From 8153363b2dea2f64ee2eb7010c842bdc107b927e Mon Sep 17 00:00:00 2001
From: Peter Dave Hello <hsu@peterdavehello.org>
Date: Wed, 6 Jul 2022 01:27:07 +0800
Subject: [PATCH] Update Python dependency - urllib3 & requests

- Update urllib3 from v1.25.9 to v1.26.5
- Update requests from v2.22.0 to v2.28.1

There's a medium severity CVE in urllib3, before v1.26.5, but we can't
only just update urllib3 because there will be a dependency conflict.
requests also needs to be updated.

CVE reference:

https://www.cve.org/CVERecord?id=CVE-2021-33503

> An issue was discovered in urllib3 before 1.26.5. When provided with a
> URL containing many @ characters in the authority component, the
> authority regular expression exhibits catastrophic backtracking,
> causing a denial of service if a URL were passed as a parameter or
> redirected to via an HTTP redirect.

Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
---
 Pipfile      |  4 ++--
 Pipfile.lock | 21 ++++++++++++++-------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/Pipfile b/Pipfile
index 661be15..b1a81f6 100644
--- a/Pipfile
+++ b/Pipfile
@@ -40,7 +40,7 @@ pytest = "==4.6.8"
 pytest-cov = "==2.8.1"
 pytest-forked = "==1.1.3"
 pytest-xdist = "==1.31.0"
-requests = "==2.22.0"
+requests = "==2.28.1"
 scandir = "==1.10.0"
 six = "==1.13.0"
 subprocess32 = "==3.5.4"
@@ -48,7 +48,7 @@ testinfra = "==3.3.0"
 texttable = "==1.6.2"
 toml = "==0.10.0"
 tox = "==3.14.3"
-urllib3 = "==1.25.9"
+urllib3 = "==1.26.5"
 virtualenv = "==16.7.9"
 wcwidth = "==0.1.7"
 zipp = "==0.6.0"
diff --git a/Pipfile.lock b/Pipfile.lock
index 18890f0..9016887 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "7b26c964f32db6ff56972abb88bd5bea6b4867dea49914f36999a2adc89eab1f"
+            "sha256": "3acc0cd5a21768bc88eb864826f4309a3fe26d525f14dddd17d33a0c2490e57c"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -143,6 +143,13 @@
             "index": "pypi",
             "version": "==3.0.4"
         },
+        "charset-normalizer": {
+            "hashes": [
+                "sha256:5189b6f22b01957427f35b6a08d9a0bc45b46d3788ef5a92e978433c7a35f8a5",
+                "sha256:575e708016ff3a5e3681541cb9d79312c416835686d054a23accb873b254f413"
+            ],
+            "version": "==2.1.0"
+        },
         "configparser": {
             "hashes": [
                 "sha256:254c1d9c79f60c45dfde850850883d5aaa7f19a23f13561243a050d5a7c3fe4c",
@@ -501,11 +508,11 @@
         },
         "requests": {
             "hashes": [
-                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
-                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
+                "sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983",
+                "sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"
             ],
             "index": "pypi",
-            "version": "==2.22.0"
+            "version": "==2.28.1"
         },
         "scandir": {
             "hashes": [
@@ -576,11 +583,11 @@
         },
         "urllib3": {
             "hashes": [
-                "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527",
-                "sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115"
+                "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c",
+                "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098"
             ],
             "index": "pypi",
-            "version": "==1.25.9"
+            "version": "==1.26.5"
         },
         "virtualenv": {
             "hashes": [