You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our dependabot is leveraging a issue with the requests library and it recommends to update it to version 2.32.0. However, this project only allows to update that library to version 2.31.0.
When trying to install the patched version, we get the following error:
Because your-project depends on pyvespa (0.49.0) which depends on requests (2.31)
The text was updated successfully, but these errors were encountered:
danitico
changed the title
Security issue with requests python library
[ CVE-2024-35195] Security issue with requests python library
Oct 16, 2024
danitico
changed the title
[ CVE-2024-35195] Security issue with requests python library
[CVE-2024-35195] Security issue with requests python library
Oct 16, 2024
Good afternoon Vespa team,
Our dependabot is leveraging a issue with the requests library and it recommends to update it to version 2.32.0. However, this project only allows to update that library to version 2.31.0.
When trying to install the patched version, we get the following error:
Any ETA to update that library? The CVE id is CVE-2024-35195 and is commented here psf/requests#6655
Regards,
Daniel Ranchal
The text was updated successfully, but these errors were encountered: