Skip to content

Commit 38b8bae

Browse files
committed
security: add explicit urllib3>=2.6.3 to fix 6 high severity CVEs
- Add urllib3>=2.6.3 constraint to dependencies - Fixes 6 high severity vulnerabilities in urllib3 (transitive dependency) - Addresses GitHub security alerts for decompression vulnerabilities - Forces upgrade from vulnerable 2.6.2 to secure 2.6.3+
1 parent 5a9262c commit 38b8bae

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ dependencies = [
4848
"sqlalchemy>=2.0.0",
4949
"dynaconf>=3.2.0",
5050
"structlog>=23.1.0",
51+
"urllib3>=2.6.3", # Security: Fix CVE vulnerabilities
5152
"opentelemetry-api>=1.20.0",
5253
"opentelemetry-sdk>=1.20.0",
5354
"psutil>=5.9.0",

0 commit comments

Comments
 (0)