From 5933d25f10bc72e2f28427cf1d4cb0eec7a3aa07 Mon Sep 17 00:00:00 2001 From: Sebastian Molenda Date: Thu, 20 Mar 2025 18:39:13 +0100 Subject: [PATCH 1/2] even more updates --- examples/pubnub_asyncio/fastapi/requirements.txt | 4 +++- requirements-dev.txt | 2 +- setup.py | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/pubnub_asyncio/fastapi/requirements.txt b/examples/pubnub_asyncio/fastapi/requirements.txt index f45d63f2..18a3cd2e 100644 --- a/examples/pubnub_asyncio/fastapi/requirements.txt +++ b/examples/pubnub_asyncio/fastapi/requirements.txt @@ -1,2 +1,4 @@ fastapi>=0.115.11 -pubnub>=10.1.0 \ No newline at end of file +pubnub>=10.1.0 +aiohttp>=3.11.14 +urllib3>=1.26.19,<2 diff --git a/requirements-dev.txt b/requirements-dev.txt index 91b40973..5e2bb1ec 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -11,5 +11,5 @@ aiohttp>=3.10.11 cbor2>=5.6 behave>=1.2.6 vcrpy>=6.0.2 -urllib3<2 +urllib3>=1.26.19,<2 busypie>=0.5.1 diff --git a/setup.py b/setup.py index 43d9ad3d..878a7d8b 100644 --- a/setup.py +++ b/setup.py @@ -35,7 +35,7 @@ 'pycryptodomex>=3.3', 'httpx>=0.28', 'h2>=4.1', - 'requests>=2.4', + 'requests>=2.32', 'aiohttp>3.9.2', 'cbor2>=5.6' ], From 60147e5add3f263baef3f1dd67deeef09991873d Mon Sep 17 00:00:00 2001 From: Sebastian Molenda Date: Thu, 20 Mar 2025 18:46:46 +0100 Subject: [PATCH 2/2] Fix vulnerabilities in examples --- examples/pubnub_asyncio/fastapi/requirements.txt | 6 ++++-- examples/pubnub_asyncio/http/requirements.txt | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/examples/pubnub_asyncio/fastapi/requirements.txt b/examples/pubnub_asyncio/fastapi/requirements.txt index 18a3cd2e..4418f9e7 100644 --- a/examples/pubnub_asyncio/fastapi/requirements.txt +++ b/examples/pubnub_asyncio/fastapi/requirements.txt @@ -1,4 +1,6 @@ fastapi>=0.115.11 pubnub>=10.1.0 -aiohttp>=3.11.14 -urllib3>=1.26.19,<2 +aiohttp>=3.11.14 # not directly required, pinned to avoid a vulnerability +requests>=2.32.2 # not directly required, pinned to avoid a vulnerability +urllib3>=1.26.19,<2 # not directly required, pinned to avoid a vulnerability +zipp>=3.19.1 # not directly required, pinned to avoid a vulnerability diff --git a/examples/pubnub_asyncio/http/requirements.txt b/examples/pubnub_asyncio/http/requirements.txt index 90dadcc4..51860c22 100644 --- a/examples/pubnub_asyncio/http/requirements.txt +++ b/examples/pubnub_asyncio/http/requirements.txt @@ -1,3 +1,5 @@ aiohttp>=3.11.14 aiohttp-cors>=0.8.0 pubnub>=10.1.0 +requests>=2.32.2 # not directly required, pinned to avoid a vulnerability +urllib3>=1.26.19,<2 # not directly required, pinned to avoid a vulnerability