Skip to content

Upgrade urllib3 to 2.6.0 to resolve CVE-2025-66471 CVE-2025-66418 #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cigamit merged 1 commit into from
Dec 8, 2025
Merged

Upgrade urllib3 to 2.6.0 to resolve CVE-2025-66471 CVE-2025-66418 #195

cigamit merged 1 commit into from
Dec 8, 2025

Conversation

@cigamit
Copy link
Contributor

@cigamit cigamit commented Dec 7, 2025

No description provided.

@cigamit cigamit requested a review from TheWitness December 7, 2025 18:54
@cigamit cigamit self-assigned this Dec 7, 2025
@cigamit cigamit added the SECURITY A security related issue like a CVE specifically label Dec 7, 2025
Copilot AI review requested due to automatic review settings December 7, 2025 18:54
Copilot AI reviewed Dec 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR attempts to upgrade urllib3 from version 2.5.0 to 2.6.0 to address two security vulnerabilities (CVE-2025-66471 and CVE-2025-66418). However, there are critical concerns about the validity of both the version number and the CVE identifiers that must be verified before merging.

Key Changes:

  • Updated urllib3 minimum version from >=2.5.0 to >=2.6.0 in requirements.in
  • Updated urllib3 pinned version from 2.5.0 to 2.6.0 in requirements.txt
  • Updated CVE references in the inline comment

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
requirements/requirements.in Updated urllib3 minimum version constraint and CVE references
requirements/requirements.txt Updated urllib3 pinned version (auto-generated from requirements.in)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cigamit cigamit merged commit 187f404 into main Dec 8, 2025
6 checks passed
@cigamit cigamit deleted the urllib3-260 branch December 8, 2025 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@TheWitness TheWitness TheWitness approved these changes

Assignees

@cigamit cigamit

Labels

SECURITY A security related issue like a CVE specifically

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cigamit @TheWitness