From 7d04cffe4ec3e723fee04d89a8ba0e19d910c049 Mon Sep 17 00:00:00 2001 From: aivong-openhands Date: Fri, 3 Apr 2026 13:55:31 -0500 Subject: [PATCH] Fix CVE-2026-25645: Update requests to 2.33.1 (#13692) Co-authored-by: OpenHands CVE Fix Bot --- enterprise/poetry.lock | 2 +- poetry.lock | 2 +- pyproject.toml | 4 ++-- uv.lock | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/enterprise/poetry.lock b/enterprise/poetry.lock index c250b577fb..772bac5611 100644 --- a/enterprise/poetry.lock +++ b/enterprise/poetry.lock @@ -6554,7 +6554,7 @@ pyyaml = ">=6.0.2" qtconsole = ">=5.6.1" rapidfuzz = ">=3.9" redis = ">=5.2,<7" -requests = ">=2.32.5" +requests = ">=2.33.0" setuptools = ">=78.1.1" shellingham = ">=1.5.4" sqlalchemy = {version = ">=2.0.40", extras = ["asyncio"]} diff --git a/poetry.lock b/poetry.lock index 494f4d3836..0868b91a46 100644 --- a/poetry.lock +++ b/poetry.lock @@ -15028,4 +15028,4 @@ third-party-runtimes = ["daytona", "e2b-code-interpreter", "modal", "runloop-api [metadata] lock-version = "2.1" python-versions = "^3.12,<3.14" -content-hash = "50ea2748b9c1319381102ca2a81a6a9857ead88f63ced9120a0e13dbf7959b20" +content-hash = "6f88369a1b446dfbe38c9e0cf52e9bdacfb69aad51a9f56548768d160cdafd95" diff --git a/pyproject.toml b/pyproject.toml index 5eec180e19..293fc882c2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -89,7 +89,7 @@ dependencies = [ "qtconsole>=5.6.1", "rapidfuzz>=3.9", "redis>=5.2,<7", - "requests>=2.32.5", + "requests>=2.33", "setuptools>=78.1.1", "shellingham>=1.5.4", "sqlalchemy[asyncio]>=2.0.40", @@ -228,7 +228,7 @@ pypdf = "^6.9.2" pillow = "^12.1.1" starlette = "^0.49.1" urllib3 = "^2.6.3" -requests = "^2.32.5" +requests = "^2.33.0" setuptools = ">=78.1.1" # TODO: These are integrations that should probably be optional diff --git a/uv.lock b/uv.lock index 48a4f8d258..9dd98ffa9f 100644 --- a/uv.lock +++ b/uv.lock @@ -3859,7 +3859,7 @@ requires-dist = [ { name = "qtconsole", specifier = ">=5.6.1" }, { name = "rapidfuzz", specifier = ">=3.9" }, { name = "redis", specifier = ">=5.2,<7" }, - { name = "requests", specifier = ">=2.32.5" }, + { name = "requests", specifier = ">=2.33.0" }, { name = "runloop-api-client", marker = "extra == 'third-party-runtimes'", specifier = "==0.50" }, { name = "setuptools", specifier = ">=78.1.1" }, { name = "shellingham", specifier = ">=1.5.4" }, @@ -7910,7 +7910,7 @@ wheels = [ [[package]] name = "requests" -version = "2.32.5" +version = "2.33.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, @@ -7918,9 +7918,9 @@ dependencies = [ { name = "idna" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +sdist = { url = "https://files.pythonhosted.org/packages/5f/a4/98b9c7c6428a668bf7e42ebb7c79d576a1c3c1e3ae2d47e674b468388871/requests-2.33.1.tar.gz", hash = "sha256:18817f8c57c6263968bc123d237e3b8b08ac046f5456bd1e307ee8f4250d3517", size = 134120, upload-time = "2026-03-30T16:09:15.531Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, + { url = "https://files.pythonhosted.org/packages/d7/8e/7540e8a2036f79a125c1d2ebadf69ed7901608859186c856fa0388ef4197/requests-2.33.1-py3-none-any.whl", hash = "sha256:4e6d1ef462f3626a1f0a0a9c42dd93c63bad33f9f1c1937509b8c5c8718ab56a", size = 64947, upload-time = "2026-03-30T16:09:13.83Z" }, ] [[package]]