Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2024-35195] Security issue with requests python library #954

Closed
danitico opened this issue Oct 16, 2024 · 3 comments
Closed

[CVE-2024-35195] Security issue with requests python library #954

danitico opened this issue Oct 16, 2024 · 3 comments
Assignees
Milestone

Comments

@danitico
Copy link

Good afternoon Vespa team,

Our dependabot is leveraging a issue with the requests library and it recommends to update it to version 2.32.0. However, this project only allows to update that library to version 2.31.0.

When trying to install the patched version, we get the following error:

Because your-project depends on pyvespa (0.49.0) which depends on requests (2.31)

Any ETA to update that library? The CVE id is CVE-2024-35195 and is commented here psf/requests#6655

Regards,

Daniel Ranchal

@danitico danitico changed the title Security issue with requests python library [ CVE-2024-35195] Security issue with requests python library Oct 16, 2024
@danitico danitico changed the title [ CVE-2024-35195] Security issue with requests python library [CVE-2024-35195] Security issue with requests python library Oct 16, 2024
@thomasht86
Copy link
Collaborator

Hi!
We had some issues on updating earlier, but we have now done so, see #947
This will be part of the next release, so ETA a day or two.

@thomasht86 thomasht86 self-assigned this Oct 16, 2024
@danitico
Copy link
Author

Thanks @thomasht86 ! Will wait for the update!

@kkraune kkraune added this to the soon milestone Oct 16, 2024
@thomasht86
Copy link
Collaborator

Just released v0.50.0 with requests version unpinned.
Should be live on pypi any minute.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants