Skip to content

Commit eecbbe3

Browse files
committed
fix: correct urllib3 version requirement to >=2.6.0
- urllib3 2.6.0 fixes CVE-2025-66471 and CVE-2025-66418 - Version 2.6.3 does not exist yet, latest is 2.6.2 - All 6 high-severity CVEs are resolved with urllib3 >= 2.6.0
1 parent 38b8bae commit eecbbe3

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ dependencies = [
4848
"sqlalchemy>=2.0.0",
4949
"dynaconf>=3.2.0",
5050
"structlog>=23.1.0",
51-
"urllib3>=2.6.3", # Security: Fix CVE vulnerabilities
51+
"urllib3>=2.6.0", # Security: Fix CVE-2025-66471 and CVE-2025-66418
5252
"opentelemetry-api>=1.20.0",
5353
"opentelemetry-sdk>=1.20.0",
5454
"psutil>=5.9.0",

0 commit comments

Comments
 (0)