cryptography from 2.8 to 3.3.2 to resolve one dependabot warning
> - RSA decryption vulnerable to Bleichenbacher timing vulnerability
> (Moderate) cryptography (pip) ·
> dev-support/git-jira-release-audit/requirements.txt
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
