profitroll/YusarinBot
profitroll
/
YusarinBot
1
0
Fork 0
Code Issues Pull Requests Releases 14 Activity

Update dependency requests to v2.31.0 #5

Merged
profitroll merged 1 commits from renovate/requests-2.x into main 2023-05-22 19:39:04 +03:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
Renovate commented 2023-05-22 18:40:52 +03:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
requests (source, changelog) minor ==2.30.0 -> ==2.31.0

Release Notes

psf/requests

v2.31.0

Compare Source

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
    forwarding of Proxy-Authorization headers to destination servers when
    following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests
    will construct a Proxy-Authorization header that is attached to the request to
    authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached
    the Proxy-Authorization header incorrectly, resulting in the value being
    sent through the tunneled connection to the destination server. Users who rely on
    defining their proxy credentials in the URL are strongly encouraged to upgrade
    to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
    credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through
    the user information portion of their proxy URL are not subject to this
    vulnerability.

    Full details can be read in our Github Security Advisory
    and CVE-2023-32681.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [requests](https://requests.readthedocs.io) ([source](https://github.com/psf/requests), [changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | minor | `==2.30.0` -> `==2.31.0` | --- ### Release Notes <details> <summary>psf/requests</summary> ### [`v2.31.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#&#8203;2310-2023-05-22) [Compare Source](https://github.com/psf/requests/compare/v2.30.0...v2.31.0) **Security** - Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of `Proxy-Authorization` headers to destination servers when following HTTPS redirects. When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a `Proxy-Authorization` header that is attached to the request to authenticate with the proxy. In cases where Requests receives a redirect response, it previously reattached the `Proxy-Authorization` header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are *strongly* encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed. Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability. Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q) and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS41NC4wIiwidXBkYXRlZEluVmVyIjoiMzUuNTQuMCJ9-->
Renovate added 1 commit 2023-05-22 18:40:53 +03:00
profitroll merged commit a059fb0518 into main 2023-05-22 19:39:04 +03:00
profitroll deleted branch renovate/requests-2.x 2023-05-22 19:39:04 +03:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No Label
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: profitroll/YusarinBot#5
No description provided.
Delete Branch "renovate/requests-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?