Upgrade idna to 3.7 for CVE-2024-3651
carlos-villavicencio-adsk opened this issue · comments
Carlos Villavicencio commented
Now that idna released 3.7, can you consider bump the requires to idna>=3.7,<4
?
Expected Result
Get rid of CVE-2024-3651
Actual Result
SAST analysis shows CVE-2024-3651
Reproduction Steps
n/a
System Information
n/a
Ian Stapleton Cordasco commented
Use a better SAST.
The requirement does not forbid you using 3.7. If you aren't also managing your transitive dependency versions a reinstall of requests should pull this unless you have something else blocking you from using that version.