[PATCH 2/4] drm/ci: Upgrade requests requirement to 2.32.0
WangYuli
wangyuli at uniontech.com
Wed Sep 18 13:06:41 UTC 2024
GitHub Dependabot has issued the following alert:
"build(deps): bump requests from 2.31.0 to 2.32.2 in
/drivers/gpu/drm/ci/xfails.
When making requests through a Requests Session, if the first
request is made with verify=False to disable cert verification,
all subsequent requests to the same origin will continue to ignore
cert verification regardless of changes to the value of verify.
This behavior will continue for the lifecycle of the connection in
the connection pool.
Severity: 5.6 / 10 (Moderate)
Attack vector: Local
Attack complexity: High
Privileges required: High
User interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: None
CVE ID: CVE-2024-35195"
To avoid disturbing everyone with the kernel repo hosted on GitHub,
I suggest we upgrade our python dependencies once again to appease
GitHub Dependabot.
Link: https://github.com/dependabot
Link: https://github.com/psf/requests/pull/6655
Signed-off-by: WangYuli <wangyuli at uniontech.com>
---
drivers/gpu/drm/ci/xfails/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ci/xfails/requirements.txt b/drivers/gpu/drm/ci/xfails/requirements.txt
index 2fae1299e07b..f69b58356a37 100644
--- a/drivers/gpu/drm/ci/xfails/requirements.txt
+++ b/drivers/gpu/drm/ci/xfails/requirements.txt
@@ -7,7 +7,7 @@ charset-normalizer==3.2.0
idna==3.4
pip==23.3
python-gitlab==3.15.0
-requests==2.31.0
+requests==2.32.0
requests-toolbelt==1.0.0
ruamel.yaml==0.17.32
ruamel.yaml.clib==0.2.7
--
2.45.2
More information about the dri-devel
mailing list