6 Oct
2023
6 Oct
'23
9:50 p.m.
On 10/6/23 03:41, Simon Glass wrote:
On Thu, 5 Oct 2023 at 10:27, Tom Rini trini@konsulko.com wrote:
While not a direct issue for us, urllib3 before 1.26.17 is vulnerable to CVE-2023-43804 to bump our version up.
The same bug is also fixed in 2.0.6. Why should we stick with the old series? I could not see any issues building the documentation locally and on Github with 2.0.6.
Best regards
Heinrich
Reported-by: GitHub dependabot Signed-off-by: Tom Rini trini@konsulko.com
Cc: Heinrich Schuchardt xypron.glpk@gmx.de
doc/sphinx/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org