Warning to update urllib3 and its dependencies
See original GitHub issueIssue - Facing warning/error in clamav scan log. Need to know how exactly should resolve this.
Error:
_/var/runtime/botocore/utils.py:32: UserWarning: Your function includes an outdated version of urllib3
(version: ‘1.24.2’). This dependency version is no longer compatible with Botocore (ref. https://github.com/boto/botocore/blob/b00276641e31e14f79e996aef769d8b0509467fe/setup.cfg), and is affected by at least the following CVEs: CVE-2020-26137 (High), CVE-2021-33503 (Med).
Lambda has included a custom layer to preserve backwards compatibility, which is why this message is being logged. This compatibility layer is put in place as a temporary mitigation for functions that see this warning, and will be removed from Lambda. To remove the risk of these CVEs and to stop seeing this warning, please take one of the following actions:
- Update the version of
urllib3
included in your function’s deployment package. - Remove the packaged version of
urllib3
in order to make use of the more recent version included in the Lambda Runtime._
Tried by updating version of urllib by updating version to urllib3==1.26.5 in requirements file, however it throws below error.
_ERROR: After October 2020 you may experience errors when installing or updating packages. This is because pip will change the way that it resolves dependency conflicts.
We recommend you use --use-feature=2020-resolver to test your packages with the new resolver before it becomes the default.
requests 2.21.0 requires urllib3<1.25,>=1.21.1, but you’ll have urllib3 1.26.5 which is incompatible._
Please advise right way to fix this.
Issue Analytics
- State:
- Created a year ago
- Comments:5 (2 by maintainers)
Top GitHub Comments
Thanks you for responses.
I got over the error, so two things needs to updated in requirements.txt: requests==2.27 urllib3==1.26.5
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.