fix(security): upgrade requests to 2.32.5 in agent/sandbox to fix CVE-2024-47081 (#13424)

### What problem does this PR solve? This PR remediates CVE-2024-47081 (MEDIUM severity) in the agent/sandbox component by upgrading the requests library from version 2.32.3 to 2.32.5. The vulnerability allows .netrc credentials to leak via malicious URLs. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
2026-05-06 02:07:49 +08:00 · 2026-03-06 01:29:18 +00:00
parent aa57bcf92a
commit c35b210c3a
2 changed files with 6 additions and 6 deletions
--- a/agent/sandbox/pyproject.toml
+++ b/agent/sandbox/pyproject.toml
@ -8,7 +8,7 @@ dependencies = [
    "fastapi>=0.115.12",
    "httpx>=0.28.1",
    "pydantic>=2.11.4",
-    "requests>=2.32.3",
+    "requests>=2.32.4",
    "slowapi>=0.1.9",
    "uvicorn>=0.34.2",
 ]
--- a/agent/sandbox/uv.lock
+++ b/agent/sandbox/uv.lock
@ -1,6 +1,6 @@
 version = 1
 revision = 3
-requires-python = ">=3.10"
+requires-python = ">=3.12, <3.15"

 [[package]]
 name = "annotated-doc"
@ -161,7 +161,7 @@ requires-dist = [
    { name = "fastapi", specifier = ">=0.115.12" },
    { name = "httpx", specifier = ">=0.28.1" },
    { name = "pydantic", specifier = ">=2.11.4" },
-    { name = "requests", specifier = ">=2.32.3" },
+    { name = "requests", specifier = ">=2.32.4" },
    { name = "slowapi", specifier = ">=0.1.9" },
    { name = "uvicorn", specifier = ">=0.34.2" },
 ]
@ -313,7 +313,7 @@ wheels = [

 [[package]]
 name = "requests"
-version = "2.32.3"
+version = "2.32.5"
 source = { registry = "https://pypi.tuna.tsinghua.edu.cn/simple" }
 dependencies = [
    { name = "certifi" },
@ -321,9 +321,9 @@ dependencies = [
    { name = "idna" },
    { name = "urllib3" },
 ]
-sdist = { url = "https://pypi.tuna.tsinghua.edu.cn/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", size = 131218, upload-time = "2024-05-29T15:37:49.536Z" }
+sdist = { url = "https://pypi.tuna.tsinghua.edu.cn/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" }
 wheels = [
-    { url = "https://pypi.tuna.tsinghua.edu.cn/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928, upload-time = "2024-05-29T15:37:47.027Z" },
+    { url = "https://pypi.tuna.tsinghua.edu.cn/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" },
 ]

 [[package]]