[Snyk] Security upgrade urllib3 from 2.0.7 to 2.6.0#30
[Snyk] Security upgrade urllib3 from 2.0.7 to 2.6.0#30brainer3220 wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| certifi>=2023.7.22 # not directly required, pinned by Snyk to avoid a vulnerability | ||
| werkzeug>=2.2.3 # not directly required, pinned by Snyk to avoid a vulnerability | ||
| python-dotenv | ||
| urllib3>=2.6.0 # not directly required, pinned by Snyk to avoid a vulnerability |
There was a problem hiding this comment.
Pinning urllib3>=2.6.0 while the same requirements file still declares boto3 causes pip to fail dependency resolution: botocore (a boto3 dependency) currently caps urllib3 at <1.27, so no version satisfies both constraints and pip install -r requirements.txt will error. Unless boto3 is dropped or upgraded to a release that supports urllib3 2.x, the new pin blocks installs.
Useful? React with 👍 / 👎.
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling