VULN UPGRADE: minor: requests · patch: PyYAML [scripts]

[campaigner-prod]

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• scripts (pip)

Updates

Package	From	To	Type	Vulnerabilities Fixed
requests	2.31.0	2.32.5	minor	4 MODERATE
PyYAML	6.0	6.0.3	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
requests	GHSA-9wx4-h78v-vm56	MODERATE	Requests Session object does not verify requests after making first request with verify=False	2.31.0	2.32.0
requests	CVE-2024-35195	MODERATE	Requests Session object does not verify requests after making first request with verify=False	2.31.0	-
requests	GHSA-9hjg-9r4m-mvj7	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.31.0	2.32.4
requests	CVE-2024-47081	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.31.0	-

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
requests	2.31.0	-	2.32.5	scripts/requirements.txt

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System