Skip to content

Commit 1c9183d

Browse files
devin-ai-integration[bot]arbiv
devin-ai-integration[bot]
and
arbiv
committed
Fix CVE-2023-45803 and CVE-2024-37891 by updating urllib3 constraint
- Update urllib3 from pinned version 2.0.6 to >=2.2.2,<3.0.0 - CVE-2023-45803: Fixed in urllib3 2.0.7 and 1.26.18 - CVE-2024-37891: Fixed in urllib3 2.2.2 and 1.26.19 - Add upper bound <3.0.0 to prevent breaking changes from future major versions - Tested with Python 3.9 - no dependency conflicts Co-Authored-By: Yosef Arbiv <[email protected]>
1 parent db1ea97 commit 1c9183d

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

integration_tests/requirements.txt

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,6 @@ pytest-xdist
33
pytest-parametrization
44
pytest-html
55
filelock
6-
urllib3==2.0.6
6+
# urllib3>=2.2.2 fixes CVE-2023-45803 and CVE-2024-37891
7+
# Upper bound <3.0.0 prevents breaking changes from future major versions
8+
urllib3>=2.2.2,<3.0.0

0 commit comments

Comments
 (0)