From 35e59ba2d59d1d4752b9a6c4364a5aeb27802834 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:25:34 +0530 Subject: [PATCH] Bump urllib3 from 1.26.12 to 1.26.19 in /tools/deps (#5008) * Bump urllib3 from 1.26.12 to 1.26.19 in /tools/deps Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.12 to 1.26.19. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.12...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] * Bump boto3 from 1.34.17 to 1.35.21 in /tools/deps (#5259) Bumps [boto3](https://github.com/boto/boto3) from 1.34.17 to 1.35.21. * Bump botocore from 1.34.17 to 1.35.21 in /tools/deps (#5258) Bumps [botocore](https://github.com/boto/botocore) from 1.34.17 to 1.35.21. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pooja Ramkrishna Daine --- docs/changes/5.5.1.md | 5 ++++- tools/deps/requirements.txt | 18 +++++++++--------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/docs/changes/5.5.1.md b/docs/changes/5.5.1.md index eb6a54ba1b..342043db5a 100644 --- a/docs/changes/5.5.1.md +++ b/docs/changes/5.5.1.md @@ -25,7 +25,7 @@ Release date: `2024-xx-xx` ## Packaging / Build -- [NXDRIVE-2](https://jira.nuxeo.com/browse/NXDRIVE-2): +- [NXDRIVE-2970](https://jira.nuxeo.com/browse/NXDRIVE-2970): Fix security issue: urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects ## Tests @@ -39,6 +39,8 @@ Release date: `2024-xx-xx` - Upgraded `authlib` from 1.3.0 to 1.3.1 - Upgraded `black` from 23.12.1 to 24.8.0 +- Upgraded `boto3` from 1.34.17 to 1.35.21 +- Upgraded `botocore` from 1.34.17 to 1.35.21 - Upgraded `certifi` from 2023.7.22 to 2024.7.4 - Upgraded `flake8` from 6.1.0 to 7.1.1 - Upgraded `typing-extensions` from 4.9.0 to 4.12.2 @@ -48,6 +50,7 @@ Release date: `2024-xx-xx` - Upgraded `pyflakes` from 3.1.0 to 3.2.0 - Upgraded `pytest-benchmark` from 3.4.1 to 4.0.0 - Upgraded `setuptools` from 69.5.1 to 72.1.0 +- Upgraded `urllib3` from 1.26.12 to 1.26.19 - Upgraded `zipp` from 3.18.0 to 3.20.0 ## Technical Changes diff --git a/tools/deps/requirements.txt b/tools/deps/requirements.txt index c4ea6a34df..387ecf428f 100644 --- a/tools/deps/requirements.txt +++ b/tools/deps/requirements.txt @@ -6,13 +6,13 @@ authlib==1.3.1 \ --hash=sha256:7ae843f03c06c5c0debd63c9db91f9fda64fa62a42a77419fa15fbb7e7a58917 \ --hash=sha256:d35800b973099bbadc49b42b256ecb80041ad56b7fe1216a362c7943c088f377 # via nuxeo -boto3==1.34.17 \ - --hash=sha256:1efc02be786884034d503d59c018cf7650d0cff9fcb37cd2eb49b802a6fe6111 \ - --hash=sha256:8ca248cc84e7e859e4e276eb9c4309fa01a3e58473bf48d6c33448be870c2bb8 +boto3==1.35.21 \ + --hash=sha256:247f88eedce9ae4e014a8fc14a9473759bb8e391460d49396a3b600fb649f33b \ + --hash=sha256:db5fbbd10248db060f2ccce3ae17764f1641c99c8b9f51d422c26ebe25703a1e # via nuxeo -botocore==1.34.17 \ - --hash=sha256:7272c39032c6f1d62781e4c8445d9a1d9140c2bf52ba7ee66bf6db559c4b2427 \ - --hash=sha256:e48a662f3a6919219276b55085e8f73c3347966675f55e9d448be30cf79678ee +botocore==1.35.21 \ + --hash=sha256:3db9ddfe521edc0753fc8c68caef71c7806e1d2d21ce8cbabc2065b7d79192f2 \ + --hash=sha256:db917e7d7b3a2eed1310c6496784bc813c91f020a021c2ab5f9df7d28cdb4f1d # via boto3, s3transfer certifi==2024.7.4 \ --hash=sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b \ @@ -421,9 +421,9 @@ tld==0.13 \ --hash=sha256:93dde5e1c04bdf1844976eae440706379d21f4ab235b73c05d7483e074fb5629 \ --hash=sha256:f75b2be080f767ed17c2338a339eaa4fab5792586319ca819119da252f9f3749 # via pypac -urllib3==1.26.12 \ - --hash=sha256:3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e \ - --hash=sha256:b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997 +urllib3==1.26.19 \ + --hash=sha256:37a0344459b199fce0e80b0d3569837ec6b6937435c5244e7fd73fa6006830f3 \ + --hash=sha256:3e3d753a8618b86d7de333b4223005f68720bcd6a7d2bcb9fbd2229ec7c1e429 # via # botocore # requests