Skip to content

VULN UPGRADE: patch: requests, toml [ci]#1764

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/ci/0-1770978460
Open

VULN UPGRADE: patch: requests, toml [ci]#1764
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/ci/0-1770978460

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: Security update — 2 packages upgraded (patch changes only)

Manifests changed:

  • ci (pip)

Updates

Package From To Type Vulnerabilities Fixed
requests 2.25.0 2.25.1 patch 7 MODERATE
toml 0.10.0 0.10.2 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.25.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.25.0 -
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.25.0 2.31.0
requests PYSEC-2023-74 MODERATE - 2.25.0 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
requests CVE-2023-32681 MODERATE Unintended leak of Proxy-Authorization header in requests 2.25.0 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.25.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.25.0 -
⚠️ Dependencies that have Reached EOL (2)
Dependency Unsafe Version EOL Date New Version Path
requests 2.25.0 - 2.25.1 ci/requirements.txt
toml 0.10.0 - 0.10.2 ci/requirements.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot requested a review from a team as a code owner February 13, 2026 10:27
@dd-prapprover
Copy link

dd-prapprover bot commented Feb 13, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-13T10:27:57Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: CI tests failed, please fix and re-trigger

blt
blt reviewed Feb 13, 2026
View reviewed changes
ci/requirements.txt
Comment on lines +1 to +2
toml>=0.10.2
requests>=2.25.1
Copy link
Collaborator

@blt blt Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh. Why does this project even have python.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blt blt blt left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-medium-severity adms-mode-all-updates adms-patch-update adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@blt