Bump urllib3 from 1.26.18 to 2.7.0#4
Conversation
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 2.7.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.18...2.7.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b1eeb29. Configure here.
| Unidecode==1.3.6 | ||
| uritemplate==4.1.1 | ||
| urllib3==1.26.18 | ||
| urllib3==2.7.0 |
There was a problem hiding this comment.
urllib3 2.7.0 requires Python 3.10 but project supports 3.8+
High Severity
urllib3==2.7.0 requires Python 3.10 or later, but the project's setup.cfg declares python_requires = >=3.8,<3.11, meaning it claims to support Python 3.8 and 3.9. Installing this pinned requirements file on Python 3.8 or 3.9 will fail because pip will refuse to install a package whose Requires-Python metadata doesn't match the running interpreter. This effectively breaks the project for two of its three supported Python versions.
Reviewed by Cursor Bugbot for commit b1eeb29. Configure here.
| Unidecode==1.3.6 | ||
| uritemplate==4.1.1 | ||
| urllib3==1.26.18 | ||
| urllib3==2.7.0 |
There was a problem hiding this comment.
Stale types-urllib3 stubs conflict with urllib3 2.x
Medium Severity
types-urllib3==1.26.25.14 provides type stubs for the urllib3 1.x API, but urllib3==2.7.0 ships its own inline type annotations. Having both installed causes type-checking conflicts — the old stubs shadow the correct built-in types. The types-urllib3 PyPI page explicitly warns to uninstall it when using urllib3 2.0+. This package needs to be removed now that urllib3 is at 2.7.0.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit b1eeb29. Configure here.


Bumps urllib3 from 1.26.18 to 2.7.0.
Release notes
Sourced from urllib3's releases.
... (truncated)
Changelog
Sourced from urllib3's changelog.
... (truncated)
Commits
9a950b9Release 2.7.05ec0de4Merge commit from fork2bdcc44Merge commit from forkf45b0dfFix a misleading example forProxyManager(#4970)577193cSwitch to nightly PyPy3.11 in CI for now (#4984)e90af45Avoid infinite loop inHTTPResponse.read_chunkedwhenamt=0(#4974)67ed74fBump dev dependencies (#4972)3abd481Upgrade mypy to version 1.20.2 (#4978)2b8725dDrop support for EOL PyPy3.10 (#4979)2944b2aUpgradesetup-chromeandsetup-firefoxto fix warnings (#4973)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Dependency-only change, but it’s a major-version upgrade of
urllib3and could introduce HTTP/TLS/connection behavior changes at runtime despite being low-touch in code.Overview
Updates the pinned Python dependency
urllib3inrequirements.txtfrom1.26.18to2.7.0.Reviewed by Cursor Bugbot for commit b1eeb29. Bugbot is set up for automated code reviews on this repo. Configure here.