GHSA-5qvp-pr9f-2g2v: poetry-plugin-tweak-dependencies-version affected by CVE-2026-25645
Pin vulnerable version of requests library
References
- github.com/advisories/GHSA-5qvp-pr9f-2g2v
- github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2
- github.com/sbrunner/poetry-plugin-tweak-dependencies-version
- github.com/sbrunner/poetry-plugin-tweak-dependencies-version/commit/54b5784d89f36cd413a8bc5032ab0a96438dcae3
- github.com/sbrunner/poetry-plugin-tweak-dependencies-version/releases/tag/1.5.6
- github.com/sbrunner/poetry-plugin-tweak-dependencies-version/security/advisories/GHSA-5qvp-pr9f-2g2v
Code Behaviors & Features
Detect and mitigate GHSA-5qvp-pr9f-2g2v with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →