[Snyk] Security upgrade requests from 2.31.0 to 2.33.0#192
Conversation
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-15763443
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| ecdsa>=0.9 | ||
| mnemonic>=0.20 | ||
| requests>=2.4.0 | ||
| requests>=2.33.0 |
There was a problem hiding this comment.
New requests version breaks Python 3.6–3.9 support
Medium Severity
requests 2.33.0 requires Python 3.10+, but setup.py declares python_requires=">=3.6" and requirements.txt still includes markers for Python <3.7 (e.g., dataclasses). Users on Python 3.6–3.9 will encounter installation failures because no version of requests satisfies both >=2.33.0 and their Python version. The minimum requests constraint is now incompatible with the project's declared Python support range.


Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
python/requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Insecure Temporary File
Note
Low Risk
Low risk dependency-only change; potential compatibility impact is limited to runtime HTTP behavior from the
requestslibrary upgrade.Overview
Upgrades the Python dependency constraint for
requestsfrom>=2.4.0to>=2.33.0inpython/requirements.txtto address a reported security vulnerability.Written by Cursor Bugbot for commit 8516cc5. This will update automatically on new commits. Configure here.