Skip to content

VULN UPGRADE: minor upgrades — 4 packages (minor: 4) #74

Closed
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/2-1770978871
Closed

VULN UPGRADE: minor upgrades — 4 packages (minor: 4) #74
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/2-1770978871

Conversation

@campaigner-prod
Copy link
Copy Markdown

@campaigner-prod campaigner-prod Bot commented Feb 13, 2026

Summary: Security update — 4 packages upgraded (MINOR changes included)

Manifests changed:

  • . (pip)

Updates

Package From To Type Vulnerabilities Fixed
requests 2.31.0 2.32.5 minor 4 MODERATE
iso8601 2.0.0 2.1.0 minor -
six 1.16.0 1.17.0 minor -
tuf 2.0.0 2.1.0 minor 1 LOW

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (5)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 -
tuf GHSA-77hh-43cm-v8j6 LOW tuf's Metadata API: Targets.get_delegated_role() is missing input validation 2.0.0 3.1.1
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.31.0 - 2.32.5 requirements-test.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot closed this Mar 1, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/minorpatch/pip/2-1770978871 branch March 1, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants