From 4bbee73492bf329aec1c79e608ec3281ed3cb275 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 30 Apr 2026 08:58:09 +0000 Subject: [PATCH] Bump urllib3 to >=2.6.3 to patch CVE-2026-21441 --- poetry.lock | 16 ++++++++-------- pyproject.toml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/poetry.lock b/poetry.lock index 09ccd07..6a514e4 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.2.0 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.3.3 and should not be changed by hand. [[package]] name = "annotated-types" @@ -164,7 +164,7 @@ files = [ [package.dependencies] python-dateutil = "*" pytz = "*" -regex = "<2019.02.19 || >2019.02.19,<2021.8.27 || >2021.8.27" +regex = "<2019.2.19 || >2019.2.19,<2021.8.27 || >2021.8.27" tzlocal = "*" [package.extras] @@ -586,10 +586,10 @@ files = [ ] [package.dependencies] -botocore = ">=1.37.4,<2.0a.0" +botocore = ">=1.37.4,<2.0a0" [package.extras] -crt = ["botocore[crt] (>=1.37.4,<2.0a.0)"] +crt = ["botocore[crt] (>=1.37.4,<2.0a0)"] [[package]] name = "six" @@ -663,14 +663,14 @@ devenv = ["black", "check-manifest", "flake8", "pyroma", "pytest (>=4.3)", "pyte [[package]] name = "urllib3" -version = "2.6.2" +version = "2.6.3" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "urllib3-2.6.2-py3-none-any.whl", hash = "sha256:ec21cddfe7724fc7cb4ba4bea7aa8e2ef36f607a4bab81aa6ce42a13dc3f03dd"}, - {file = "urllib3-2.6.2.tar.gz", hash = "sha256:016f9c98bb7e98085cb2b4b17b87d2c702975664e4f060c6532e64d1c1a5e797"}, + {file = "urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"}, + {file = "urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed"}, ] [package.extras] @@ -702,4 +702,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.1" python-versions = ">=3.10,<4.0" -content-hash = "7a3add36ed5413b12aa3a2092ba18f8de3383a003f6663a5634beba1b2d6965a" +content-hash = "d0e3f9774a9d7fbaa2e7accbf10055f2ffd86346a73ba6a6295ec31b2bde6322" diff --git a/pyproject.toml b/pyproject.toml index d1fc91e..c9058dd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ description = "A Python Prometheus client for all Prometheus instances." [tool.poetry.dependencies] python = ">=3.10,<4.0" -urllib3 = ">=2.6.0,<3.0.0" # pinned to patch urllib3 cves +urllib3 = ">=2.6.3,<3.0.0" # pinned to patch urllib3 cves botocore = "^1.38" boto3 = "^1.38" pydantic = ">=1.8.1,<3"