Skip to content

Update lockfile for urllib3 and pip security fixes#2271

Open
arpitjain099 wants to merge 1 commit into
GSA:mainfrom
arpitjain099:security/deps-urllib3-pip-2026-05
Open

Update lockfile for urllib3 and pip security fixes#2271
arpitjain099 wants to merge 1 commit into
GSA:mainfrom
arpitjain099:security/deps-urllib3-pip-2026-05

Conversation

@arpitjain099

Copy link
Copy Markdown

Summary

  • Update poetry.lock to bump urllib3 from 2.6.3 to 2.7.0.
  • Update dev dependency resolution for pip from 26.0 to 26.1.1.
  • Align lockfile with currently published patched versions for active Dependabot advisories.

Why

These versions are direct lockfile-level remediations for open dependency advisories on the fork and reduce security exposure without changing application code paths.

Validation

  • poetry check

@arpitjain099 arpitjain099 force-pushed the security/deps-urllib3-pip-2026-05 branch from 5d811a2 to b5c61c8 Compare May 13, 2026 17:14
@arpitjain099

Copy link
Copy Markdown
Author

Hello, Bumping this in case it slipped past. Glad to rebase or split if that helps. Appreciated.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@arpitjain099 arpitjain099 force-pushed the security/deps-urllib3-pip-2026-05 branch from b5c61c8 to 91658ea Compare June 10, 2026 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant