New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python-requests: allow urllib3 1.25.x #8807
Conversation
They appear to be preparing a release, not sure where it is being tracked though. |
It seems that it will be soon, so we will see, but the patch what I have included will be in their new release - kennethreitz/requests@d6b5b40 |
@@ -0,0 +1,32 @@ | |||
Pull request: https://github.com/kennethreitz/requests/pull/5063 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: one good practice about patches is to number them;
in this case, it should be fine to leave them as-is here, since it will be remove when requests
updates;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, I forget to do this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added number, also added note about their commit, which they have prepared in their branch.
a global nitpick: i would have made this into 3 patches:
it is also fine (from my side) to leave these as-is here so, LGTM from my side :) |
aa84714
to
c1dbbac
Compare
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add PKG_CPE_ID, PKG_LICENSE_FILES Reorder things in Makefile Update URL Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
As suggested, I made the following changes:
It is included in commit messages. |
this has been fine (from my side) to merge for some time now no idea about other blockers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - thanks!
Maintainer: me and @commodo
Compile tested: Turris MOX, cortexa53, OpenWrt master
Run tested: Turris MOX, cortexa53, OpenWrt master
Description:
Version 1.25 of urllib3 was merged to master 2 days ago, which fixes CVE-2019-11324, but requests is still using the older version. AFAIK, there's no mention, when requests will release a new version.
I found on their website: