[PATCH] sphinx: Bump urllib3 version

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Wed Oct 18 14:43:26 CEST 2023


On 10/18/23 14:33, Tom Rini wrote:
> While unlikely to be a direct issue for us, urllib3 before 2.0.7 is
> vulnerable to CVE-2023-45803, so bump our version up.
> 
> Reported-by: GitHub dependabot
> Signed-off-by: Tom Rini <trini at konsulko.com>

Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>

> ---
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
>   doc/sphinx/requirements.txt | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
> index 6d45a3fefffe..39ececb96c2b 100644
> --- a/doc/sphinx/requirements.txt
> +++ b/doc/sphinx/requirements.txt
> @@ -23,4 +23,4 @@ sphinxcontrib-htmlhelp==2.0.0
>   sphinxcontrib-jsmath==1.0.1
>   sphinxcontrib-qthelp==1.0.3
>   sphinxcontrib-serializinghtml==1.1.5
> -urllib3==2.0.6
> +urllib3==2.0.7



More information about the U-Boot mailing list