update urllib to latest

IBM / python-sdk-core

The python-sdk-core repository contains core functionality required by Python code generated by the IBM OpenAPI SDK Generator.

Apache License 2.0

20 stars 27 forks source link

update urllib to latest #179

Closed hemanthrough closed 1 year ago

hemanthrough commented 1 year ago

bumping urllib due to https://github.com/advisories/GHSA-g4mx-q9vg-27p4

pyrooka commented 1 year ago

Hi! Thanks for your contribution, but we would like to avoid upgrading to the next major version (v2) at the moment. As I can see, the CVE got fixed in 1.26.18 too, so maybe all we need to do is replacing the minimum version with that.

hemanthrough commented 1 year ago

@pyrooka sure will do that is there any reason for not doing that ?

fyi have done the changes

pyrooka commented 1 year ago

Well, we are planning to do it in the near future, but we have other projects that also need to be updated and we would like to do it in one batch. So the main reason is our internal tracking and to keep these projects in sync.

hemanthrough commented 1 year ago

ok thanks. I suppose you will take it from here :) ? (wrt to travis and stuff) Should I do anything else ?

padamstx commented 1 year ago

Closing this PR and opened this PR due to Travis issues.