[requirements][requests] security update for requests in stable branches
On 19-02-15 06:51:20, Boden Russell wrote:
> Just to confirm; the best way to test with this change is to submit a
> dummy patch that depends on 637124 in the respective project's
> stable/rocky branch?
> On 2/15/19 12:27 AM, Matthew Thode wrote:
> > Recently it was reported to us that requests had a recent release that
> > addressed a CVE (CVE-2018-18074). Requests has no stable branches so
> > the only way to update openstack stable branches is to update to 2.20.1
> > in this case. I wanted to pass this by people as requests is generally
> > a nasty library with nasty surprises. It's passed our cross and dvsm
> > gating though (for rocky) so indications look good. What I'm asking you
> > for is anything that could go wrong with updating (rocky in this case,
> > but possibly back to newton, depending on co-installability). Please
> > let me know any blockers to to update (in the review preferably).
> > https://review.openstack.org/637124
> > Thanks,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available