viezly[bot]
commented
2 years ago Pull request by bot. No need to analyze
Closed renovate[bot] closed 2 years ago
viezly[bot]
commented
2 years ago Pull request by bot. No need to analyze
vercel[bot]
commented
2 years ago This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.
π Inspect: https://vercel.com/bgoonz/search-awesome/5TttfrMcwooL3rJdUVrtLaVXveHw
β
Preview: https://search-awesome-git-renovate-pypi-urllib3-vulnerability-bgoonz.vercel.app
This PR contains the following updates:
==1.25.10->==1.26.5GitHub Vulnerability Alerts
CVE-2021-33503
Impact
When provided with a URL containing many
@characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
Release Notes
urllib3/urllib3
### [`v1.26.5`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1265-2021-05-26) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.4...1.26.5) \=================== - Fixed deprecation warnings emitted in Python 3.10. - Updated vendored `six` library to 1.16.0. - Improved performance of URL parser when splitting the authority component. ### [`v1.26.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1264-2021-03-15) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.3...1.26.4) \=================== - Changed behavior of the default `SSLContext` when connecting to HTTPS proxy during HTTPS requests. The default `SSLContext` now sets `check_hostname=True`. ### [`v1.26.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1263-2021-01-26) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.2...1.26.3) \=================== - Fixed bytes and string comparison issue with headers (Pull [#2141](https://togithub.com/urllib3/urllib3/issues/2141)) - Changed `ProxySchemeUnknown` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull [#2107](https://togithub.com/urllib3/urllib3/issues/2107)) ### [`v1.26.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1262-2020-11-12) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.1...1.26.2) \=================== - Fixed an issue where `wrap_socket` and `CERT_REQUIRED` wouldn't be imported properly on Python 2.7.8 and earlier (Pull [#2052](https://togithub.com/urllib3/urllib3/issues/2052)) ### [`v1.26.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1261-2020-11-11) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.0...1.26.1) \=================== - Fixed an issue where two `User-Agent` headers would be sent if a `User-Agent` header key is passed as `bytes` (Pull [#2047](https://togithub.com/urllib3/urllib3/issues/2047)) ### [`v1.26.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#1260-2020-11-10) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.25.11...1.26.0) \=================== - **NOTE: urllib3 v2.0 will drop support for Python 2**. `Read more in the v2.0 RoadmapConfiguration
π Schedule: "" (UTC).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.