Skip to content

VULN UPGRADE: patch: requests, toml [ci]#1764

Closed
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/ci/0-1770978460
Closed

VULN UPGRADE: patch: requests, toml [ci]#1764
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/ci/0-1770978460

Conversation

@campaigner-prod

@campaigner-prod campaigner-prod Bot commented Feb 13, 2026

Copy link
Copy Markdown

Summary: Security update — 2 packages upgraded (patch changes only)

Manifests changed:

  • ci (pip)

Updates

Package From To Type Vulnerabilities Fixed
requests 2.25.0 2.25.1 patch 7 MODERATE
toml 0.10.0 0.10.2 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.25.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.25.0 -
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.25.0 2.31.0
requests PYSEC-2023-74 MODERATE - 2.25.0 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
requests CVE-2023-32681 MODERATE Unintended leak of Proxy-Authorization header in requests 2.25.0 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.25.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.25.0 -
⚠️ Dependencies that have Reached EOL (2)
Dependency Unsafe Version EOL Date New Version Path
requests 2.25.0 - 2.25.1 ci/requirements.txt
toml 0.10.0 - 0.10.2 ci/requirements.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot requested a review from a team as a code owner February 13, 2026 10:27
blt
blt reviewed Feb 13, 2026
View reviewed changes
Comment thread ci/requirements.txt
Comment on lines +1 to +2
toml>=0.10.2
requests>=2.25.1

@blt blt Feb 13, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh. Why does this project even have python.

@campaigner-prod campaigner-prod Bot closed this Mar 1, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/minorpatch/pip/ci/0-1770978460 branch March 1, 2026 14:34
@DataDog DataDog deleted a comment from dd-prapprover Bot Mar 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blt blt blt left review comments

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-medium-severity adms-mode-all-updates adms-patch-update adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@blt