From 0950fa920ca5e10b8fb7a5497816343a61ed29e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Jul 2024 13:09:02 -0600 Subject: [PATCH] Bump urllib3 from 2.1.0 to 2.2.2 in /src (#293) * Bump urllib3 from 2.1.0 to 2.2.2 in /src Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.1.0 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.1.0...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] * Require urllib3>=2.2.2 * Recompile requirements --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Romaniello --- src/requirements-dev.txt | 2 +- src/requirements.in | 2 +- src/requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt index 069d7838..22ca6def 100644 --- a/src/requirements-dev.txt +++ b/src/requirements-dev.txt @@ -354,7 +354,7 @@ uritemplate==4.1.1 # via # -r requirements.txt # drf-yasg -urllib3==2.1.0 +urllib3==2.2.2 # via # -r requirements.txt # requests diff --git a/src/requirements.in b/src/requirements.in index cf9e9e7f..16ef0bd3 100644 --- a/src/requirements.in +++ b/src/requirements.in @@ -19,4 +19,4 @@ idna>=3.7 # CVE-2024-3651 grpcio>=1.53.0 # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428 pyyaml>=5.4.0 # CVE-2020-14343 sqlparse>=0.5.0 # CVE-2024-4340 -urllib3>=1.26.18 # CVE-2023-45803 +urllib3>=2.2.2 # CVE-2024-37891 diff --git a/src/requirements.txt b/src/requirements.txt index ef77ffc2..a558e211 100644 --- a/src/requirements.txt +++ b/src/requirements.txt @@ -169,7 +169,7 @@ typing-extensions==4.8.0 # via asgiref uritemplate==4.1.1 # via drf-yasg -urllib3==2.1.0 +urllib3==2.2.2 # via # -r requirements.in # requests