From 68db64d880f8489dd5b21b7785fb07c543a148ce Mon Sep 17 00:00:00 2001
From: "bhavin.shah" <bhavin.shah@mendix.com>
Date: Mon, 25 May 2026 14:29:58 +0530
Subject: [PATCH 1/2] Security: Upgrade requests to 2.34.2 and urllib3 to 2.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes high-severity CVEs:
- CVE-2026-25645 (requests): Fixed in 2.33.0+
- GHSA-mf9v-mfxr-j63j (urllib3): Streaming API decompression issue
- GHSA-qccp-gfcp-xxvc (urllib3): Cross-origin redirect header leakage

Changes:
- requests: 2.32.5 → 2.34.2
- urllib3: 2.6.3 → 2.7.0
- charset-normalizer: 2.0.3 → 3.4.7 (transitive)
- idna: 3.10 → 3.15 (transitive)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 requirements.in  | 4 ++--
 requirements.txt | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements.in b/requirements.in
index edee2e58f..5e9c8eb83 100644
--- a/requirements.in
+++ b/requirements.in
@@ -7,5 +7,5 @@ jinja2==3.1.6
 omegaconf==2.3.0
 psycopg2-binary==2.9.10
 pyyaml==6.0.2
-requests==2.32.5
-urllib3==2.6.3
+requests==2.34.2
+urllib3==2.7.0
diff --git a/requirements.txt b/requirements.txt
index 91b30ca73..52c6a4e79 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ certifi==2024.8.30
     #   requests
 cffi==2.0.0
     # via cryptography
-charset-normalizer==2.0.3
+charset-normalizer==3.4.7
     # via requests
 cryptography==46.0.5
     # via -r requirements.in
@@ -22,7 +22,7 @@ distro==1.9.0
     # via -r requirements.in
 httplib2==0.22.0
     # via -r requirements.in
-idna==3.10
+idna==3.15
     # via requests
 jinja2==3.1.6
     # via -r requirements.in
@@ -40,11 +40,11 @@ pyyaml==6.0.2
     # via
     #   -r requirements.in
     #   omegaconf
-requests==2.32.5
+requests==2.34.2
     # via -r requirements.in
 typing-extensions==4.15.0
     # via cryptography
-urllib3==2.6.3
+urllib3==2.7.0
     # via
     #   -r requirements.in
     #   requests

From 78e8e6f8b7ec6e2c38d4a04ddbe96c5dae9aee78 Mon Sep 17 00:00:00 2001
From: "bhavin.shah" <bhavin.shah@mendix.com>
Date: Mon, 25 May 2026 14:33:07 +0530
Subject: [PATCH 2/2] Fixes high-severity CVEs:    - CVE-2026-25645 (requests):
 Fixed in 2.33.0+    - GHSA-mf9v-mfxr-j63j (urllib3): Streaming API
 decompression issue    - GHSA-qccp-gfcp-xxvc (urllib3): Cross-origin redirect
 header leakage

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 52c6a4e79..e6e1db49e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,7 +14,7 @@ certifi==2024.8.30
     #   requests
 cffi==2.0.0
     # via cryptography
-charset-normalizer==3.4.7
+charset-normalizer==2.0.3
     # via requests
 cryptography==46.0.5
     # via -r requirements.in
@@ -22,7 +22,7 @@ distro==1.9.0
     # via -r requirements.in
 httplib2==0.22.0
     # via -r requirements.in
-idna==3.15
+idna==3.10
     # via requests
 jinja2==3.1.6
     # via -r requirements.in