CVE-2024-35195 alert caused by pinning requests to version <2.32.3 #30
Description
Requests has a known vulnerability, that is fixed in versions 2.32.3.
Anyway this project in our requirements is causing an alert, because it still resolve to an older version of requests, as can be seen here:
ibm-cos-sdk-python-core/setup.py
Line 9 in c35f5f1
requires = [
'jmespath>=0.10.0,<=1.0.1',
'python-dateutil>=2.9.0,<3.0.0',
'requests>=2.32.0,<2.32.3',
'urllib3>=1.26.18,<3',
]Is possible to fix this issue?