[Snyk] Security upgrade urllib3 from 2.0.7 to 2.6.0#8
[Snyk] Security upgrade urllib3 from 2.0.7 to 2.6.0#8chrispetrou wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192442 - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-14192443
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on January 15
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| fake_useragent | ||
| requests[security] No newline at end of file | ||
| requests[security] | ||
| urllib3>=2.6.0 # not directly required, pinned by Snyk to avoid a vulnerability No newline at end of file |
There was a problem hiding this comment.
Bug: urllib3 2.6.0 incompatible with Python 2 codebase
The pinned urllib3>=2.6.0 dependency is incompatible with this codebase. The application in wp/utils.py uses Python 2 syntax (reload(sys), from urlparse import, except ImportError, error:, print statements without parentheses). urllib3 2.x dropped Python 2 support entirely and requires Python 3.7+. Installing this version will break the application as the dependency cannot be imported in a Python 2 environment.
2 participants
Snyk has created this PR to fix 2 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
requirements.txtImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
Note
Pins urllib3 to >=2.6.0 in requirements and retains requests[security].
urllib3>=2.6.0inrequirements.txtto address a vulnerability.requests[security]explicitly listed.Written by Cursor Bugbot for commit b8a9967. This will update automatically on new commits. Configure here.