Merge pull request #99 from SumoLogic/fix/SUMO-281751-vulnerability-fix

piyushgupta-sumo · web-flow · commit 2f8716e4a2b6 · 2026-05-18T17:07:39.000+05:30
Fix/sumo 281751 vulnerability fix
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,10 +13,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Python 3.12
+      - name: Set up Python 3.14
         uses: actions/setup-python@v5
         with:
-          python-version: 3.12
+          python-version: "3.14"
 
       - name: Install pipenv
         run: pip install pipenv
diff --git a/.github/workflows/runtest.yml b/.github/workflows/runtest.yml
@@ -9,10 +9,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Python 3.12
+      - name: Set up Python 3.14
         uses: actions/setup-python@v5
         with:
-          python-version: 3.12
+          python-version: "3.14"
 
       - name: Install pipenv and mypy
         run: pip install pipenv mypy
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,10 +8,11 @@ repos:
        entry: bandit
        language: python
        types: [python]
--   repo: https://github.com/ambv/black
-    rev: 19.3b0
+-   repo: https://github.com/psf/black
+    rev: 26.3.1
     hooks:
     -   id: black
+        args: [--no-cache]
 -   repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v2.2.1
     hooks:
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,21 @@
 # CHANGELOG for sumologic-python-sdk
 This project adheres to [Semantic Versioning](http://semver.org/). The CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
 
+## [0.2.0] - 2026-05-18
+### Security
+- Upgraded `certifi` to `>=2026.4.22` to remove the revoked GLOBALTRUST root certificate
+- Upgraded `setuptools` to `>=78.1.1` to fix Command Injection via package URL (CVE-2024-6345) and path traversal in `PackageIndex.download` leading to Arbitrary File Write
+- Upgraded `urllib3` to `>=2.6.3` to fix unbounded decompression chain vulnerability
+- Upgraded `requests` to `>=2.33.1` to fix decompression-bomb safeguards being bypassed when following HTTP redirects
+- Upgraded `virtualenv` to `>=21.3.0` to fix command injection through activation scripts
+- Upgraded `filelock` to `>=3.29.0` to fix TOCTOU race condition allowing symlink attacks during lock file creation
+- Upgraded `zipp` to `>=3.19.1` to fix Denial of Service vulnerability
+- Upgraded `pygments` to `>=2.20.0` to fix ReDoS vulnerability
+- Updated `black` in pre-commit hooks to fix arbitrary file writes from unsanitized user input in cache file name
+
+### Breaking Changes
+- Dependency upgrades in this release add Python 3.14 support and drop support for older Python versions (3.8 and 3.9) that were previously supported. Treat the Python version support change as a breaking change when upgrading
+
 ## [0.1.16]
 ### Fixed
 - Fixed Retry logic and bug related to headers to make it compatible with newer python versions
diff --git a/Pipfile b/Pipfile
@@ -4,22 +4,29 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [dev-packages]
+virtualenv = ">=21.3.0"
+setuptools = ">=78.1.1"
+filelock = ">=3.29.0"
+zipp = ">=3.19.1"
+pygments = ">=2.20.0"
+certifi = ">=2026.4.22"
+pyupgrade = "*"
 bandit = "*"   # https://github.com/PyCQA/bandit
 better_exceptions = "*"
 black = "*"
-pipenv = {path = ".", editable = true, extras = ["test"]}
+sumologic-sdk = {path = ".", editable = true}
 flake8 = "*"
 pre-commit = "*"  # https://ljvmiranda921.github.io/notebook/2018/06/21/precommits-using-black-and-flake8/
-pytest = "*"
+pytest = ">=9.0.3"
 requests = "*"
 twine = "*"
 build = "*"
 
 [packages]
-requests = "*"
+requests = ">=2.33.1"
 
 [requires]
-python_version = "3.12"
+python_version = "3.14"
 
 [pipenv]
 allow_prereleases = true
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.17
+0.2.0
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,13 +1,13 @@
 [project]
 name = "sumologic-sdk"
-requires-python = ">=3.8"
+requires-python = ">=3.10"
 classifiers = [
     "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.8",
-    "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Operating System :: OS Independent",
 ]
 authors = [
@@ -29,5 +29,5 @@ Issues = "https://github.com/SumoLogic/sumologic-python-sdk/issues"
 Changelog = "https://github.com/SumoLogic/sumologic-python-sdk/blob/master/CHANGELOG.md"
 
 [build-system]
-requires = ["setuptools>=61.0"]
+requires = ["setuptools>=78.1.1"]
 build-backend = "setuptools.build_meta"
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,7 @@
-requests>=2.32.0
+requests>=2.33.1
+certifi>=2026.4.22
+urllib3>=2.6.3
+pytest>=9.0.3
+filelock>=3.29.0
+virtualenv>=21.3.0
+pygments>=2.20.0
diff --git a/sumologic/sumologic.py b/sumologic/sumologic.py
@@ -1,4 +1,5 @@
 import json
+
 import requests
 import os
 import sys
@@ -274,7 +275,7 @@ def sync_folder(self, folder_id, content):
         return self.post('/content/folders/%s/synchronize' % folder_id, params=content, version='v2')
 
     def check_sync_folder(self, folder_id, job_id):
-        return self.get('/content/folders/%s/synchronize/%s/status' % (folder_id, job_id), version='v2')
+        return self.get('/content/folders/{}/synchronize/{}/status'.format(folder_id, job_id), version='v2')
 
     def delete_folder(self, folder_id, isAdmin=False):
         headers = {'isAdminMode': 'true'} if isAdmin else {}
@@ -319,11 +320,11 @@ def get_global_folder(self):
 
     def import_content(self, folder_id, content, is_overwrite="false", isAdmin=False):
         headers = {'isAdminMode': 'true'} if isAdmin else {}
-        return self.post('/content/folders/%s/import?overwrite=%s' % (folder_id, is_overwrite), headers=headers, params=content,
+        return self.post('/content/folders/{}/import?overwrite={}'.format(folder_id, is_overwrite), headers=headers, params=content,
                          version='v2')
 
     def check_import_status(self, folder_id, job_id):
-        return self.get('/content/folders/%s/import/%s/status' % (folder_id, job_id), version='v2')
+        return self.get('/content/folders/{}/import/{}/status'.format(folder_id, job_id), version='v2')
 
     def get_folder(self, folder_id, isAdmin=False):
         headers = {'isAdminMode': 'true'} if isAdmin else {}
@@ -335,22 +336,22 @@ def update_folder(self, folder_id, isAdmin=False):
 
     def copy_folder(self, folder_id, destination_folder_id, isAdmin=False):
         headers = {'isAdminMode': 'true'} if isAdmin else {}
-        return self.post('/content/%s/copy?destinationFolder=%s' % (folder_id, destination_folder_id), headers=headers, params={}, version='v2')
+        return self.post('/content/{}/copy?destinationFolder={}'.format(folder_id, destination_folder_id), headers=headers, params={}, version='v2')
 
     def export_content(self, content_id):
         return self.post('/content/%s/export' % content_id, params="", version='v2')
 
     def check_export_status(self, content_id, job_id):
-        return self.get('/content/%s/export/%s/status' % (content_id, job_id), version='v2')
+        return self.get('/content/{}/export/{}/status'.format(content_id, job_id), version='v2')
 
     def get_export_content_result(self, content_id, job_id):
-        return self.get('/content/%s/export/%s/result' % (content_id, job_id), version='v2')
+        return self.get('/content/{}/export/{}/result'.format(content_id, job_id), version='v2')
 
     def delete_content(self, content_id):
         return self.delete('/content/%s/delete' % content_id, version='v2')
 
     def check_delete_status(self, content_id, job_id):
-        return self.get('/content/%s/delete/%s/status' % (content_id, job_id), version='v2')
+        return self.get('/content/{}/delete/{}/status'.format(content_id, job_id), version='v2')
 
     def get_content(self, path):
         return self.get('/content/path?path=%s' % path, version='v2')
@@ -359,14 +360,14 @@ def get_content_path(self, content_id):
         return self.get('/content/%s/path' % content_id, version='v2')
 
     def copy_content(self, content_id, destination_folder):
-        return self.post('/content/%s/copy?destinationFolder=%s' % (content_id, destination_folder), params=None,
+        return self.post('/content/{}/copy?destinationFolder={}'.format(content_id, destination_folder), params=None,
                          version='v2')
 
     def check_copy_status(self, content_id, job_id):
-        return self.get('/content/%s/copy/%s/status' % (content_id, job_id), version='v2')
+        return self.get('/content/{}/copy/{}/status'.format(content_id, job_id), version='v2')
 
     def move_content(self, content_id, destination_folder):
-        return self.post('/content/%s/move?destinationFolderId=%s' % (content_id, destination_folder), params=None,
+        return self.post('/content/{}/move?destinationFolderId={}'.format(content_id, destination_folder), params=None,
                          version='v2')
 
     def get_content_item_by_path(self, path):
