Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Yanked requests Version 2.32.0 Causing Security Warning #56

Open
tlogandesigns opened this issue Feb 2, 2025 · 0 comments
Open

[Bug] Yanked requests Version 2.32.0 Causing Security Warning #56

tlogandesigns opened this issue Feb 2, 2025 · 0 comments

Comments

@tlogandesigns
Copy link

Description

We’ve encountered a security warning related to requests==2.32.0, which has been yanked from PyPI due to conflicts with CVE-2024-35195 mitigation. When installing dependencies, Poetry/pip warns that this version is no longer recommended for use.

Current Behavior

  • During poetry install, the following warning appears:

Warning: The file chosen for install of requests 2.32.0 (requests-2.32.0-py3-none-any.whl) is yanked. Reason for being yanked: Yanked due to conflicts with CVE-2024-35195 mitigation

  • This implies there could be a potential security risk or instability with requests==2.32.0.

Expected Behavior

  • The project should use a non-yanked version of requests that addresses the security concerns and removes the installation warning.

Proposed Resolution

Update requests from 2.32.0 to 2.32.3.

  • requests==2.32.3 is available on PyPI and addresses the known security issues related to version 2.32.0.
  • By updating the pinned version and regenerating the lock file, the warning will be eliminated and any associated security risks will be mitigated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tlogandesigns