Update urllib3 to avoid security vulnerability by gnossen · Pull Request #17476 · grpc/grpc

gnossen · 2018-12-12T17:42:07Z

This PR updates urllib3 to avoid CVE-2018-20060. This update process will be automatic after #17177 is resolved.

grpc-testing · 2018-12-12T17:46:59Z

****************************************************************

libgrpc.so

     VM SIZE        FILE SIZE
 ++++++++++++++  ++++++++++++++

  [ = ]       0        0  [ = ]


****************************************************************

libgrpc++.so

     VM SIZE        FILE SIZE
 ++++++++++++++  ++++++++++++++

  [ = ]       0        0  [ = ]

grpc-testing · 2018-12-12T17:54:19Z

[trickle] No significant performance differences

grpc-testing · 2018-12-12T18:00:43Z

****************************************************************

libgrpc.so

     VM SIZE        FILE SIZE
 ++++++++++++++  ++++++++++++++

  [ = ]       0        0  [ = ]


****************************************************************

libgrpc++.so

     VM SIZE        FILE SIZE
 ++++++++++++++  ++++++++++++++

  [ = ]       0        0  [ = ]

grpc-testing · 2018-12-12T18:08:47Z

[trickle] No significant performance differences

grpc-testing · 2018-12-12T18:31:18Z

Objective-C binary sizes
*****************STATIC******************
  New size                      Old size
 2,020,870      Total (=)      2,020,870

 No significant differences in binary sizes

***************FRAMEWORKS****************
  New size                      Old size
11,177,126      Total (>)     11,177,125

 No significant differences in binary sizes

grpc-testing · 2018-12-12T18:39:56Z

Corrupt JSON data (indicates timeout or crash): 
    bm_call_create.BM_IsolatedFilter_ClientChannelFilter_NoOp_.counters.new: 10
    bm_call_create.BM_IsolatedFilter_ClientChannelFilter_NoOp_.counters.old: 10


[microbenchmarks] No significant performance differences

gnossen · 2018-12-12T18:41:45Z

Infrastructure problem during setup for Interop Cloud-to-Cloud tests:

Entering 'packages/grpc-tools/deps/protobuf'
Submodule 'packages/grpc-tools/deps/protobuf' (https://github.com/protocolbuffers/protobuf) registered for path 'packages/grpc-tools/deps/protobuf'
Cloning into 'packages/grpc-tools/deps/protobuf'...
fatal: unable to access 'https://github.com/protocolbuffers/protobuf/';: gnutls_handshake() failed: Error in the pull function.
Clone of 'https://github.com/protocolbuffers/protobuf'; into submodule path 'packages/grpc-tools/deps/protobuf' failed

grpc-testing · 2018-12-12T18:44:12Z

Objective-C binary sizes
*****************STATIC******************
  New size                      Old size
 2,020,870      Total (=)      2,020,870

 No significant differences in binary sizes

***************FRAMEWORKS****************
  New size                      Old size
11,177,122      Total (>)     11,177,121

 No significant differences in binary sizes

gnossen · 2018-12-12T18:48:27Z

Flake: #17463

grpc-testing · 2018-12-12T18:53:12Z

Corrupt JSON data (indicates timeout or crash): 
    bm_call_create.BM_IsolatedFilter_ClientChannelFilter_NoOp_.counters.new: 10
    bm_call_create.BM_IsolatedFilter_ClientChannelFilter_NoOp_.counters.old: 10


[microbenchmarks] No significant performance differences

gnossen added lang/Python area/security release notes: no Indicates if PR should not be in release notes labels Dec 12, 2018

gnossen assigned ericgribkoff and lidizheng Dec 12, 2018

gnossen requested review from ericgribkoff and lidizheng December 12, 2018 17:42

ericgribkoff approved these changes Dec 12, 2018

View reviewed changes

Update urllib3 to avoid security vulnerability

91e5f7c

gnossen force-pushed the update-urllib branch from 80f5be9 to 91e5f7c Compare December 12, 2018 17:55

lidizheng approved these changes Dec 12, 2018

View reviewed changes

gnossen mentioned this pull request Dec 12, 2018

Update urllib3 to avoid security vulnerability #17477

Merged

gnossen added release notes: yes Indicates if PR needs to be in release notes and removed release notes: no Indicates if PR should not be in release notes labels Dec 12, 2018

gnossen merged commit 551a037 into master Dec 12, 2018

gnossen deleted the update-urllib branch February 15, 2019 17:27

lock bot locked as resolved and limited conversation to collaborators May 16, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update urllib3 to avoid security vulnerability#17476

Update urllib3 to avoid security vulnerability#17476
gnossen merged 1 commit intomasterfrom
update-urllib

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

gnossen commented Dec 12, 2018

Uh oh!

grpc-testing commented Dec 12, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants