You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is nothing the maintainers of this library need to do so downstream projects and applications can use a newer version; requirements.txt is only used for tests.
Yes, as mentioned above, you should be able to use newer, compatible versions of urllib3, the setup.py defines a minimum version.
Regardless, the version in requirements.txt (which is used for tests/development) has been bumped thanks to dependabot in #3183, so hopefully that will eliminate any noise from security scanners.
Problem
urllib3
vulnerability .Trivy complains about the following version 1.26.11 due to GHSA-v845-jxx5-vc9f. Note the link below currently yields a404
😒 .Cookie
HTTP header isn't stripped on cross-origin redirects https://avd.aquasec.com/nvd/cve-2023-43804Anything Else?
It looks like this is being addressed in #3180 Is this close to being in a merge-able state?
The text was updated successfully, but these errors were encountered: