Skip to content

Commit efe2b4c

Browse files
Avi-RobustaAvi-Robusta
committed
[ROB-2887] patching cves in urllib3
CVE-2025-66418 CVE-2025-66471
1 parent 4bd747b commit efe2b4c

File tree

2 files changed

+34
-55
lines changed

2 files changed

+34
-55
lines changed

poetry.lock

Lines changed: 29 additions & 50 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "prometrix"
3-
version = "0.2.8"
3+
version = "0.2.9"
44
authors = ["Avi Kotlicky <avi@robusta.dev>"]
55
readme = "README.md"
66
packages = [{include = "prometrix"}]
@@ -11,14 +11,14 @@ description = "A Python Prometheus client for all Prometheus instances."
1111
"Bug Tracker" = "https://github.com/robusta-dev/prometrix/issues"
1212

1313
[tool.poetry.dependencies]
14-
python = ">=3.9,<4.0"
15-
boto3 = "^1.28.15"
16-
botocore = "^1.31.15"
14+
python = ">=3.10,<4.0"
15+
urllib3 = ">=2.6.0,<3.0.0" # pinned to patch urllib3 cves
16+
botocore = "^1.38"
17+
boto3 = "^1.38"
1718
pydantic = ">=1.8.1,<3"
1819
prometheus-api-client = "^0.5.3"
1920
pillow = "^10.3.0" # added to Pin transitive dependency, not needed directly
2021
fonttools = "^4.43.0" # added to Pin transitive dependency, not needed directly
21-
urllib3 = "^1.26.20" # added to Pin transitive dependency, not needed directly
2222
zipp = "^3.20.1" # added to Pin transitive dependency, not needed directly
2323
idna = "^3.7"
2424
requests = ">2.32.4"

0 commit comments

Comments
 (0)