[PATCH] sphinx: Bump urllib3 version
Tom Rini
trini at konsulko.com
Fri Oct 6 22:52:06 CEST 2023
On Fri, Oct 06, 2023 at 09:50:20PM +0200, Heinrich Schuchardt wrote:
> On 10/6/23 03:41, Simon Glass wrote:
> > On Thu, 5 Oct 2023 at 10:27, Tom Rini <trini at konsulko.com> wrote:
> > >
> > > While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to
> > > CVE-2023-43804 to bump our version up.
>
> The same bug is also fixed in 2.0.6. Why should we stick with the old
> series? I could not see any issues building the documentation locally
> and on Github with 2.0.6.
There's probably a number of packages we could bump for similar reasons,
if you'd like to unfreeze, build, check the output and refreeze. I'm
just posting something to get Dependabot to be silenced since I get this
whenever I push a branch.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20231006/a2c25806/attachment.sig>
More information about the U-Boot
mailing list