urllib3 requirements fix

[aogier]

fixes #829

thank you, regards

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aogier
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: lavalamp

If they are not already assigned, you can assign the PR to them by writing /assign @lavalamp in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[micw523]

Actually this should fix it for now. Also urllib3 version <1.24.3 is affected by CVE-2019-11324.

[micw523]

Suggested change

	urllib3>=1.23,<1.25 # MIT
	urllib3==1.24.3 # MIT

[aogier]

lgtm. I'll go that way in ~14 hours (office time). Thanks!

[micw523]

Also, your CLA seems to be problematic since your commit shows "a authored and b committed" the change. If you don't fix the CLA or apply the changes quick I may open a PR myself since the exploit is rated "High".

[aogier]

Also, your CLA seems to be problematic since your commit shows "a authored and b committed" the change.

yes, that's because I repushed my commit under an already signed account for CLA, if this is not acceptable I'll then wait for eidosmedia to approve contributions and then I'll resign under proper mail

[micw523]

1. If you're part of the organization then the organization also needs to sign the CLA.
2. When you authored the commit, your git profile should contain your GitHub email address in it.
   I'm not an expert in dealing with Git though so I could not provide further help on this...

[micw523]

https://help.github.com/en/articles/why-are-my-commits-linked-to-the-wrong-user
This may help but I'm not sure.

[k8s-ci-robot]

@aogier: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[micw523]

/check-cla

[roycaihw]

Closing in favor of #897

/close

[k8s-ci-robot]

@roycaihw: Closed this PR.

In response to this:

Closing in favor of #897

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.