Skip to content

Bumps Requests from 2.28.2 to 2.31.0#57

Merged
esezen merged 1 commit into
masterfrom
dependabot-bump-requests-to-2.31.0
May 30, 2023
Merged

Bumps Requests from 2.28.2 to 2.31.0#57
esezen merged 1 commit into
masterfrom
dependabot-bump-requests-to-2.31.0

Conversation

@Mudaafi
Copy link
Copy Markdown
Contributor

@Mudaafi Mudaafi commented May 26, 2023
edited
Loading

See PR #56 by Dependabot.

Bumping requests to 2.31.0 resolves a moderate severity vulnerability as seen in this Dependabot Alert.

However, requests version 2.30.0 pins urllib3 to version >2.0 which requires upgrading of local OpenSSL versions. This may be difficult for certain consumers, so we also pin urllib3 to version <2.0.

@Mudaafi Mudaafi requested review from a team and esezen May 26, 2023 17:54
esezen
esezen approved these changes May 30, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@esezen esezen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@esezen esezen merged commit 8ea02f6 into master May 30, 2023
@esezen esezen deleted the dependabot-bump-requests-to-2.31.0 branch May 30, 2023 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esezen esezen esezen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mudaafi @esezen