[PATCH] sphinx: Bump urllib3 version
Heinrich Schuchardt
xypron.glpk at gmx.de
Fri Oct 6 21:50:20 CEST 2023
On 10/6/23 03:41, Simon Glass wrote:
> On Thu, 5 Oct 2023 at 10:27, Tom Rini <trini at konsulko.com> wrote:
>>
>> While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to
>> CVE-2023-43804 to bump our version up.
The same bug is also fixed in 2.0.6. Why should we stick with the old
series? I could not see any issues building the documentation locally
and on Github with 2.0.6.
Best regards
Heinrich
>>
>> Reported-by: GitHub dependabot
>> Signed-off-by: Tom Rini <trini at konsulko.com>
>> ---
>> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> ---
>> doc/sphinx/requirements.txt | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list