Splat Dependency Updates #3

amine-malloul-gira · 2025-06-10T06:15:37Z

Automated pull request generated by Splat.

Updates Summary:

fix: Security: Update requests from 2.32.3 to 2.32.4 in /poetry.lock

This update addresses the following vulnerabilities:

Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs). ### References Only use hostname to do netrc lookup instead of netloc psf/requests#6965 https://seclists.org/fulldisclosure/2025/Jun/2
- Aliases: CVE-2024-47081
- Recommendation: 2.32.4

This update addresses the following vulnerabilities: - ### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References psf/requests#6965 https://seclists.org/fulldisclosure/2025/Jun/2 - Aliases: CVE-2024-47081 - Recommendation: 2.32.4

florian-bluemel self-requested a review July 30, 2025 14:09

florian-bluemel approved these changes Jul 30, 2025

View reviewed changes

florian-bluemel merged commit 122cf52 into main Jul 30, 2025
8 checks passed

amine-malloul-gira deleted the splat branch August 8, 2025 14:05

Provide feedback