diff --git a/CHANGELOG.md b/CHANGELOG.md index 590d88d..4503453 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ This project uses [Semantic Versioning 2.0.0](http://semver.org/), the format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + +### Security + +- Raised the minimum `urllib3` version to `>=2.7.0` to address CVE-2026-44431 and CVE-2026-44432. +- Raised the minimum `idna` version to `>=3.15` to address CVE-2026-45409. + ## 8.0.0 - 2026-05-05 ### Changed diff --git a/pyproject.toml b/pyproject.toml index ded1149..3cd3af9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -19,6 +19,9 @@ classifiers = [ python = "^3.12" requests = "^2.28.2" omitempty = "^0.1.1" +# Minimum versions for transitive dependencies for security +urllib3 = ">=2.7.0" +idna = ">=3.15" [tool.poetry.group.test.dependencies] responses = ">=0.23.1,<0.27.0"