search

anchore / anchore-cli

Simple command-line client to the Anchore Engine service
Apache License 2.0
114 stars 54 forks source link

Update requirements.txt #129

Closed cinterloper closed 3 years ago

cinterloper commented 3 years ago

A newer version of requests is available as of June.

zhill commented 3 years ago

Thanks @cinterloper. Does this resolve any specific issues (vulns etc) with requests library?

cinterloper commented 3 years ago

Hey @zhill, here are the release notes:

    pyOpenSSL TLS implementation is now only used if Python either doesn’t have an ssl module or doesn’t support SNI. Previously pyOpenSSL was unconditionally used if available. This applies even if pyOpenSSL is installed via the requests[security] extra (#5443)
    Redirect resolution should now only occur when allow_redirects is True. (#5492)
    No longer perform unnecessary Content-Length calculation for requests that won’t use it. (#5496)
zhill commented 3 years ago

Hey @zhill, here are the release notes:

    pyOpenSSL TLS implementation is now only used if Python either doesn’t have an ssl module or doesn’t support SNI. Previously pyOpenSSL was unconditionally used if available. This applies even if pyOpenSSL is installed via the requests[security] extra (#5443)
    Redirect resolution should now only occur when allow_redirects is True. (#5492)
    No longer perform unnecessary Content-Length calculation for requests that won’t use it. (#5496)

Thanks. Just making sure there isn't an issue you were seeing manifested in usage here in the CLI.

robertp commented 3 years ago

Hi @cinterloper! Could you please certify your PR with a DCO? Thank you!

zhill commented 3 years ago

Closing this as stale. We can re-open with new pushes or implement similar updates in other branches.