fix(deps): vuln minor: msgpack · patch: flask, requests

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 3 packages upgraded (MINOR changes included)

Manifests changed:

• . (pip)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
requests	2.32.2	2.32.5	patch	Direct	4 MODERATE
msgpack	1.0.8	1.1.2	minor	Direct	-
flask	3.0.2	3.0.3	patch	Direct	2 LOW

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (6)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
requests	GHSA-gc5v-m9x4-r6x2	MODERATE	Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function	2.32.2	2.33.0
requests	CVE-2026-25645	MODERATE	Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function	2.32.2	-
requests	GHSA-9hjg-9r4m-mvj7	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.32.2	2.32.4
requests	CVE-2024-47081	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.32.2	-
flask	GHSA-68rp-wp8r-4726	LOW	Flask session does not add Vary: Cookie header when accessed in some ways	3.0.2	3.1.3
flask	CVE-2026-27205	LOW	Flask session does not add Vary: Cookie header when accessed in some ways	3.0.2	-

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
requests	2.32.2	-	2.32.5	requirements.txt

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[datadog-official]

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 51.08% (+0.00%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 850f866 | Docs | Datadog PR Page | Give us feedback!}

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-04-24T14:31:26Z
• ✅ CI tests passed - 2026-04-24T14:31:29Z
• ✅ Approved (commit: 850f866) - 2026-04-24T14:31:32Z
• ✅ Merge Started
• ✅ Merged - 2026-04-24T14:31:41Z

➡️ Current phase: PR merged successfully! ✅

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.