Skip to content

fix(deps): vuln minor: requests, tuf #85

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/1-1781593153
Draft

fix(deps): vuln minor: requests, tuf #85
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/1-1781593153

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 16, 2026

Copy link
Copy Markdown

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • . (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
requests 2.31.0 2.34.2 minor Direct 6 MEDIUM
tuf 2.0.0 2.1.0 minor Direct 1 MEDIUM, 1 LOW

Security Details

ℹ️ Other Vulnerabilities (8)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.31.0 2.33.0
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.31.0 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 -
tuf GHSA-qp9x-wp8f-qgjj MODERATE tuf has platform-dependent delegation path matching 2.0.0 7.0.0
tuf GHSA-77hh-43cm-v8j6 LOW tuf's Metadata API: Targets.get_delegated_role() is missing input validation 2.0.0 3.1.1
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.31.0 - 2.34.2 requirements-test.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-prod-us1-4

datadog-prod-us1-4 Bot commented Jun 16, 2026
edited by datadog-prod-us1-6 Bot
Loading

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 29 Pipeline jobs failed

CI | tests / golangci (1.26, macos-latest)   View in Datadog   GitHub Actions

CI | tests / golangci (1.26, ubuntu-latest)   View in Datadog   GitHub Actions

CI | tests / run (macos-latest, 1.19)   View in Datadog   GitHub Actions

View all 29 failed jobs.

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 2c6895d | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants