Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️ Bump urllib3 to 1.26.20 #11891

Merged
merged 1 commit into from
Feb 24, 2025
Merged

⬆️ Bump urllib3 to 1.26.20 #11891

merged 1 commit into from
Feb 24, 2025

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Feb 24, 2025
edited
Loading

https://www.cvedetails.com/cve/CVE-2024-37891/
" Users are advised to update to either version 1.26.19 or version 2.2.2"

#11455

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The PR upgrades urllib3 from v1.26.18 to v1.26.20 in requirements.txt, potentially including security improvements that warrant review.

Expand for full summary

The PR updates urllib3 from version 1.26.18 to 1.26.20 in requirements.txt. Security consideration: The version update for urllib3 may include potential security patches or improvements that should be carefully reviewed in the library's release notes.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer mentioned this pull request Feb 24, 2025
Closed
mtesauro
mtesauro approved these changes Feb 24, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit ecbb6a8 into DefectDojo:dev Feb 24, 2025
72 checks passed
@manuel-sommer manuel-sommer deleted the bump_urllib3 branch February 24, 2025 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@manuel-sommer @grendel513 @cneill @mtesauro @dogboat @hblankenship