public/roboluke-tasks
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 48 Activity

Update dependency requests to v2.31.0 #42

Merged
renovate[bot] merged 1 commits from renovate/requests-2.x into main 2023-05-22 19:52:13 +02:00
Conversation 1 Commits 1 Files Changed 1 +1 -1
renovate[bot] commented 2023-05-22 19:26:27 +02:00 (Migrated from github.com)
Copy Link

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
requests (source, changelog) ==2.30.0 -> ==2.31.0 age adoption passing confidence

Release Notes

psf/requests

v2.31.0

Compare Source

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
    forwarding of Proxy-Authorization headers to destination servers when
    following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests
    will construct a Proxy-Authorization header that is attached to the request to
    authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached
    the Proxy-Authorization header incorrectly, resulting in the value being
    sent through the tunneled connection to the destination server. Users who rely on
    defining their proxy credentials in the URL are strongly encouraged to upgrade
    to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
    credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through
    the user information portion of their proxy URL are not subject to this
    vulnerability.

    Full details can be read in our Github Security Advisory
    and CVE-2023-32681.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [requests](https://requests.readthedocs.io) ([source](https://togithub.com/psf/requests), [changelog](https://togithub.com/psf/requests/blob/master/HISTORY.md)) | `==2.30.0` -> `==2.31.0` | [![age](https://badges.renovateapi.com/packages/pypi/requests/2.31.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/requests/2.31.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/requests/2.31.0/compatibility-slim/2.30.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/requests/2.31.0/confidence-slim/2.30.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>psf/requests</summary> ### [`v2.31.0`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#&#8203;2310-2023-05-22) [Compare Source](https://togithub.com/psf/requests/compare/v2.30.0...v2.31.0) **Security** - Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of `Proxy-Authorization` headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a `Proxy-Authorization` header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the `Proxy-Authorization` header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are *strongly* encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our [Github Security Advisory](https://togithub.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q) and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/luketainton/roboluke-tasks). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS45OC4wIiwidXBkYXRlZEluVmVyIjoiMzUuOTguMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
luketainton (Migrated from github.com) reviewed 2023-05-22 19:26:27 +02:00
sonarqubecloud[bot] commented 2023-05-22 19:28:19 +02:00 (Migrated from github.com)
Copy Link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Kudos, SonarCloud Quality Gate passed!&nbsp; &nbsp; [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=luketainton_roboluke-tasks&pullRequest=42) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=luketainton_roboluke-tasks&pullRequest=42&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=42&metric=coverage&view=list) No Coverage information [![No Duplication information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/NoDuplicationInfo-16px.png 'No Duplication information')](https://sonarcloud.io/component_measures?id=luketainton_roboluke-tasks&pullRequest=42&metric=duplicated_lines_density&view=list) No Duplication information
Sign in to join this conversation.
Reviewers
No reviewers
luketainton
Labels
Clear labels   
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
security

   
wontfix

This will not be worked on

No Label
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/roboluke-tasks#42
No description provided.
Delete Branch "renovate/requests-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?