mirror of
https://github.com/Hopiu/linkchecker.git
synced 2026-03-17 06:20:27 +00:00
Require a recent Requests version
Requests versions <= 2.19.1 are vulnerable to CVE-2018-18074: > The Requests package through 2.19.1 before 2018-09-14 for Python sends > an HTTP Authorization header to an http URI upon receiving a > same-hostname https-to-http redirect, which makes it easier for remote > attackers to discover credentials by sniffing the network. Thank you, GitHub security alerts, for bringing this to my attention.
This commit is contained in:
Marius Gedminas
parent
3eb7cbfbc8
commit
78ad1c94dd
2 changed files with 2 additions and 2 deletions
|
|
@ -1,5 +1,5 @@
|
|||
# required:
|
||||
requests<2.15,>=2.4
|
||||
requests >= 2.20.0
|
||||
pyxdg
|
||||
dnspython
|
||||
# optional:
|
||||
|
|
|
|||
2
setup.py
2
setup.py
|
|
@ -501,7 +501,7 @@ args = dict(
|
|||
},
|
||||
# Requirements, usable with setuptools or the new Python packaging module.
|
||||
install_requires = [
|
||||
'requests<2.15,>=2.4',
|
||||
'requests >= 2.20.0',
|
||||
'dnspython',
|
||||
'pyxdg',
|
||||
],
|
||||
|
|
|
|||
Loading…
Reference in a new issue