Skip to content

VULN UPGRADE: minor: msgpack · patch: flask, requests #42

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/0-1772743790
Open

VULN UPGRADE: minor: msgpack · patch: flask, requests #42
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/0-1772743790

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Mar 5, 2026

Summary: Security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

  • . (pip)

Updates

Package From To Type Vulnerabilities Fixed
requests 2.32.2 2.32.5 patch 2 MODERATE
msgpack 1.0.8 1.1.2 minor -
flask 3.0.2 3.0.3 patch 2 LOW

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (4)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.2 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.2 -
flask GHSA-68rp-wp8r-4726 LOW Flask session does not add Vary: Cookie header when accessed in some ways 3.0.2 3.1.3
flask CVE-2026-27205 LOW Flask session does not add Vary: Cookie header when accessed in some ways 3.0.2 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.32.2 - 2.32.5 requirements.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@codecov-commenter
Copy link

codecov-commenter commented Mar 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.12%. Comparing base (43b48ff) to head (f164e4e).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #42   +/-   ##
=======================================
  Coverage   63.12%   63.12%           
=======================================
  Files           7        7           
  Lines         377      377           
  Branches       49       49           
=======================================
  Hits          238      238           
  Misses        101      101           
  Partials       38       38

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@campaigner-prod campaigner-prod bot marked this pull request as ready for review March 7, 2026 12:53
@campaigner-prod campaigner-prod bot requested a review from a team as a code owner March 7, 2026 12:53
@campaigner-prod campaigner-prod bot requested review from Anilm3 and removed request for a team March 7, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Anilm3 Anilm3 Awaiting requested review from Anilm3 Anilm3 is a code owner automatically assigned from DataDog/dd-trace-cpp

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-updates adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter