Updated constraints due security reasons (triggered on 2026-07-13T14:34:29+00:00 by 56ca24ff3b40f15b82d28d1268e3c794df9ed4ea)#30
Open
github-actions[bot] wants to merge 1 commit into
Conversation
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
from
May 25, 2026 13:15
48e4610 to
5c119d0
Compare
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
2 times, most recently
from
June 8, 2026 13:34
20e1082 to
82f8882
Compare
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
from
June 15, 2026 14:13
82f8882 to
5a6bbff
Compare
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
from
June 22, 2026 13:57
5a6bbff to
22741df
Compare
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
from
June 29, 2026 13:35
22741df to
91cc767
Compare
github-actions
Bot
force-pushed
the
create-pull-request/patch-audit-constraints
branch
from
July 13, 2026 14:34
91cc767 to
d255d85
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixed dependency issues for Python 3.10
Fixed dependency issues for Python 3.11
Fixed dependency issues for Python 3.12
Fixed dependency issues for Python 3.13
Fixed dependency issues for Python 3.14
Dependency issues not solved for Python 3.9
requests.utils.extract_zipped_paths()utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that callextract_zipped_paths()directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can setTMPDIRin their environment to a directory with restricted write access.