From 2b57652278f3488097d1f9d72e36293d0152eb2b Mon Sep 17 00:00:00 2001
From: Nikita Shulga <nshulga@meta.com>
Date: Thu, 23 May 2024 00:21:24 +0000
Subject: [PATCH] Update requests to 2.32.2 (#126805)

To address CVE-2024-35195 (though it does not really affect PyTorch, only CI)

Pull Request resolved: https://github.com/pytorch/pytorch/pull/126805
Approved by: https://github.com/atalman, https://github.com/kit1980, https://github.com/seemethere, https://github.com/Skylion007
---
 .github/actions/filter-test-configs/action.yml         | 3 ++-
 .github/requirements-gha-cache.txt                     | 2 +-
 .github/requirements/conda-env-Linux-X64.txt           | 2 +-
 .github/requirements/conda-env-iOS.txt                 | 2 +-
 .github/workflows/close-nonexistent-disable-issues.yml | 2 +-
 .github/workflows/nightly-rockset-uploads.yml          | 2 +-
 .github/workflows/upload-alerts.yml                    | 2 +-
 .github/workflows/upload-test-stats.yml                | 2 +-
 .github/workflows/upload-torch-dynamo-perf-stats.yml   | 2 +-
 .github/workflows/upload_test_stats_intermediate.yml   | 2 +-
 tools/build/bazel/requirements.in                      | 2 +-
 tools/build/bazel/requirements.txt                     | 6 +++---
 12 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/actions/filter-test-configs/action.yml b/.github/actions/filter-test-configs/action.yml
index e1f2067d5807..e65448c99f46 100644
--- a/.github/actions/filter-test-configs/action.yml
+++ b/.github/actions/filter-test-configs/action.yml
@@ -66,7 +66,8 @@ runs:
         command: |
           set -eux
           # PyYAML 6.0 doesn't work with MacOS x86 anymore
-          python3 -m pip install requests==2.26.0 pyyaml==6.0.1
+          # This must run on Python-3.7 (AmazonLinux2) so can't use request=3.32.2
+          python3 -m pip install requests==2.27.1 pyyaml==6.0.1
 
     - name: Parse ref
       id: parse-ref
diff --git a/.github/requirements-gha-cache.txt b/.github/requirements-gha-cache.txt
index 1064212c5b4e..5d1e45160564 100644
--- a/.github/requirements-gha-cache.txt
+++ b/.github/requirements-gha-cache.txt
@@ -10,6 +10,6 @@ lintrunner==0.10.7
 ninja==1.10.0.post1
 nvidia-ml-py==11.525.84
 pyyaml==6.0
-requests==2.31.0
+requests==2.32.2
 rich==10.9.0
 rockset==1.0.3
diff --git a/.github/requirements/conda-env-Linux-X64.txt b/.github/requirements/conda-env-Linux-X64.txt
index 16bbc57dd3be..f741ad7f0457 100644
--- a/.github/requirements/conda-env-Linux-X64.txt
+++ b/.github/requirements/conda-env-Linux-X64.txt
@@ -4,6 +4,6 @@ mkl-include=2022.1.0
 ninja=1.10.2
 numpy=1.23.3
 pyyaml=6.0
-requests=2.31.0
+requests=2.32.2
 setuptools=68.2.2
 typing-extensions=4.3.0
diff --git a/.github/requirements/conda-env-iOS.txt b/.github/requirements/conda-env-iOS.txt
index 205c07925a01..65cc70a0c2d3 100644
--- a/.github/requirements/conda-env-iOS.txt
+++ b/.github/requirements/conda-env-iOS.txt
@@ -3,6 +3,6 @@ cmake=3.22.1
 ninja=1.10.2
 numpy=1.23.3
 pyyaml=6.0
-requests=2.31.0
+requests=2.32.2
 setuptools=68.2.2
 typing-extensions=4.3.0
diff --git a/.github/workflows/close-nonexistent-disable-issues.yml b/.github/workflows/close-nonexistent-disable-issues.yml
index f384295b84b8..12a6facbaabc 100644
--- a/.github/workflows/close-nonexistent-disable-issues.yml
+++ b/.github/workflows/close-nonexistent-disable-issues.yml
@@ -18,6 +18,6 @@ jobs:
           ROCKSET_API_KEY: ${{ secrets.ROCKSET_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          pip3 install requests==2.26
+          pip3 install requests==2.32.2
           pip3 install rockset==1.0.3
           python3 .github/scripts/close_nonexistent_disable_issues.py
diff --git a/.github/workflows/nightly-rockset-uploads.yml b/.github/workflows/nightly-rockset-uploads.yml
index f553cfd068d1..18ff29f14467 100644
--- a/.github/workflows/nightly-rockset-uploads.yml
+++ b/.github/workflows/nightly-rockset-uploads.yml
@@ -32,7 +32,7 @@ jobs:
           cache: pip
 
       - run: |
-          pip3 install requests==2.26 rockset==1.0.3 boto3==1.19.12
+          pip3 install requests==2.32.2 rockset==1.0.3 boto3==1.19.12
 
       - name: Upload external contribution stats
         uses: nick-fields/retry@v2.8.2
diff --git a/.github/workflows/upload-alerts.yml b/.github/workflows/upload-alerts.yml
index 77c82f1f04cd..bf370d6ef1b8 100644
--- a/.github/workflows/upload-alerts.yml
+++ b/.github/workflows/upload-alerts.yml
@@ -28,7 +28,7 @@ jobs:
 
       - name: Install Python Packages
         run: |
-          pip3 install rockset==1.0.3 boto3==1.19.12 requests==2.27.1
+          pip3 install rockset==1.0.3 boto3==1.19.12 requests==2.32.2
 
       - name: Create alerts
         run: |
diff --git a/.github/workflows/upload-test-stats.yml b/.github/workflows/upload-test-stats.yml
index f71d86eb5e59..3b63f686019f 100644
--- a/.github/workflows/upload-test-stats.yml
+++ b/.github/workflows/upload-test-stats.yml
@@ -47,7 +47,7 @@ jobs:
           cache: pip
 
       - run: |
-          pip3 install requests==2.26 rockset==1.0.3 boto3==1.19.12
+          pip3 install requests==2.32.2 rockset==1.0.3 boto3==1.19.12
 
       - name: Upload test artifacts
         id: upload-s3
diff --git a/.github/workflows/upload-torch-dynamo-perf-stats.yml b/.github/workflows/upload-torch-dynamo-perf-stats.yml
index 546d4d945761..14a0f2c8cb65 100644
--- a/.github/workflows/upload-torch-dynamo-perf-stats.yml
+++ b/.github/workflows/upload-torch-dynamo-perf-stats.yml
@@ -40,7 +40,7 @@ jobs:
           cache: pip
 
       - run: |
-          pip3 install requests==2.26 rockset==1.0.3 boto3==1.19.12
+          pip3 install requests==2.32.2 rockset==1.0.3 boto3==1.19.12
 
       - name: Upload torch dynamo performance stats to S3
         id: upload-s3
diff --git a/.github/workflows/upload_test_stats_intermediate.yml b/.github/workflows/upload_test_stats_intermediate.yml
index 14b65f6a75ef..d560f619db43 100644
--- a/.github/workflows/upload_test_stats_intermediate.yml
+++ b/.github/workflows/upload_test_stats_intermediate.yml
@@ -28,7 +28,7 @@ jobs:
           cache: pip
 
       - run: |
-          pip3 install requests==2.26 rockset==1.0.3 boto3==1.19.12
+          pip3 install requests==2.32.2 rockset==1.0.3 boto3==1.19.12
 
       - name: Upload test stats
         env:
diff --git a/tools/build/bazel/requirements.in b/tools/build/bazel/requirements.in
index 20b28921ff30..277a7c8f5741 100644
--- a/tools/build/bazel/requirements.in
+++ b/tools/build/bazel/requirements.in
@@ -1,6 +1,6 @@
 PyYAML==6.0.1
 numpy==1.26.4
-requests==2.31.0
+requests==2.32.2
 setuptools==69.5.1
 sympy==1.12
 typing_extensions==4.11.0
diff --git a/tools/build/bazel/requirements.txt b/tools/build/bazel/requirements.txt
index a24160216773..cd95aeeec5c6 100644
--- a/tools/build/bazel/requirements.txt
+++ b/tools/build/bazel/requirements.txt
@@ -199,9 +199,9 @@ pyyaml==6.0.1 \
     --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
     --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
     # via -r tools/build/bazel/requirements.in
-requests==2.31.0 \
-    --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
-    --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
+requests==2.32.2 \
+    --hash=sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289 \
+    --hash=sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c
     # via -r tools/build/bazel/requirements.in
 sympy==1.12 \
     --hash=sha256:c3588cd4295d0c0f603d0f2ae780587e64e2efeedb3521e46b9bb1d08d184fa5 \