From 0b8a3e7a80210b75c3fd9dd96abbf9f7f1e2a9b6 Mon Sep 17 00:00:00 2001
From: lucyli-ca <107629053+lucyli-ca@users.noreply.github.com>
Date: Mon, 3 Jun 2024 17:14:56 -0400
Subject: [PATCH] Bump requests (pip) from 2.32.0 in
 llvm/utils/git/requirements.txt (#14022)

Bumps requests (pip) from 2.32.0 to resolve identified security
vulnerability in 3rd party dependency.

When making requests through a Requests Session, if the first request is
made with verify=False to disable cert verification, all subsequent
requests to the same origin will continue to ignore cert verification
regardless of changes to the value of verify. This behavior will
continue for the lifecycle of the connection in the connection pool.

Upgrading will resolve this issue.

Refer to https://github.com/psf/requests/pull/6655
---
 llvm/utils/git/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
index e354c91a4d5bd..de84e17104954 100644
--- a/llvm/utils/git/requirements.txt
+++ b/llvm/utils/git/requirements.txt
@@ -232,7 +232,7 @@ pynacl==1.5.0 \
     --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \
     --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543
     # via pygithub
-requests==2.31.0 \
+requests==2.32.0 \
     --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
     --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
     # via pygithub