Closed bdewilde closed 1 month ago
Hi @bdewilde, this tap still supports Python 3.7 and requests>2.31.0
no longer supports it, which is why this hasn't been updated yet. Long overdue, so can maybe take a look later this week. 👍
Related: #25
Sounds good, thanks @ReubenFrankel !
This should now be resolved by #29 and 012a2b23bb715732166062a986e4b312ffaf1e9a. Give it a go and let me know if you have any issues. @bdewilde
Hi! The version of
requests
pinned in your lockfile, v2.31.0, has a CVE against it that has since been patched:CVE-2024-35195
Would it be possible to bump this dependency to v2.32.0, to mitigate the CVE / placate the automated system complaining about the CVE? :) No worries if not, the severity is only "medium", and it doesn't look as if you're actually running afoul of the vulnerability.