Includes fixes for: * Windows builds updated to bzip2 1.0.8 to mitigate CVE-2016-3189 and CVE-2019-12900 * CVE-2022-26488: Escalation of privilege via Windows Installer Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This contains a fix for CVE-2020-8492 (Denial of service in urllib.request.AbstractBasicAuthHandler)[1]. This also updates the setuptools and pip packages to 47.1.0 and 20.1.1, respectively. [1]: https://docs.python.org/release/3.7.8/whatsnew/changelog.html#python-3-7-8-release-candidate-1 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This addresses one of the issues raised in #11912. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit 11bc05763d)
11bc05763d