Skip to content

chore: resolve open dependabot security alerts#392

Merged
gruebel merged 1 commit into
mainfrom
chore/dependabot-alerts
May 19, 2026
Merged

chore: resolve open dependabot security alerts#392
gruebel merged 1 commit into
mainfrom
chore/dependabot-alerts

Conversation

@jonathannorris
Copy link
Copy Markdown
Member

@jonathannorris jonathannorris commented May 19, 2026

Summary

  • Bumped urllib3 2.6.3 -> 2.7.0 via uv lock --upgrade-package urllib3 to resolve two high-severity transitive vulnerabilities

Dependabot Alerts Resolved

Alert Package Severity Fix
#32 urllib3 high Sensitive headers forwarded across origins in proxied low-level redirects; bumped to 2.7.0 in uv.lock
#31 urllib3 high Decompression-bomb safeguards bypassed in parts of the streaming API; bumped to 2.7.0 in uv.lock

urllib3 is a transitive dependency (pulled in by botocore, docker, launchdarkly_eventsource, requests, responses). The upgrade is a single-package bump in uv.lock with no manifest changes required.

@jonathannorris
chore: resolve open dependabot security alerts
0faa700 
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@jonathannorris jonathannorris requested review from a team as code owners May 19, 2026 15:11
@jonathannorris jonathannorris marked this pull request as draft May 19, 2026 15:11
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the urllib3 dependency from version 2.6.3 to 2.7.0 in the uv.lock file. I have no feedback to provide.

@jonathannorris jonathannorris marked this pull request as ready for review May 19, 2026 16:28
@codecov
Copy link
Copy Markdown

codecov Bot commented May 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.20%. Comparing base (f084e84) to head (0faa700).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #392   +/-   ##
=======================================
  Coverage   96.20%   96.20%           
=======================================
  Files          47       47           
  Lines        1741     1741           
=======================================
  Hits         1675     1675           
  Misses         66       66

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jonathannorris jonathannorris requested review from a team and beeme1mr May 19, 2026 16:28
@gruebel gruebel merged commit daafd73 into main May 19, 2026
59 checks passed
@gruebel gruebel deleted the chore/dependabot-alerts branch May 19, 2026 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthewelwell matthewelwell matthewelwell approved these changes

@gruebel gruebel gruebel approved these changes

@beeme1mr beeme1mr Awaiting requested review from beeme1mr

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonathannorris @matthewelwell @gruebel