Closed 3sztof closed 1 month ago
Dependabot PR: https://github.com/awslabs/seed-farmer/pull/591
Opening this as a bug, as it has a huge impact on our environments, all of the deployments are failing due to pip-audit issues.
This is addressed in 3.5.1 and on main
Describe the bug Seedfarmer has a locked dependency on requests module version (currently requires 2.31.0). This version of requests contains a vulnerability that is picked up by pip-audit (https://www.cvedetails.com/cve/CVE-2024-35195/).
Expected behavior Requests version should be patched to the newest one ASAP to prevent blocking deployments that rely on Seedfarmer.