https://github.com/RDFLib/rdflib/pull/2270
They consider this to close the bug. Do we agree? (Debian now has a new enough version to have these warnings.)
Upstream added some documentation that this can fetch arbitrary
documents by design, and describing some ways to block this when
handling untrusted input:
