Skip to content

fix(deps): vuln minor upgrades — 5 packages (minor: 5) [local/etc]#37533

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417
Open

fix(deps): vuln minor upgrades — 5 packages (minor: 5) [local/etc]#37533
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: High-severity security update — 5 packages upgraded (MINOR changes included)

Manifests changed:

  • local/etc (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
markdown2 2.3.8 2.5.5 minor Direct 3 HIGH, 3 MEDIUM
Jinja2 3.0.1 3.1.6 minor Direct 10 MEDIUM
requests 2.23.0 2.34.2 minor Direct 9 MEDIUM
Pygments 2.7.4 2.20.0 minor Direct 3 MEDIUM, 1 LOW
tqdm 4.43.0 4.68.2 minor Direct 2 LOW

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
markdown2 PYSEC-2021-20 HIGH - 2.3.8 2.4.0
markdown2 CVE-2021-26813 HIGH - 2.3.8 -
markdown2 GHSA-jr9p-r423-9m2r HIGH markdown2 Regular Expression Denial of Service 2.3.8 2.4.0
ℹ️ Other Vulnerabilities (28)
Package CVE Severity Summary Unsafe Version Fixed In
Pygments PYSEC-2023-117 medium - 2.7.4 2.15.1
Pygments CVE-2022-40896 medium - 2.7.4 -
requests CVE-2023-32681 medium Unintended leak of Proxy-Authorization header in requests 2.23.0 -
requests PYSEC-2023-74 medium - 2.23.0 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
Jinja2 CVE-2024-22195 MODERATE Jinja vulnerable to Cross-Site Scripting (XSS) 3.0.1 -
Jinja2 GHSA-cpwx-vrp4-4pq7 MODERATE Jinja2 vulnerable to sandbox breakout through attr filter selecting format method 3.0.1 3.1.6
Jinja2 CVE-2024-34064 MODERATE Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter 3.0.1 -
Jinja2 CVE-2024-56326 MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.0.1 -
Jinja2 GHSA-q2x7-8rv6-6q7h MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.0.1 3.1.5
Jinja2 GHSA-h5c8-rqwp-cp95 MODERATE Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter 3.0.1 3.1.3
Jinja2 GHSA-h75v-3vvj-5mfj MODERATE Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter 3.0.1 3.1.4
Jinja2 CVE-2024-56201 MODERATE Jinja has a sandbox breakout through malicious filenames 3.0.1 -
Jinja2 GHSA-gmj6-6f8f-6699 MODERATE Jinja has a sandbox breakout through malicious filenames 3.0.1 3.1.5
Jinja2 CVE-2025-27516 MODERATE Jinja sandbox breakout through attr filter selecting format method 3.0.1 -
Pygments GHSA-mrwq-x4v8-fh7p MODERATE Pygments vulnerable to ReDoS 2.7.4 2.15.0
markdown2 GHSA-fv3h-8x5j-pvgq MODERATE XSS in python-markdown2 2.3.8 2.3.9
markdown2 PYSEC-2020-65 MODERATE - 2.3.8 2.3.9
markdown2 CVE-2020-11888 MODERATE - 2.3.8 -
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.23.0 2.31.0
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.23.0 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.23.0 2.32.4
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.23.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.23.0 -
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.23.0 2.33.0
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.23.0 -
Pygments GHSA-5239-wwwm-4pmq LOW Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching 2.7.4 2.20.0
tqdm GHSA-g7vv-2v7x-gj9p LOW tqdm CLI arguments injection attack 4.43.0 4.66.3
tqdm CVE-2024-34062 LOW tqdm CLI arguments injection attack 4.43.0 -
⚠️ Dependencies that have Reached EOL (5)
Dependency Unsafe Version EOL Date New Version Path
Jinja2 3.0.1 May 18, 2026 3.1.6 local/etc/requirements3.txt
Pygments 2.7.4 Jan 12, 2026 2.20.0 local/etc/requirements3.txt
markdown2 2.3.8 - 2.5.5 local/etc/requirements3.txt
requests 2.23.0 - 2.34.2 local/etc/requirements3.txt
tqdm 4.43.0 - 4.68.2 local/etc/requirements3.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@github-actions github-actions Bot added the Architecture Everything related to the Doc backend label Jun 15, 2026
@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 23:13
@campaigner-prod campaigner-prod Bot requested a review from a team as a code owner June 16, 2026 23:13
@gh-worker-campaigns-3e9aa4

gh-worker-campaigns-3e9aa4 Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Author

Auto-rebase complete

Branch is up to date with master — rebased onto 30781d3.

Auto-Rebase · Add no-auto-rebase to opt out

@dd-octo-sts-6cbbf8 dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 16a860f to cc2cc55 Compare June 19, 2026 23:26
@dd-octo-sts-aad58d dd-octo-sts-aad58d Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from cc2cc55 to ba166ed Compare June 22, 2026 12:01
@dd-octo-sts dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from ba166ed to 07c0d52 Compare June 22, 2026 14:02
@dd-octo-sts-4caf68 dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 07c0d52 to 3907abd Compare June 22, 2026 15:00
@dd-octo-sts-b8cf80 dd-octo-sts-b8cf80 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 3907abd to 7ad115a Compare June 22, 2026 15:25
@dd-octo-sts-09fbc5 dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 7ad115a to 884bf9f Compare June 22, 2026 15:46
@dd-octo-sts-019303 dd-octo-sts-019303 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 884bf9f to 332ac19 Compare June 22, 2026 16:02
@dd-octo-sts-6354d5 dd-octo-sts-6354d5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 332ac19 to 8f57a65 Compare June 22, 2026 16:24
@dd-octo-sts-6cbbf8 dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 8f57a65 to da3f960 Compare June 22, 2026 16:38
@dd-octo-sts-2c363b dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from da3f960 to 1137b97 Compare June 22, 2026 16:45
@dd-octo-sts-0c48d7 dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 1137b97 to 97f9c9b Compare June 22, 2026 17:22
@dd-octo-sts-03ec73 dd-octo-sts-03ec73 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 97f9c9b to 4f01d4c Compare June 22, 2026 18:02
@dd-octo-sts-4191dd dd-octo-sts-4191dd Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 4f01d4c to ed0291c Compare June 22, 2026 18:09
@dd-octo-sts-aad58d dd-octo-sts-aad58d Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from ed0291c to 70529ef Compare June 22, 2026 19:22
@dd-octo-sts-6354d5 dd-octo-sts-6354d5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 70529ef to d3cc2ac Compare June 22, 2026 19:53
@dd-octo-sts-26fcfa dd-octo-sts-26fcfa Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from d3cc2ac to 14a12af Compare June 22, 2026 20:15
@dd-octo-sts-4191dd dd-octo-sts-4191dd Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 14a12af to ac00e91 Compare June 22, 2026 20:22
@dd-octo-sts-4aefcb dd-octo-sts-4aefcb Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch 2 times, most recently from 4ac658c to fa36f70 Compare June 23, 2026 19:51
@dd-octo-sts-09fbc5 dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from fa36f70 to 125ff2d Compare June 23, 2026 20:10
@dd-octo-sts-6cbbf8 dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 125ff2d to b770bcb Compare June 23, 2026 20:49
@dd-octo-sts-09fbc5 dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from b770bcb to da5389d Compare June 23, 2026 21:13
@dd-octo-sts-dcc400 dd-octo-sts-dcc400 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from da5389d to a256389 Compare June 23, 2026 22:16
@dd-octo-sts-2c363b dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from a256389 to e4c58f0 Compare June 24, 2026 07:47
@dd-octo-sts-09fbc5 dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from e4c58f0 to 5618189 Compare June 24, 2026 09:20
@dd-octo-sts dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch 2 times, most recently from c8cb40b to 3f2a86d Compare June 24, 2026 12:16
@dd-octo-sts-c33ac5 dd-octo-sts-c33ac5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 3f2a86d to c6dae00 Compare June 24, 2026 13:20
@dd-octo-sts-2c363b dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from c6dae00 to 9e3b1c9 Compare June 24, 2026 13:31
@dd-octo-sts-94e5d1 dd-octo-sts-94e5d1 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 9e3b1c9 to d9971a2 Compare June 24, 2026 14:31
@dd-octo-sts-4caf68 dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from d9971a2 to 4d76253 Compare June 24, 2026 14:43
@dd-octo-sts-09fbc5 dd-octo-sts-09fbc5 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 4d76253 to 67f83a4 Compare June 24, 2026 15:10
@dd-octo-sts-98cdbc dd-octo-sts-98cdbc Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 67f83a4 to b7d7a69 Compare June 24, 2026 15:31
@dd-octo-sts-0c48d7 dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from b7d7a69 to 26a220e Compare June 24, 2026 16:20
@dd-octo-sts-b8cf80 dd-octo-sts-b8cf80 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch 2 times, most recently from 43a97fd to a348ec8 Compare June 24, 2026 16:39
@dd-octo-sts dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from a348ec8 to 83b775d Compare June 24, 2026 17:28
@dd-octo-sts-aad58d dd-octo-sts-aad58d Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 83b775d to 11250a7 Compare June 24, 2026 17:58
@dd-octo-sts-2c363b dd-octo-sts-2c363b Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch 2 times, most recently from b191ee7 to 76e7060 Compare June 24, 2026 19:29
@dd-octo-sts-150931 dd-octo-sts-150931 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 76e7060 to a04c9ab Compare June 24, 2026 20:08
@dd-octo-sts-6bb5b9 dd-octo-sts-6bb5b9 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from a04c9ab to 071b286 Compare June 24, 2026 20:33
@dd-octo-sts-94e5d1 dd-octo-sts-94e5d1 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 071b286 to 5c05bcb Compare June 24, 2026 20:52
@dd-octo-sts-4aefcb dd-octo-sts-4aefcb Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 5c05bcb to 59ab447 Compare June 24, 2026 21:01
@dd-octo-sts-4caf68 dd-octo-sts-4caf68 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 59ab447 to 109edc5 Compare June 24, 2026 21:57
@dd-octo-sts-0c48d7 dd-octo-sts-0c48d7 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/pip/etc/1-1781564417 branch from 109edc5 to 25397d2 Compare June 25, 2026 07:05
@dd-octo-sts-2c363b
ADMS: vuln minor upgrades — 5 packages (minor: 5) [local/etc]
4383421 
Co-authored-by: dd-octo-sts-2c363b[bot] <266797965+dd-octo-sts-2c363b[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-high-severity adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-vulns adms-python Architecture Everything related to the Doc backend campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants