Skip to content

Commit e47cd16

Browse files
makowskidclaude
makowskid
and
claude
committed
v1.2.2 - fix urllib3 vulnerabilities (CVE-2026-44432, CVE-2026-44431)
Pin urllib3 to >=2.7.0 to patch two high-severity Snyk issues introduced transitively via requests: - CVE-2026-44432 Decompression Bomb (CVSS 8.9) - CVE-2026-44431 Sensitive Information Disclosure on redirects (CVSS 8.2) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent eeeab4c commit e47cd16

2 files changed

Lines changed: 18 additions & 10 deletions

File tree

poetry.lock

Lines changed: 14 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "sharpapi-python-client"
3-
version = "1.2.1"
3+
version = "1.2.2"
44
description = "SharpAPI.com Python SDK Client - AI-Powered Workflow Automation API."
55
authors = ["Dawid Makowski <contact@sharpapi.com>"]
66
license = "MIT"
@@ -16,6 +16,9 @@ packages = [
1616
[tool.poetry.dependencies]
1717
python = "^3.10"
1818
requests = ">=2.33.0"
19+
# Pin transitive dependency to patch Snyk vulnerabilities
20+
# (CVE-2026-44432 Decompression Bomb, CVE-2026-44431 Sensitive Info Disclosure)
21+
urllib3 = ">=2.7.0"
1922

2023
[build-system]
2124
requires = ["poetry-core"]

0 commit comments

Comments
 (0)