From 0181cbb3127475588c060a0dbfea50243cf92bc8 Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Thu, 18 Feb 2021 12:31:07 +0100 Subject: [PATCH] Upgrade and constrain httplib2>=0.19.0 (#46725) --- homeassistant/components/google/manifest.json | 2 +- homeassistant/components/remember_the_milk/manifest.json | 2 +- homeassistant/package_constraints.txt | 5 +++-- requirements_all.txt | 2 +- requirements_test_all.txt | 2 +- script/gen_requirements_all.py | 5 +++-- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/homeassistant/components/google/manifest.json b/homeassistant/components/google/manifest.json index 6df116effa5..859f1b33296 100644 --- a/homeassistant/components/google/manifest.json +++ b/homeassistant/components/google/manifest.json @@ -4,7 +4,7 @@ "documentation": "https://www.home-assistant.io/integrations/google", "requirements": [ "google-api-python-client==1.6.4", - "httplib2==0.18.1", + "httplib2==0.19.0", "oauth2client==4.0.0" ], "codeowners": [] diff --git a/homeassistant/components/remember_the_milk/manifest.json b/homeassistant/components/remember_the_milk/manifest.json index f03f88023ae..8ce8cb98e5b 100644 --- a/homeassistant/components/remember_the_milk/manifest.json +++ b/homeassistant/components/remember_the_milk/manifest.json @@ -2,7 +2,7 @@ "domain": "remember_the_milk", "name": "Remember The Milk", "documentation": "https://www.home-assistant.io/integrations/remember_the_milk", - "requirements": ["RtmAPI==0.7.2", "httplib2==0.18.1"], + "requirements": ["RtmAPI==0.7.2", "httplib2==0.19.0"], "dependencies": ["configurator"], "codeowners": [] } diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt index 1a1163c7a88..7db311b56d5 100644 --- a/homeassistant/package_constraints.txt +++ b/homeassistant/package_constraints.txt @@ -46,8 +46,9 @@ h11>=0.12.0 # https://github.com/encode/httpcore/issues/239 httpcore>=0.12.3 -# Constrain httplib2 to protect against CVE-2020-11078 -httplib2>=0.18.0 +# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m +# https://github.com/advisories/GHSA-93xj-8mrv-444m +httplib2>=0.19.0 # gRPC 1.32+ currently causes issues on ARMv7, see: # https://github.com/home-assistant/core/issues/40148 diff --git a/requirements_all.txt b/requirements_all.txt index 0f96ab51235..fdddefc44a6 100644 --- a/requirements_all.txt +++ b/requirements_all.txt @@ -779,7 +779,7 @@ horimote==0.4.1 # homeassistant.components.google # homeassistant.components.remember_the_milk -httplib2==0.18.1 +httplib2==0.19.0 # homeassistant.components.huawei_lte huawei-lte-api==1.4.17 diff --git a/requirements_test_all.txt b/requirements_test_all.txt index 148b66e9ac1..cf1b25c9350 100644 --- a/requirements_test_all.txt +++ b/requirements_test_all.txt @@ -425,7 +425,7 @@ homematicip==0.13.1 # homeassistant.components.google # homeassistant.components.remember_the_milk -httplib2==0.18.1 +httplib2==0.19.0 # homeassistant.components.huawei_lte huawei-lte-api==1.4.17 diff --git a/script/gen_requirements_all.py b/script/gen_requirements_all.py index 52820bfa572..7dd4924dac8 100755 --- a/script/gen_requirements_all.py +++ b/script/gen_requirements_all.py @@ -71,8 +71,9 @@ h11>=0.12.0 # https://github.com/encode/httpcore/issues/239 httpcore>=0.12.3 -# Constrain httplib2 to protect against CVE-2020-11078 -httplib2>=0.18.0 +# Constrain httplib2 to protect against GHSA-93xj-8mrv-444m +# https://github.com/advisories/GHSA-93xj-8mrv-444m +httplib2>=0.19.0 # gRPC 1.32+ currently causes issues on ARMv7, see: # https://github.com/home-assistant/core/issues/40148