Hello,
The monday-code pypi lib is dependend on urllib <2.1.0
However, there is a CVS associated.
Can you increase the version dependency.
From safety
→ Vulnerability found in urllib3 version 2.0.7
Vulnerability ID: 71608
Affected spec: >=2.0.0a1,<=2.2.1
ADVISORY: Urllib3’s ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3’s proxy support, there’s a risk of inadvertently setting the Proxy-
Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and
poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3’s proxy support or disable automatic redirects to handle the
Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests.
CVE-2024-37891
For more information about this vulnerability, visit CVE-2024-37891 - Urllib3 Vulnerability - Safety #71608
To ignore this vulnerability, use PyUp vulnerability id 71608 in safety’s ignore command-line argument or add the ignore to your safety policy file.