Summary
The current urllib3 dependency (>= 2.2.2) allows installation of vulnerable versions. Two CVEs affect urllib3 versions prior to 2.6.0:
Impact
PR builds are failing security checks due to these vulnerabilities.
Solution
Update the urllib3 version constraint in pyproject.toml from >= 2.2.2 to >= 2.6.0.
Affected PRs
Summary
The current urllib3 dependency (
>= 2.2.2) allows installation of vulnerable versions. Two CVEs affect urllib3 versions prior to 2.6.0:Impact
PR builds are failing security checks due to these vulnerabilities.
Solution
Update the urllib3 version constraint in
pyproject.tomlfrom>= 2.2.2to>= 2.6.0.Affected PRs