)]}'
{
  "commit": "7225112c7fca7b4fc496d1055c5359da4d323c71",
  "tree": "91c47498972f11243c841c21be203a313a085581",
  "parents": [
    "6f26307a7a41016ada29f36cd9750242cf907b2a"
  ],
  "author": {
    "name": "Matthias Sohn",
    "email": "matthias.sohn@sap.com",
    "time": "Thu Jan 08 09:52:51 2026 +0100"
  },
  "committer": {
    "name": "Matthias Sohn",
    "email": "matthias.sohn@sap.com",
    "time": "Thu Jan 08 09:56:46 2026 +0100"
  },
  "message": "Update python dependencies of download_release.py\n\nThis mitigates CVE-2026-21441 in urllib3 by updating it to 2.6.3 which\nfixes this vulnerability.\n\n\"CVE-2026-21441: urllib3 vulnerable to decompression-bomb safeguard\nbypass when following HTTP redirects (streaming API)\".\nSee https://secalerts.co/vulnerability/CVE-2026-21441\n\nChange-Id: Ic035e0d721407377133e54831282406ca584e94a\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "40358c905f3a45940d79bbb4262f2bf751a0c304",
      "old_mode": 33188,
      "old_path": "tools/maven-central/Pipfile.lock",
      "new_id": "e56639897962314713de1c27a7aa0c6bae8b7b03",
      "new_mode": 33188,
      "new_path": "tools/maven-central/Pipfile.lock"
    }
  ]
}