fix(deps): update dependency requests to v2.31.0 #95
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## main #95 +/- ##
=======================================
Coverage 49.00% 49.00%
=======================================
Files 5 5
Lines 251 251
=======================================
Hits 123 123
Misses 128 128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.30.0->2.31.0Release Notes
psf/requests
v2.31.0Security
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of
Proxy-Authorizationheaders to destination servers whenfollowing HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a
Proxy-Authorizationheader that is attached to the request toauthenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the
Proxy-Authorizationheader incorrectly, resulting in the value beingsent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "every weekend" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.