Skip to content

Add minimal version contrain to urllib3 #32031

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 20, 2020
Merged

Add minimal version contrain to urllib3 #32031

merged 1 commit into from
Feb 20, 2020

Conversation

@frenck
Copy link
Member

@frenck frenck commented Feb 20, 2020

Proposed change

Add minimal version constraint to ensure we always deal with CVE-2019-11236 & CVE-2019-11324.

Refs:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Example entry for configuration.yaml:

# Example configuration.yaml

Additional information

  • This PR fixes or closes issue: fixes #
  • This PR is related to issue:
  • Link to documentation pull request:

Checklist

  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • The code has been formatted using Black (black --fast homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • Untested files have been added to .coveragerc.

The integration reached or maintains the following Integration Quality Scale:

  • No score or internal
  • 🥈 Silver
  • 🥇 Gold
  • 🏆 Platinum

@probot-home-assistant probot-home-assistant bot added core small-pr PRs with less than 30 lines. labels Feb 20, 2020
@frenck frenck added this to the 0.106.0 milestone Feb 20, 2020
@codecov
Copy link

codecov bot commented Feb 20, 2020
edited
Loading

Codecov Report

Merging #32031 into dev will decrease coverage by <.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             dev   #32031      +/-   ##
=========================================
- Coverage   94.7%   94.69%   -0.01%     
=========================================
  Files        766      766              
  Lines      55587    55587              
=========================================
- Hits       52643    52640       -3     
- Misses      2944     2947       +3
Impacted Files Coverage Δ
homeassistant/components/template/cover.py 96.34% <0%> (-1.37%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1c81e8a...1688d8d. Read the comment docs.

@frenck frenck changed the title Add minimal version constraint to urllib3 Add minimal version contrain to urllib3 Feb 20, 2020
@frenck frenck merged commit bf1092e into dev Feb 20, 2020
@frenck frenck deleted the frenck-2020-0217 branch February 20, 2020 18:19
balloob pushed a commit that referenced this pull request Feb 20, 2020
@frenck @balloob
Add minimal version contrain to urllib3 (#32031)
fdd0bec
@lock lock bot locked and limited conversation to collaborators Feb 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cherry-picked cla-signed core small-pr PRs with less than 30 lines.

Projects

None yet

Milestone

0.106.0

Development

Successfully merging this pull request may close these issues.

4 participants

@frenck @balloob @homeassistant