)]}'
{
  "commit": "63ead02abc13e6db8093cead2d89a9f715ff1447",
  "tree": "fa517020fc198a154fdc92e52aa80ac8ac24d4ce",
  "parents": [
    "1e560174afea6600dc43a02fcb1bbaca53e73533"
  ],
  "author": {
    "name": "David Pursehouse",
    "email": "dpursehouse@collab.net",
    "time": "Mon Nov 05 19:50:13 2018 +0900"
  },
  "committer": {
    "name": "David Pursehouse",
    "email": "dpursehouse@collab.net",
    "time": "Mon Nov 05 19:50:13 2018 +0900"
  },
  "message": "CVE-2018-18074: Upgrade requests to 2.19.1\n\nFixes CVE-2018-18074 [1]:\n\n  The Requests package through 2.19.1 before 2018-09-14 for Python\n  sends an HTTP Authorization header to an http URI upon receiving\n  a same-hostname https-to-http redirect, which makes it easier for\n  remote attackers to discover credentials by sniffing the network.\n\n[1] https://nvd.nist.gov/vuln/detail/CVE-2018-18074\n\nChange-Id: I064de6beb227e40ae4904e1bd23b297da9626f49\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b1dcc2c4d328417cdc12153dfd922c323c0dcb93",
      "old_mode": 33188,
      "old_path": "Pipfile.lock",
      "new_id": "26f5298aaaf90689e26461f3751c77123c801602",
      "new_mode": 33188,
      "new_path": "Pipfile.lock"
    }
  ]
}