podman-py
podman-py copied to clipboard
containers
update urllib to 1.26.5 for a CVE found in previous versions
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: cdoern
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [cdoern]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
@cdoern Have you verified that version of the urllib3 library is available on RHEL and the other supported OSes? That has been an issue in the past. Otherwise, you lucked out that the version bump didn't break requests library. That has been an issue in the past.
/cc @lsm5 @jnovy
@jwhonce: GitHub didn't allow me to request PR reviews from the following users: jnovy.
Note that only containers members and repo collaborators can review this PR, and authors cannot review their own PRs.
In response to this:
@cdoern Have you verified that version of the urllib3 library is available on RHEL and the other supported OSes? That has been an issue in the past. Otherwise, you lucked out that the version bump didn't break requests library. That has been an issue in the past.
/cc @lsm5 @jnovy
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
@cdoern would be good to mention the full CVE ID in the commit message.
@jwhonce thanks, I'll check with @TomSweeneyRedHat and @jnovy on the package versions in RHEL
Yes, please include the full CVE in the commit message. Also, in the description or a comment, please include a link to the BZ that this is fixing. As far as the versions go, Jindrich is the man to check with.
