Skip to content

Bump urllib3 minimum version to >2.6.2#19

Merged
moshemorad merged 2 commits intomainfrom
claude/fix-urllib3-cve-yN2aC
Apr 30, 2026
Merged

Bump urllib3 minimum version to >2.6.2#19
moshemorad merged 2 commits intomainfrom
claude/fix-urllib3-cve-yN2aC

Conversation

@naomi-robusta
Copy link
Copy Markdown
Contributor

@naomi-robusta naomi-robusta commented Apr 30, 2026

Summary

Updated the urllib3 dependency constraint to require version greater than 2.6.2, up from the previous >2.6.0 requirement.

Changes

  • Updated urllib3 version constraint in pyproject.toml from ">2.6.0" to ">2.6.2"

Details

This change ensures the project uses a more recent minimum version of urllib3, likely to include bug fixes or security improvements available in versions 2.6.1 and 2.6.2.

https://claude.ai/code/session_01Skb1JqMdUYMUdCyv1QAAe4

claude added 2 commits April 30, 2026 08:57
@claude
fix: bump urllib3 minimum to 2.6.3 for CVE-2026-21441
95cee26 
Tighten the urllib3 constraint from >2.6.0 to >2.6.2 so the resolver
picks 2.6.3+, which patches CVE-2026-21441 (vulnerable range
>=1.22, <2.6.3).
@claude
chore: use >=2.6.3 for urllib3 constraint
29184ac 
Switch the operator from > 2.6.2 to >= 2.6.3 to express the CVE-2026-21441
fix version directly.
@moshemorad moshemorad merged commit d11c630 into main Apr 30, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moshemorad moshemorad moshemorad approved these changes

@Avi-Robusta Avi-Robusta Awaiting requested review from Avi-Robusta

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@naomi-robusta @moshemorad @claude