This is an automated email from the ASF dual-hosted git repository.

derrickaw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git


The following commit(s) were added to refs/heads/master by this push:
     new 7d682e210f9 Bump httplib2 upper bound to `<1.0.0` (#39280)
7d682e210f9 is described below

commit 7d682e210f99133633c72ad12cd75f18b80ba7c1
Author: Tomasz Wojdat <[email protected]>
AuthorDate: Fri Jul 10 19:12:21 2026 +0200

    Bump httplib2 upper bound to `<1.0.0` (#39280)
    
    This allows for httplib2 0.32.0 which includes a fix for CVE-2026-59939.
    
    Resolves #39279.
---
 sdks/python/setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdks/python/setup.py b/sdks/python/setup.py
index e764f935bea..471f15723e7 100644
--- a/sdks/python/setup.py
+++ b/sdks/python/setup.py
@@ -421,7 +421,7 @@ if __name__ == '__main__':
           'fastavro>=0.23.6,<2',
           'fasteners>=0.3,<1.0',
           
'grpcio>=1.33.1,<2,!=1.48.0,!=1.59.*,!=1.60.*,!=1.61.*,!=1.62.0,!=1.62.1,!=1.66.*,!=1.67.*,!=1.68.*,!=1.69.*,!=1.70.*',
  # pylint: disable=line-too-long
-          'httplib2>=0.8,<0.32.0',
+          'httplib2>=0.8,<1.0.0',
           'jsonpickle>=3.0.4,<5.0.0',
           # numpy can have breaking changes in minor versions.
           # Use a strict upper bound.

Reply via email to