Update urllib3 version

This fixes CVE-2023-45803.
opendatacube · Nov 28, 2023 · 6078fd1 · 6078fd1
1 parent 88186b6
commit 6078fd1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/index/constraints.txt b/index/constraints.txt
@@ -307,8 +307,9 @@ typing-extensions==4.8.0
     # via cattrs
 tzdata==2023.3
     # via pandas
-urllib3==1.26.17
+urllib3==1.26.18
     # via
+    #   -r requirements.txt
     #   botocore
     #   distributed
     #   requests

diff --git a/index/requirements.txt b/index/requirements.txt
@@ -4,6 +4,8 @@ aiobotocore[awscli,boto3]
 odc-apps-dc-tools
 odc-apps-cloud
 pyyaml>=6.0.1
+# No direct dependency, avoid CVE-2023-45803 in urllib3 1.26.17.
+urllib3>1.26.17
 # Libraries to compile with the local gdal
 --no-binary rasterio
 --no-binary fiona