Skip to content

chore: upgraded urllib3 (python library) #3938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alizard0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: upgraded urllib3 (python library) #3938

alizard0 wants to merge 1 commit into from

Conversation

@alizard0
Copy link
Member

@alizard0 alizard0 commented Dec 19, 2025
edited
Loading

It upgrades urllib3 (python library) for fixing CVE-2025-66418 which is required by requests.
Requests requires the following

"requires_dist": [
  "charset_normalizer<4,>=2",
  "idna<4,>=2.5",
  "urllib3<3,>=1.21.1",
  "certifi>=2017.4.17",
  "PySocks!=1.5.7,>=1.5.6; extra == \"socks\"",
  "chardet<6,>=3.0.2; extra == \"use-chardet-on-py3\""
]

@openshift-ci
Copy link

openshift-ci bot commented Dec 19, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign albarbaro for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot requested review from hopehadfield and kadel December 19, 2025 14:48
@alizard0 alizard0 changed the title Upgraded urllib3 (python library) chore: Upgraded urllib3 (python library) Dec 19, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 19, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Zaperex Zaperex changed the title chore: Upgraded urllib3 (python library) chore: upgraded urllib3 (python library) Dec 19, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 19, 2025

The image is available at:

/test e2e-ocp-helm

@Zaperex
Copy link
Member

Zaperex commented Dec 19, 2025
edited
Loading

Can you please run the following to update the requirements-build.txt file and commit that as well?

pip-compile --allow-unsafe --output-file=requirements-build.txt --strip-extras requirements-build.in

Then run the cachito-hash.sh script as mentioned in https://github.com/redhat-developer/rhdh/blob/main/python/README.requirements.md

nickboldt
nickboldt requested changes Dec 19, 2025
View reviewed changes
Copy link
Member

@nickboldt nickboldt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

may break our ability to build the mkdocs dependencies, like plantuml-markdown
and you're only changing ONE file but to bump the python deps you have to update 4 files per branch.
if you update a .in file, you have to regen the .txt files too -- see the instructions at the top of the .in file

pip-compile --allow-unsafe --output-file=requirements.txt --strip-extras requirements.in

See also https://issues.redhat.com/browse/RHIDP-8062 , which is blocked by https://issues.redhat.com/browse/RHEL-103914

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickboldt nickboldt nickboldt requested changes

@hopehadfield hopehadfield Awaiting requested review from hopehadfield

@kadel kadel Awaiting requested review from kadel

Assignees

No one assigned

Labels

status/blocked

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alizard0 @Zaperex @nickboldt