From efaf266b4371ca408204727bb0c1225b298b33a3 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Thu, 26 Mar 2026 10:38:34 -0700
Subject: [PATCH] fix pip audit

---
 .github/workflows/checks.yml       |  1 +
 .github/workflows/daily_checks.yml |  1 +
 poetry.lock                        | 17 +++++++++--------
 pyproject.toml                     |  2 +-
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 5c737551a..fc3412c2c 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -145,6 +145,7 @@ jobs:
           inputs: requirements.txt
           ignore-vulns: |
             PYSEC-2023-312
+            CVE-2026-4539
       - name: Run npm audit
         run: make npm-audit
 
diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml
index 16e44dd16..816983833 100644
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -31,6 +31,7 @@ jobs:
         inputs: requirements.txt
         ignore-vulns: |
             PYSEC-2023-312
+            CVE-2026-4539
     - name: Run npm audit
       run: make npm-audit
 
diff --git a/poetry.lock b/poetry.lock
index f3ce033c2..225a1a30d 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -3637,25 +3637,26 @@ files = [
 
 [[package]]
 name = "requests"
-version = "2.32.5"
+version = "2.33.0"
 description = "Python HTTP for Humans."
 optional = false
-python-versions = ">=3.9"
+python-versions = ">=3.10"
 groups = ["main", "dev"]
 files = [
-    {file = "requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6"},
-    {file = "requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf"},
+    {file = "requests-2.33.0-py3-none-any.whl", hash = "sha256:3324635456fa185245e24865e810cecec7b4caf933d7eb133dcde67d48cee69b"},
+    {file = "requests-2.33.0.tar.gz", hash = "sha256:c7ebc5e8b0f21837386ad0e1c8fe8b829fa5f544d8df3b2253bff14ef29d7652"},
 ]
 
 [package.dependencies]
-certifi = ">=2017.4.17"
+certifi = ">=2023.5.7"
 charset_normalizer = ">=2,<4"
 idna = ">=2.5,<4"
-urllib3 = ">=1.21.1,<3"
+urllib3 = ">=1.26,<3"
 
 [package.extras]
 socks = ["PySocks (>=1.5.6,!=1.5.7)"]
-use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]
+test = ["PySocks (>=1.5.6,!=1.5.7)", "pytest (>=3)", "pytest-cov", "pytest-httpbin (==2.1.0)", "pytest-mock", "pytest-xdist"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<8)"]
 
 [[package]]
 name = "requests-mock"
@@ -4510,4 +4511,4 @@ cffi = ["cffi (>=1.17) ; python_version >= \"3.13\" and platform_python_implemen
 [metadata]
 lock-version = "2.1"
 python-versions = "^3.13.2"
-content-hash = "706777a885f477ce855ab5011e618eed81f0bdc7623b83daee903de43df83d9d"
+content-hash = "6f5ccdfdf0018169740fce7ac3e21312ba1478f0fc2f52dbaf5d9f180f0668ab"
diff --git a/pyproject.toml b/pyproject.toml
index d91165f5f..6e05f2cee 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -66,7 +66,7 @@ idna = "^3.11"
 markupsafe = "^3.0.3"
 python-dateutil = "^2.9.0.post0"
 pyyaml = "^6.0.3"
-requests = "^2.32.5"
+requests = "^2.33.0"
 six = "^1.16.0"
 urllib3 = "^2.6.3"
 webencodings = "^0.5.1"