Bump requests from 2.31.0 to 2.32.0 (#46)

* --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Adjust python versions used for Test Job * Update CHANGELOG * Trigger Build --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Karl Jansen <[email protected]>
karjanme · Jun 5, 2024 · 0ecfc56 · 0ecfc56
1 parent b258e69
commit 0ecfc56
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 31 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -32,8 +32,11 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - "3.7"
           - "3.8"
+          - "3.9"
+          - "3.10"
+          - "3.11"
+          - "3.12"
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -74,32 +77,3 @@ jobs:
         uses: codecov/codecov-action@v1
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-
-  release:
-    name: Release Job
-    runs-on: ubuntu-latest
-    needs: [lint, test]
-    if: ${{ success() && github.ref == 'refs/heads/master' }}
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-    - name: Setup
-      uses: actions/setup-python@v1
-      with:
-        python-version: "3.x"
-    - name: Install
-      run: | 
-        python -m pip install --upgrade pip
-        pip install -r requirements.txt
-        pip install -e .
-    - name: Package
-      run: |
-        pip install setuptools wheel
-        python setup.py bdist_wheel
-    - name: Publish
-      env:
-        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-      run: |
-        pip install twine
-        twine upload dist/*
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 This project uses [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Security
+- CVE-2024-35195: Bump `requests` from 2.31.0 to 2.32.0
 
 ## Release 2.2.2 [2023-10-01]
 ### Fixed

diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,2 @@
 pytz==2020.1
-requests==2.31.0
+requests==2.32.0