Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency requests to v2.31.0 #95

Merged
merged 1 commit into from
May 22, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 22, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) 2.30.0 -> 2.31.0 age adoption passing confidence

Release Notes

psf/requests

v2.31.0

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
    forwarding of Proxy-Authorization headers to destination servers when
    following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests
    will construct a Proxy-Authorization header that is attached to the request to
    authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached
    the Proxy-Authorization header incorrectly, resulting in the value being
    sent through the tunneled connection to the destination server. Users who rely on
    defining their proxy credentials in the URL are strongly encouraged to upgrade
    to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
    credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through
    the user information portion of their proxy URL are not subject to this
    vulnerability.

    Full details can be read in our Github Security Advisory
    and CVE-2023-32681.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "every weekend" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the deps label May 22, 2023
@codecov-commenter
Copy link

Codecov Report

Merging #95 (68e2b84) into main (ea68894) will not change coverage.
The diff coverage is n/a.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@           Coverage Diff           @@
##             main      #95   +/-   ##
=======================================
  Coverage   49.00%   49.00%           
=======================================
  Files           5        5           
  Lines         251      251           
=======================================
  Hits          123      123           
  Misses        128      128           

@DeadNews DeadNews merged commit 3b302dc into main May 22, 2023
@renovate renovate bot deleted the renovate/requests-2.x-lockfile branch May 22, 2023 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants