PYSEC-2023-242 status

Open 0-wiz-0 opened this issue 1 year ago • 0 comments

pip-audit reports that httpie is affected by PYSEC-2023-242 which mentions 3.2.2. I see that 3.2.3 was released, and it mentions

- Fix SSL connections by pinning the `requests` version to `2.31.0`. ([#1583], [#1581])

but the lines referenced from https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md are still there. Is this fixed or disputed or ... ? Thanks.

Jul 14 '24 06:07 0-wiz-0