From 3568420b1b5754ee1de5ba636f1f6c1d14f2188e Mon Sep 17 00:00:00 2001
From: marcos-statsig <75151332+marcos-statsig@users.noreply.github.com>
Date: Fri, 31 May 2024 15:21:27 -0700
Subject: [PATCH] [Snyk] Security upgrade requests from 2.26.0 to 2.32.0 (#262)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

<h3>Snyk has created this PR to fix one or more vulnerable packages in
the `pip` dependencies of this project.</h3>


:sparkles: Snyk has automatically assigned this pull request, [set who
gets
assigned](https://app.snyk.io/org/marcos-statsig/project/e5199d21-23e3-4bf1-a320-6b9ff9964b3a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings/integration).


As this is a private repository, Snyk-bot does not have access.
Therefore, this PR has been created automatically, but appears to have
been created by a real user.

#### Changes included in this PR


- Changes to the following files to upgrade the vulnerable dependencies
to a fixed version:
   - requirements.txt




#### Vulnerabilities that will be fixed





##### By pinning:

Severity | Priority Score (\*) | Issue | Breaking Change | Exploit
Maturity

:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
![medium
severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png
'medium severity') | **566/1000** <br/> **Why?** Recently disclosed, Has
a fix available, CVSS 5.6 | Always-Incorrect Control Flow Implementation
<br/>[SNYK-PYTHON-REQUESTS-6928867](https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867)
| No | No Known Exploit

(\*) Note that the real score may have changed since the PR was raised.




Some vulnerabilities couldn't be fully fixed and so Snyk will still find
them when the project is tested again. This may be because the
vulnerability existed within more than one direct dependency, but not
all of the affected dependencies could be upgraded.


Check the changes in this PR to ensure they won't cause issues with your
project.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs._

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjM2RhZDcxNy1hOWQ5LTQwMDEtYWMxYS04ZjAyYzgwMGRjYWUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImMzZGFkNzE3LWE5ZDktNDAwMS1hYzFhLThmMDJjODAwZGNhZSJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/marcos-statsig/project/e5199d21-23e3-4bf1-a320-6b9ff9964b3a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)

👩‍💻 [Set who automatically gets
assigned](https://app.snyk.io/org/marcos-statsig/project/e5199d21-23e3-4bf1-a320-6b9ff9964b3a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings/integration)

🛠 [Adjust project
settings](https://app.snyk.io/org/marcos-statsig/project/e5199d21-23e3-4bf1-a320-6b9ff9964b3a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)

📚 [Read more about Snyk's upgrade and patch
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"requests","from":"2.26.0","to":"2.32.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
Known
Exploit","id":"SNYK-PYTHON-REQUESTS-6928867","priority_score":566,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.6","score":280},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Always-Incorrect
Control Flow
Implementation"}],"prId":"c3dad717-a9d9-4001-ac1a-8f02c800dcae","prPublicId":"c3dad717-a9d9-4001-ac1a-8f02c800dcae","packageManager":"pip","priorityScoreList":[566],"projectPublicId":"e5199d21-23e3-4bf1-a320-6b9ff9964b3a","projectUrl":"https://app.snyk.io/org/marcos-statsig/project/e5199d21-23e3-4bf1-a320-6b9ff9964b3a?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-REQUESTS-6928867"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

---

**Note:** _This is a default PR template raised by Snyk. Find out more
about how you can customise Snyk PRs in our
[documentation.](https://docs.snyk.io/scan-using-snyk/snyk-open-source/automatic-and-manual-prs-with-snyk-open-source/customize-pr-templates-closed-beta)_

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Learn about vulnerability in an interactive lesson of Snyk
Learn.](https://learn.snyk.io/?loc&#x3D;fix-pr)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index bc1c252..9f73162 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,5 +1,5 @@
 ip3country==0.3.0
-requests==2.26.0
+requests==2.32.0
 semver==2.13.0
 setuptools==60.5.0
 ua_parser==0.10.0