Description
27 open Dependabot security alerts across 4 packages with pinned outdated versions in multiple requirements.txt files.
Vulnerable Packages
| Package |
Current |
Fixed |
Severity |
Alerts |
| h11 |
0.14.0 |
0.16.0 |
Critical |
Malformed Chunked-Encoding body acceptance |
| urllib3 |
2.3.0–2.4.0 |
2.6.3 |
High |
Decompression bombs, unbounded decompression chain, redirect issues |
| requests |
2.32.3 |
2.33.1 |
Medium |
Insecure temp file reuse, .netrc credential leak |
| Pygments |
2.19.1 |
2.20.0 |
Low |
ReDoS via GUID matching regex |
Affected Files
requirements.txt (root)etl_flow/requirements.txthealth_check_flow/requirements.txtserver_flow/requirements.txt
Fix
Update all pinned versions to latest patched releases across all requirements files.
Priority
Critical (h11 vuln allows malformed HTTP request processing)
Description
27 open Dependabot security alerts across 4 packages with pinned outdated versions in multiple
requirements.txtfiles.Vulnerable Packages
Affected Files
requirements.txt(root)etl_flow/requirements.txthealth_check_flow/requirements.txtserver_flow/requirements.txtFix
Update all pinned versions to latest patched releases across all requirements files.
Priority
Critical (h11 vuln allows malformed HTTP request processing)