The request dependency has had a CVE in it for awhile now, but the fixed version does not support http+unix protocol that is used in this project, so we cannot update.
This issue we would need to:
- See what it takes to update to new libraries/protocols
- Update
requests library
- Address any testing gaps
More info in this comment and related slack thread.
The
requestdependency has had a CVE in it for awhile now, but the fixed version does not supporthttp+unixprotocol that is used in this project, so we cannot update.This issue we would need to:
requestslibraryMore info in this comment and related slack thread.