Message ID | 20240521223253.1858188-1-trini@konsulko.com |
---|---|
State | Rejected |
Delegated to: | Tom Rini |
Headers | show |
Series | doc/sphinx, test/py: Update requests module to 2.32.0 | expand |
On Tue, May 21, 2024 at 04:32:53PM -0600, Tom Rini wrote: > The issue described in https://github.com/psf/requests/pull/6655 has > been assigned as a security issue. While unlikely to be exploited in our > usage, update to the current release to fix it. > > Reported-by: GitHub dependabot > Signed-off-by: Tom Rini <trini@konsulko.com> I'm NAK'ing this version of the patch as upstream has now "yanked" 2.23.0 and 2.23.1, and 2.23.2 was released on May 21st and 2.23.3 today. I'll revisit this issue later once things seem to have settled down.
diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt index 426f41e1a028..7d1e8a02018b 100644 --- a/doc/sphinx/requirements.txt +++ b/doc/sphinx/requirements.txt @@ -9,7 +9,7 @@ Jinja2==3.1.4 MarkupSafe==2.1.3 packaging==23.2 Pygments==2.17.2 -requests==2.31.0 +requests==2.32.0 six==1.16.0 snowballstemmer==2.2.0 Sphinx==7.2.6 diff --git a/test/py/requirements.txt b/test/py/requirements.txt index 0f67c3c61949..20b6504454c4 100644 --- a/test/py/requirements.txt +++ b/test/py/requirements.txt @@ -20,7 +20,7 @@ pytest==6.2.5 pytest-xdist==2.5.0 python-mimeparse==1.6.0 python-subunit==1.3.0 -requests==2.31.0 +requests==2.32.0 setuptools==65.5.1 six==1.16.0 testtools==2.3.0
The issue described in https://github.com/psf/requests/pull/6655 has been assigned as a security issue. While unlikely to be exploited in our usage, update to the current release to fix it. Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com> --- Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> --- doc/sphinx/requirements.txt | 2 +- test/py/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)