Skip to content

chore: Bump org.apache.httpcomponents.httpclient from 4.5.12 to 4.5.13 #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 17, 2021
Merged

chore: Bump org.apache.httpcomponents.httpclient from 4.5.12 to 4.5.13 #131

merged 1 commit into from
May 17, 2021

Conversation

akunzai
Copy link
Contributor

@akunzai akunzai commented May 15, 2021
edited
Loading

Fixes #132

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the main branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

If you have questions, please file a support ticket, or create a GitHub Issue in this repository.

@akunzai
Bump org.apache.httpcomponents.httpclient from 4.5.12 to 4.5.13
0a865a4 
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

- https://snyk.io/vuln/SNYK-DEBIAN9-HTTPCOMPONENTSCLIENT-1016928
@thinkingserious thinkingserious added the status: code review request requesting a community code review or review from Twilio label May 15, 2021
@codecov
Copy link

codecov bot commented May 15, 2021

Codecov Report

Merging #131 (0a865a4) into main (369ff65) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##               main     #131   +/-   ##
=========================================
  Coverage     49.28%   49.28%           
  Complexity       38       38           
=========================================
  Files             5        5           
  Lines           211      211           
  Branches         16       16           
=========================================
  Hits            104      104           
  Misses          103      103           
  Partials          4        4

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 369ff65...0a865a4. Read the comment docs.

@thinkingserious
Copy link
Contributor

Note: We will need to bump the version here after the next release on 5/19/21.

@thinkingserious
Copy link
Contributor

Thank you @akunzai!

@thinkingserious thinkingserious merged commit d7160c4 into sendgrid:main May 17, 2021
@akunzai akunzai deleted the apache-httpclient-version branch May 17, 2021 23:57
@shwetha-manvinkurke shwetha-manvinkurke changed the title Bump org.apache.httpcomponents.httpclient from 4.5.12 to 4.5.13 chore: Bump org.apache.httpcomponents.httpclient from 4.5.12 to 4.5.13 May 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thinkingserious thinkingserious thinkingserious approved these changes

Assignees
No one assigned
Labels
status: code review request requesting a community code review or review from Twilio
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Apache HttpClient have known vulnerabilities
2 participants
@akunzai @thinkingserious