upgrade `requests` dependency?

Matatika / tap-google-sheets

tap-google-sheets, singer tap built with the Meltano SDK

GNU Affero General Public License v3.0

2 stars 9 forks source link

upgrade `requests` dependency? #28

Closed bdewilde closed 1 month ago

bdewilde commented 1 month ago

Hi! The version of requests pinned in your lockfile, v2.31.0, has a CVE against it that has since been patched:

CVE-2024-35195

Would it be possible to bump this dependency to v2.32.0, to mitigate the CVE / placate the automated system complaining about the CVE? :) No worries if not, the severity is only "medium", and it doesn't look as if you're actually running afoul of the vulnerability.

ReubenFrankel commented 1 month ago

Hi @bdewilde, this tap still supports Python 3.7 and requests>2.31.0 no longer supports it, which is why this hasn't been updated yet. Long overdue, so can maybe take a look later this week. 👍

Related: #25

bdewilde commented 1 month ago

Sounds good, thanks @ReubenFrankel !

ReubenFrankel commented 1 month ago

This should now be resolved by #29 and 012a2b23bb715732166062a986e4b312ffaf1e9a. Give it a go and let me know if you have any issues. @bdewilde