fix(deps): vuln minor upgrades — 6 packages (minor: 1 · patch: 5)

[gh-worker-campaigns-3e9aa4]

Summary: Security update — 6 packages upgraded (MINOR changes included)

Manifests changed:

• . (poetry)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
requests	2.32.3	2.32.5	patch	Direct	4 MODERATE
pytest	8.3.4	8.3.5	patch	Direct	2 MODERATE
pre-commit	4.0.1	4.5.1	minor	Direct	-
coverage	7.6.10	7.6.12	patch	Direct	-
poetry-core	1.0.0	1.0.8	patch	Direct	-
pytest-mock	3.14.0	3.14.1	patch	Direct	-

Packages marked with "-" are updated due to dependency constraints.

---

Security Details

ℹ️ Other Vulnerabilities (6)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
pytest	GHSA-6w46-j5rx-g56g	MODERATE	pytest has vulnerable tmpdir handling	8.3.4	9.0.3
pytest	CVE-2025-71176	MODERATE	-	8.3.4	-
requests	GHSA-gc5v-m9x4-r6x2	MODERATE	Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function	2.32.3	2.33.0
requests	CVE-2026-25645	MODERATE	Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function	2.32.3	-
requests	GHSA-9hjg-9r4m-mvj7	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.32.3	2.32.4
requests	CVE-2024-47081	MODERATE	Requests vulnerable to .netrc credentials leak via malicious URLs	2.32.3	-

⚠️ Dependencies that have Reached EOL (2)

Dependency	Unsafe Version	EOL Date	New Version	Path
poetry-core	1.0.0	Sep 30, 2025	1.0.8	pyproject.toml
requests	2.32.3	-	2.32.5	pyproject.toml

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System