Safety CI > alexyorke/installed-to-chocolatey

pyup-scheduled-update-2026-04-01

16 hours ago

5ebc1ef0

Update requests from 2.32.3 to 2.33.1

No dependencies with known security vulnerabilities.

dependabot/pip/requests-2.33.0

3 days, 4 hours ago

79c50222

Bump requests from 2.32.3 to 2.33.0 Bumps [requests](https://github.com/psf/requests) from 2.32.3 t

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-03-01

1 month ago

b1840b11

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-02-01

1 month, 4 weeks ago

28a5c43e

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2026-01-01

3 months ago

1ad6ec51

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-12-01

4 months ago

d49ab199

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-11-01

5 months ago

56de175f

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-10-01

6 months ago

9b429245

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

dependabot/pip/feedparser-6.0.12

6 months, 2 weeks ago

04507aac

Bump feedparser from 6.0.11 to 6.0.12 Bumps [feedparser](https://github.com/kurtmckee/feedparser) f

requests 2.32.3 has known security vulnerabilities.

Package	Installed	Affected	Info
requests	2.32.3	<2.32.4	show Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
requests	2.32.3	<2.33.0	show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

Package

Installed

Affected

Info

requests

2.32.3

<2.32.4

show

Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

requests

2.32.3

<2.33.0

show

Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content.

pyup-scheduled-update-2025-09-03

7 months ago

921e2b4f

Update requests from 2.32.3 to 2.32.5

No dependencies with known security vulnerabilities.

dependabot/pip/requests-2.32.5

7 months, 1 week ago

360333b3

Bump requests from 2.32.3 to 2.32.5 Bumps [requests](https://github.com/psf/requests) from 2.32.3 t

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-08-01

8 months ago

6332e500

Update requests from 2.32.3 to 2.32.4

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-07-09

8 months, 3 weeks ago

1feff7f0

Update requests from 2.32.3 to 2.32.4

No dependencies with known security vulnerabilities.

dependabot/pip/pip-512858e340

9 months, 3 weeks ago

5d9fab62

Bump requests from 2.32.3 to 2.32.4 in the pip group Bumps the pip group with 1 update: [requests](

No dependencies with known security vulnerabilities.

master

1 year ago

55e052c1

Merge pull request #24 from alexyorke/dependabot/pip/feedparser-6.0.11 Bump feedparser from 5.2.1 t

No dependencies with known security vulnerabilities.