Bump requests (pip) from 2.32.0 in llvm/utils/git/requirements.txt (intel#14022)

lucyli-ca · web-flow · commit 0b8a3e7a8021 · 2024-06-03T21:14:56.000Z
Bumps requests (pip) from 2.32.0 to resolve identified security vulnerability in 3rd party dependency. When making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. Upgrading will resolve this issue. Refer to psf/requests#6655
diff --git a/llvm/utils/git/requirements.txt b/llvm/utils/git/requirements.txt
@@ -232,7 +232,7 @@ pynacl==1.5.0 \
     --hash=sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b \
     --hash=sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543
     # via pygithub
-requests==2.31.0 \
+requests==2.32.0 \
     --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
     --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
     # via pygithub
