Re: [PATCH] sphinx: Bump urllib3 version

On 10/18/23 14:33, Tom Rini wrote: While unlikely to be a direct issue for us, urllib3 before 2.0.7 is vulnerable to CVE-2023-45803, so bump our version up. Reported-by: GitHub dependabot Signed-off-by: Tom Rini Reviewed-by: Heinrich Schuchardt --- Cc: Heinrich Schuchardt --- doc/sphinx

[PATCH] sphinx: Bump urllib3 version

While unlikely to be a direct issue for us, urllib3 before 2.0.7 is vulnerable to CVE-2023-45803, so bump our version up. Reported-by: GitHub dependabot Signed-off-by: Tom Rini --- Cc: Heinrich Schuchardt --- doc/sphinx/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) dif

Re: [PATCH] sphinx: Bump urllib3 version

On Fri, Oct 06, 2023 at 09:50:20PM +0200, Heinrich Schuchardt wrote: > On 10/6/23 03:41, Simon Glass wrote: > > On Thu, 5 Oct 2023 at 10:27, Tom Rini wrote: > > > > > > While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to > > > CVE-2023-43804 to bump our version up. > > The s

Re: [PATCH] sphinx: Bump urllib3 version

On 10/6/23 03:41, Simon Glass wrote: On Thu, 5 Oct 2023 at 10:27, Tom Rini wrote: While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to CVE-2023-43804 to bump our version up. The same bug is also fixed in 2.0.6. Why should we stick with the old series? I could not see any

Re: [PATCH] sphinx: Bump urllib3 version

On Thu, 5 Oct 2023 at 10:27, Tom Rini wrote: > > While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to > CVE-2023-43804 to bump our version up. > > Reported-by: GitHub dependabot > Signed-off-by: Tom Rini > --- > Cc: Heinrich Schuchardt > --- > doc/sphinx/requirements.txt | 2

[PATCH] sphinx: Bump urllib3 version

While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to CVE-2023-43804 to bump our version up. Reported-by: GitHub dependabot Signed-off-by: Tom Rini --- Cc: Heinrich Schuchardt --- doc/sphinx/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/