Skip to content

fix(deps): vuln minor: pydantic, pytest, requests [cybersixgill_actionable_alerts]#3047

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/cybersixgill_actionable_alerts/2-1783348147
Draft

fix(deps): vuln minor: pydantic, pytest, requests [cybersixgill_actionable_alerts]#3047
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/cybersixgill_actionable_alerts/2-1783348147

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown

Summary: Security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • cybersixgill_actionable_alerts (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
requests 2.28.1 2.34.2 minor Direct 9 MEDIUM
pydantic 1.9.2 1.10.26 minor Direct 2 MEDIUM
pytest 7.1.3 7.4.4 minor Direct 2 MEDIUM

Security Details

ℹ️ Other Vulnerabilities (13)
Package CVE Severity Summary Unsafe Version Fixed In Case
pydantic GHSA-mr82-8j83-vxmv MODERATE Pydantic regular expression denial of service 1.9.2 2.4.0 -
pydantic CVE-2024-3772 MODERATE - 1.9.2 - -
pytest GHSA-6w46-j5rx-g56g MODERATE pytest has vulnerable tmpdir handling 7.1.3 9.0.3 -
pytest CVE-2025-71176 MODERATE - 7.1.3 - -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.28.1 2.32.4 -
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.28.1 - -
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.28.1 2.31.0 -
requests CVE-2023-32681 MODERATE Unintended leak of Proxy-Authorization header in requests 2.28.1 - -
requests PYSEC-2023-74 MODERATE - 2.28.1 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 -
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.28.1 2.33.0 -
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.28.1 - -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.28.1 2.32.0 -
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.28.1 - -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.28.1 - 2.34.2 cybersixgill_actionable_alerts/requirements.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants