CVE-2021-41945 (https://github.com/encode/httpx/discussions/1831): https://github.com/encode/httpx/issues/2184 Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. CVE description is inaccurate/misleading as usual. Fix is here: https://github.com/encode/httpx/commit/e9b0c85dd4f4e4469c57c4b38e5101fd12081b5c
Tree is clean. Upstream issue says this might lead to a "blacklist bypass", which would seem to be very low impact in an HTTP client. No GLSA, all done!