Outdated certifi and urllib3 in Inkscape 1.4.2 for macOS triggers security scan alerts

Security scanning tools at US employer flagged outdated Python packages bundled in Inkscape 1.4.2 for macOS, installed on 2025-05-08.

Flagged paths:

• /Applications/Inkscape.app/Contents/Resources/lib/python3.10/site-packages/certifi-2022.12.7.dist-info
• /Applications/Inkscape.app/Contents/Resources/lib/python3.10/site-packages/urllib3-1.26.15.dist-info

Vulnerability status:

• certifi 2022.12.7 is vulnerable, fixed in certifi 2024.07.04 (e.g. CVE-2024-39689)
• urllib3 1.26.15 is vulnerable, fixed in urllib3 1.26.19 (e.g. CVE-2024-37891)

This may affect security posture even if these libraries are not actively used, since they’re present in the application bundle.

Inkscape version: 1.4.2
Platform: macOS
Installation date: 2025-05-08
Python environment: Python 3.10 bundled in Inkscape.app

Expected behavior:
Third-party Python packages should be updated to fixed versions if shipped, or excluded if unused.

Context:
These detections occurred as part of routine endpoint security compliance. Apologies if these issues have already been reported or this isn't the right way to report: I couldn't find a palliative update or existing issue, but this is my first time reporting on gitlab :-/