fix CVE-2023-45803 by bumping dependencies

fkie-cad · Oct 19, 2023 · 56327fa · 56327fa
1 parent 66ed09a
commit 56327fa
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@
 ### Improvements
 ### Bugfix
 
+* fix CVE-2023-45803 urllib3's request body not stripped after redirect from 303 status changes request method to GET
+
 ## v7.0.0
 ### Breaking
 

diff --git a/requirements.in b/requirements.in
@@ -28,7 +28,7 @@ ruamel.yaml
 schedule
 tldextract
 urlextract
-urllib3>=1.26.17 # CVE-2023-43804
+urllib3>=1.26.18 # CVE-2023-45803
 uvicorn
 wheel
 deepdiff

diff --git a/requirements.txt b/requirements.txt
@@ -22,9 +22,9 @@ attrs==23.1.0
     # via
     #   -r ./requirements.in
     #   aiohttp
-boto3==1.28.62
+boto3==1.28.66
     # via -r ./requirements.in
-botocore==1.31.62
+botocore==1.31.66
     # via
     #   boto3
     #   s3transfer
@@ -46,13 +46,13 @@ colorama==0.4.6
     # via -r ./requirements.in
 confluent-kafka==2.2.0
     # via -r ./requirements.in
-deepdiff==6.6.0
+deepdiff==6.6.1
     # via -r ./requirements.in
 elasticsearch==7.17.9
     # via -r ./requirements.in
 exceptiongroup==1.1.3
     # via anyio
-fastapi==0.103.2
+fastapi==0.104.0
     # via -r ./requirements.in
 filelock==3.12.4
     # via
@@ -97,12 +97,12 @@ multidict==6.0.4
     #   yarl
 mysql-connector-python==8.1.0
     # via -r ./requirements.in
-numpy==1.26.0
+numpy==1.26.1
     # via
     #   -r ./requirements.in
     #   scikit-learn
     #   scipy
-opensearch-py==2.3.1
+opensearch-py==2.3.2
     # via -r ./requirements.in
 ordered-set==4.1.0
     # via deepdiff
@@ -145,7 +145,7 @@ requests==2.31.0
     #   tldextract
 requests-file==1.5.1
     # via tldextract
-ruamel-yaml==0.17.35
+ruamel-yaml==0.17.39
     # via -r ./requirements.in
 ruamel-yaml-clib==0.2.8
     # via ruamel-yaml
@@ -170,7 +170,7 @@ starlette==0.27.0
     # via fastapi
 threadpoolctl==3.2.0
     # via scikit-learn
-tldextract==3.6.0
+tldextract==5.0.1
     # via -r ./requirements.in
 typing-extensions==4.8.0
     # via
@@ -183,7 +183,7 @@ uritools==4.0.2
     # via urlextract
 urlextract==1.8.0
     # via -r ./requirements.in
-urllib3==1.26.17
+urllib3==1.26.18
     # via
     #   -r ./requirements.in
     #   botocore

diff --git a/requirements_dev.txt b/requirements_dev.txt
@@ -22,7 +22,7 @@ anyio==3.7.1
     #   fastapi
     #   httpcore
     #   starlette
-astroid==3.0.0
+astroid==3.0.1
     # via pylint
 async-timeout==4.0.3
     # via
@@ -36,16 +36,16 @@ attrs==23.1.0
     #   jsonschema
     #   referencing
     #   semgrep
-black==23.9.1
+black==23.10.0
     # via -r ./requirements_dev.in
 boltons==21.0.0
     # via
     #   face
     #   glom
     #   semgrep
-boto3==1.28.62
+boto3==1.28.66
     # via -r ./requirements.txt
-botocore==1.31.62
+botocore==1.31.66
     # via
     #   -r ./requirements.txt
     #   boto3
@@ -84,7 +84,7 @@ confluent-kafka==2.2.0
     # via -r ./requirements.txt
 coverage[toml]==7.3.2
     # via pytest-cov
-deepdiff==6.6.0
+deepdiff==6.6.1
     # via -r ./requirements.txt
 defusedxml==0.7.1
     # via semgrep
@@ -99,7 +99,7 @@ exceptiongroup==1.1.3
     #   pytest
 face==22.0.0
     # via glom
-fastapi==0.103.2
+fastapi==0.104.0
     # via -r ./requirements.txt
 filelock==3.12.4
     # via
@@ -183,12 +183,12 @@ mypy-extensions==1.0.0
     # via black
 mysql-connector-python==8.1.0
     # via -r ./requirements.txt
-numpy==1.26.0
+numpy==1.26.1
     # via
     #   -r ./requirements.txt
     #   scikit-learn
     #   scipy
-opensearch-py==2.3.1
+opensearch-py==2.3.2
     # via -r ./requirements.txt
 ordered-set==4.1.0
     # via
@@ -201,7 +201,7 @@ packaging==23.2
     #   semgrep
 pathspec==0.11.2
     # via black
-peewee==3.16.3
+peewee==3.17.0
     # via semgrep
 platformdirs==3.11.0
     # via
@@ -283,11 +283,11 @@ responses==0.23.3
     # via -r ./requirements_dev.in
 rich==13.6.0
     # via semgrep
-rpds-py==0.10.4
+rpds-py==0.10.6
     # via
     #   jsonschema
     #   referencing
-ruamel-yaml==0.17.35
+ruamel-yaml==0.17.39
     # via
     #   -r ./requirements.txt
     #   semgrep
@@ -307,7 +307,7 @@ scipy==1.11.3
     # via
     #   -r ./requirements.txt
     #   scikit-learn
-semgrep==1.43.0
+semgrep==1.45.0
     # via -r ./requirements_dev.in
 six==1.16.0
     # via
@@ -329,7 +329,7 @@ threadpoolctl==3.2.0
     # via
     #   -r ./requirements.txt
     #   scikit-learn
-tldextract==3.6.0
+tldextract==5.0.1
     # via -r ./requirements.txt
 tomli==2.0.1
     # via
@@ -362,7 +362,7 @@ uritools==4.0.2
     #   urlextract
 urlextract==1.8.0
     # via -r ./requirements.txt
-urllib3==1.26.17
+urllib3==1.26.18
     # via
     #   -r ./requirements.txt
     #   botocore