Bump requests (pip) from 2.32.0 in llvm/utils/git/requirements.txt (#…

…14022) Bumps requests (pip) from 2.32.0 to resolve identified security vulnerability in 3rd party dependency. When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. Upgrading will resolve this issue. Refer to psf/requests#6655
intel · Jun 3, 2024 · 0b8a3e7 · 0b8a3e7
1 parent 631064e
commit 0b8a3e7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
@@ -232,7 +232,7 @@ pynacl==1.5.0 \
     --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \
     --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543
     # via pygithub
-requests==2.31.0 \
+requests==2.32.0 \
     --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
     --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
     # via pygithub