Skip to content

fix(deps): vuln minor: pyyaml, requests #3976

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/1-1778222423
Open

fix(deps): vuln minor: pyyaml, requests #3976
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/1-1778222423

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 8, 2026

Summary: Critical-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • . (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
pyyaml 5.3.1 5.4.1 minor Direct 3 CRITICAL
requests 2.20.1 2.33.1 minor Direct 9 MODERATE

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
pyyaml GHSA-8q59-q68h-6hv4 CRITICAL Improper Input Validation in PyYAML 5.3.1 5.4
pyyaml CVE-2020-14343 CRITICAL - 5.3.1 -
pyyaml PYSEC-2021-142 CRITICAL - 5.3.1 5.4
ℹ️ Other Vulnerabilities (9)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.20.1 2.31.0
requests PYSEC-2023-74 MODERATE - 2.20.1 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
requests CVE-2023-32681 MODERATE Unintended leak of Proxy-Authorization header in requests 2.20.1 -
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.20.1 2.33.0
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.20.1 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.20.1 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.20.1 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.20.1 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.20.1 -
⚠️ Dependencies that have Reached EOL (2)
Dependency Unsafe Version EOL Date New Version Path
pyyaml 5.3.1 - 5.4.1 requirements.txt
requests 2.20.1 - 2.33.1 requirements.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (Critical)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review May 8, 2026 12:58
@campaigner-prod campaigner-prod Bot requested a review from a team as a code owner May 8, 2026 12:58
@campaigner-prod campaigner-prod Bot requested a review from pgimalac May 8, 2026 12:58
@pgimalac pgimalac removed their request for review May 15, 2026 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-fixes-eol adms-medium-severity adms-minor-update adms-mode-all-vulns adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants