VULN UPGRADE: minor upgrades — 4 packages (minor: 2 · patch: 2) [cybersixgill_actionable_alerts]

[campaigner-prod]

Summary: Security update — 4 packages upgraded (MINOR changes included)

Manifests changed:

• cybersixgill_actionable_alerts (pip)

Updates

Package	From	To	Type	Vulnerabilities Fixed
requests	2.28.1	2.28.2	patch	5 MODERATE, 2 MEDIUM
pydantic	1.9.2	1.10.26	minor	2 MODERATE
pytest	7.1.3	7.4.4	minor	-
sixgill-clients	0.2.24	0.2.26	patch	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (9)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
requests	PYSEC-2023-74	medium	-	2.28.1	74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
requests	CVE-2023-32681	medium	Unintended leak of Proxy-Authorization header in requests	2.28.1	-
pydantic	GHSA-mr82-8j83-vxmv	MODERATE	Pydantic regular expression denial of service	1.9.2	2.4.0
pydantic	CVE-2024-3772	MODERATE	-	1.9.2	-
requests	GHSA-9hjg-9r4m-mvj7	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.28.1	2.32.4
requests	CVE-2024-47081	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.28.1	-
requests	GHSA-j8r2-6x86-q33q	MODERATE	Unintended leak of Proxy-Authorization header in requests	2.28.1	2.31.0
requests	GHSA-9wx4-h78v-vm56	MODERATE	Requests Session object does not verify requests after making first request with verify=False	2.28.1	2.32.0
requests	CVE-2024-35195	MODERATE	Requests Session object does not verify requests after making first request with verify=False	2.28.1	-

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
requests	2.28.1	-	2.28.2	cybersixgill_actionable_alerts/requirements.txt

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-12T20:40:32Z
• ✅ CI tests passed - 2026-02-12T20:45:23Z
• ✅ Approved (commit: 74e9e86) - 2026-02-12T20:45:25Z
• ✅ Merge Started
• ⬜ Merged

➡️ Current phase: merge in progress...

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.

[dd-prapprover]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-02-12 20:45:33 UTC ℹ️ Start processing command /merge

---

2026-02-12 20:45:39 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2026-02-13 00:48:15 UTC ⚠️ MergeQueue: This merge request was unqueued

devflow unqueued this merge request: It did not become mergeable within the expected time