deps: bump requests to >=2.32.4 for CVE patch

kutay-ogpu · claude · kutay-ogpu · commit 3fdf8c4b3125 · 2026-04-13T11:08:40.000+03:00
Dependabot flagged requests <2.32.4 for a .netrc credentials leak via malicious URLs (GHSA / psf/requests#6965). Loosen the pin to >=2.32.4 so future security patches in the 2.32.x line are picked up automatically. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/pyproject.toml b/pyproject.toml
@@ -20,7 +20,7 @@ dependencies = [
     "sentry_sdk==2.29.1",
     "python-dotenv==1.1.0",
     "web3==7.12.0",
-    "requests==2.32.3",
+    "requests>=2.32.4",
 ]
 classifiers = [
     "Programming Language :: Python :: 3",

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ dependencies = [`
`20`	`20`	`"sentry_sdk==2.29.1",`
`21`	`21`	`"python-dotenv==1.1.0",`
`22`	`22`	`"web3==7.12.0",`
`23`		`- "requests==2.32.3",`
	`23`	`+ "requests>=2.32.4",`
`24`	`24`	`]`
`25`	`25`	`classifiers = [`
`26`	`26`	`"Programming Language :: Python :: 3",`