VUL-0: CVE-2024-35195: python-requests: session object does not verify requests after making first request with verify=False mcalabkova moderate security

Security update for python-requests

This update for python-requests fixes the following issues: - Update to 2.32.2 * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0. - Update to 2.32.1 * Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (bsc#1224788, CVE-2024-35195) * verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. * Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. * Requests has officially added support for CPython 3.12 and dropped support for CPython 3.7. * Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. python-requests python-requests:test