Pin requests (new version is broken), and update urllib3 in requirements-dev

IBM / detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

Apache License 2.0

74 stars 46 forks source link

Pin requests (new version is broken), and update urllib3 in requirements-dev #127

Closed victoria-miltcheva closed 1 year ago

victoria-miltcheva commented 1 year ago

Since the requests v2.30.0 package appears to be broken, I've pinned requests to the previous version. I've also bumped the version of urllib3 used for local development to the version which comes with requests v2.29.0.

bigpick commented 1 year ago

CVE-2023-32681 is getting flagged as requests is stuck under the patched version (2.31.0) --

Since the requests v2.30.0 package appears to be broken

Is there more information somewhere related to this statement to be able to re-test if is still the case with the new 2.31.0?

edit: https://github.com/IBM/detect-secrets/pull/130