Skip to content

Bump urllib3 2.6.3 -> 2.7.0#16

Open
mogwai wants to merge 1 commit into
mainfrom
bump-urllib3-2.7.0
Open

Bump urllib3 2.6.3 -> 2.7.0#16
mogwai wants to merge 1 commit into
mainfrom
bump-urllib3-2.7.0

Conversation

@mogwai

@mogwai mogwai commented May 17, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Bumps urllib3 from 2.6.3 to 2.7.0 in uv.lock (transitive dep via requests)
  • Resolves Dependabot alerts #39 and #40

Alerts addressed

  • #39 — urllib3: Sensitive headers forwarded across origins in proxied low-level redirects (High)
  • #40 — urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API (High)

Resolves Dependabot alerts #39 (sensitive headers forwarded across
origins in proxied low-level redirects) and #40 (decompression-bomb
safeguards bypassed in parts of the streaming API).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant