Update Python dependency - urllib3 from v1.25.8 to v1.25.9

https://www.cve.org/CVERecord?id=CVE-2020-26137 > urllib3 before 1.25.9 allows CRLF injection if the attacker controls > the HTTP request method, as demonstrated by inserting CR and LF > control characters in the first argument of putrequest(). NOTE: this > is similar to CVE-2020-26116. Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
2022-06-30 17:30:30 +08:00 · 2022-06-30 17:30:30 +08:00 · a6d0e49ed1
parent 4399f41473
commit a6d0e49ed1
3 changed files with 9 additions and 10 deletions
--- a/2
+++ b/2
@ -48,7 +48,7 @@ testinfra = "==3.3.0"
 texttable = "==1.6.2"
 toml = "==0.10.0"
 tox = "==3.14.3"
-urllib3 = "==1.25.8"
+urllib3 = "==1.25.9"
 virtualenv = "==16.7.9"
 wcwidth = "==0.1.7"
 zipp = "==0.6.0"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "2c7f1fb7f001bf70bba7309859b06dc323040f21518b32ee8993aa823c27df15"
+            "sha256": "7b26c964f32db6ff56972abb88bd5bea6b4867dea49914f36999a2adc89eab1f"
        },
        "pipfile-spec": 6,
        "requires": {
@ -381,11 +381,10 @@
        },
        "packaging": {
            "hashes": [
-                "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5",
-                "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"
+                "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb",
+                "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
-            "version": "==20.9"
+            "version": "==21.3"
        },
        "pathlib2": {
            "hashes": [
@ -577,11 +576,11 @@
        },
        "urllib3": {
            "hashes": [
-                "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc",
-                "sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc"
+                "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527",
+                "sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115"
            ],
            "index": "pypi",
-            "version": "==1.25.8"
+            "version": "==1.25.9"
        },
        "virtualenv": {
            "hashes": [
--- a/requirements.txt
+++ b/requirements.txt
@ -47,7 +47,7 @@ testinfra==3.3.0
 texttable==1.6.2
 toml==0.10.0
 tox==3.14.3
-urllib3==1.25.8
+urllib3==1.25.9
 virtualenv==16.7.9
 wcwidth==0.1.7
 websocket-client==0.57.0