michalc opened a new issue #16527: URL: https://github.com/apache/airflow/issues/16527
**Description** We're still on Airflow v1.10.15 (moving to v2, but it's taking a while). However, Airflow v1 depends on requests < 2.24, i.e. the latest version that can be installed is 2.23.0, but this in turn requires urllib3<1.26. However, there is a vulnerability in urrlib3 before 1.26.5 https://github.com/advisories/GHSA-q2q7-5pp4-w6pg It's probably a bit cheeky to ask, but you never know: can there be another v1 release that allows enough of a bump of requests to allow urllib3 v1.26.5? **Use case / motivation** Avoid vulnerabilities in Airflow v1 **Are you willing to submit a PR?** No (sorry...) **Related Issues** No -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
