Update "requests ~= 2.7" in opentelemetry-exporter-otlp-proto-http #4602
Labels
Comments
|
Ok, my bad I did not understand how python versioning works, so it's fine with ~=2.7 as long as something else uses a newer version. Still it wouldn't hurt to bring it up to a new minimum that isn't 10 years old. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
I just found out that opentelemetry-exporter-otlp-proto-http still requires version 2.7 of requests in its pyproject.toml. Requests version 2.7 is 10 years old! The amount of CVEs on that one alone must be staggering. You REALLY need to update this to a later version. Not to mention you'll force anyone else that imports this library down to that level as well.
Describe the solution you'd like
I'd like you to update the requests library to the most current version. Given that it's network facing, I'd even go so far as to require it to be on the latest version or higher.
Describe alternatives you've considered
I don't see any alternatives, using anything other than the latest version is extremely risky.
Additional Context
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: