Skip to content

fix: Update urllib3 to address CVE-2025-66418 and CVE-2025-66471 #186

Description

@jeff-schnitter

Summary

The current urllib3 dependency (>= 2.2.2) allows installation of vulnerable versions. Two CVEs affect urllib3 versions prior to 2.6.0:

Impact

PR builds are failing security checks due to these vulnerabilities.

Solution

Update the urllib3 version constraint in pyproject.toml from >= 2.2.2 to >= 2.6.0.

Affected PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions