security: ibm-cos-sdk app scan violation in the packaged urllib

[scottdickerson]

The packaged version of urllib3 and sessions has a security violation, please upgrade them in the latest cos-sdk

Found in 2.5.2 version of ibm-cos-sdk library:

/Users/scottsd/Documents/GitHub/analytics-service-library/env/lib/python3.7/site-packages/ibm_botocore/vendored/requests/packages/urllib3/util/retry.py

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060

Also there's a violation in the sessions package:

CVE-2018-20060 CVE's 2018-20060 CVE 2018-18074

[paul-carron]

Internal reference: CSAFE-58815

[paul-carron]

@scottdickerson this is now fixed in release 2.5.4.

[paul-carron]

close