urllib3 vulnerability GHSA-34jh-p97f-mpxf #508
Labels
dependencies
Pull requests that update a dependency file
Comments
|
Hi @Cookiehook - thanks for the note! We had made this pin because of botocore as per the pr. If this has been fixed upstream, we can remove the restriction entirely. |
|
Hi @astuyve ,
I won't pretend to understand the details of the datadog-lambda-python package or your testing procedures, but this looks to me like you can un-pin and re-test and this should work. |
|
Hi @Cookiehook - this is now released in v6.98. Best! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A vulnerability has been found and patched in urllib3: GHSA-34jh-p97f-mpxf
Datadog-lambda has an explicit pin of version <2.1.0 urllib3: https://github.com/DataDog/datadog-lambda-python/blob/main/pyproject.toml#L34
This is preventing us from remediating the vulnerability in our applications, as poetry cannot resolve to install datadog-lambda-python and urllib3 2.2.2.
Could you please update your dependencies to allow the security patch in urllib3 2.2.2 to be included in the installation?
Specifications
The text was updated successfully, but these errors were encountered: