Skip to content

Commit 38468e1

Browse files
security: bump urllib3 to >=2.7.0
Mitigate decompression-bomb safeguard bypass in urllib3 2.6.x streaming API. Add constraint so future lockfiles cannot regress below 2.7.0. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent d9bbfc8 commit 38468e1

2 files changed

Lines changed: 7 additions & 3 deletions

File tree

pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ mongo = ["beanie>=1.30.0,<2", "motor>=3.7.1,<4"]
3939

4040
[tool.uv]
4141
default-groups = ["mongo"]
42+
constraint-dependencies = ["urllib3>=2.7.0"]
4243

4344
[tool.ruff]
4445
line-length = 120

uv.lock

Lines changed: 6 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)