Skip to content

fix(security): bump urllib3 floor to >=2.7.0 (GHSA-qccp-gfcp-xxvc, GHSA-mf9v-mfxr-j63j)#57

Merged
andriy-sudo merged 1 commit into
mainfrom
andriy/inf-urllib3-tf-playwright-stealth
Jun 26, 2026
Merged

fix(security): bump urllib3 floor to >=2.7.0 (GHSA-qccp-gfcp-xxvc, GHSA-mf9v-mfxr-j63j)#57
andriy-sudo merged 1 commit into
mainfrom
andriy/inf-urllib3-tf-playwright-stealth

Conversation

@andriy-sudo

Copy link
Copy Markdown
Contributor

Vulnerability Fix

Package Old New Advisory CVSS
urllib3 2.6.3 2.7.0 GHSA-qccp-gfcp-xxvc 8.1
urllib3 2.6.3 2.7.0 GHSA-mf9v-mfxr-j63j 6.5

Fix

urllib3 is a direct dependency in pyproject.toml. Floor bumped from >=2.5.0 to >=2.7.0. poetry.lock regenerated — urllib3 now resolves to 2.7.0.

Changelog impact summary
Package Old New Classification Key changes
urllib3 2.6.3 2.7.0 Patch/security GHSA-qccp-gfcp-xxvc (SSRF via malformed netloc), GHSA-mf9v-mfxr-j63j (proxy header injection); no API changes

…SA-mf9v-mfxr-j63j)

- urllib3 2.6.3 → 2.7.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@andriy-sudo andriy-sudo requested a review from paveldudka June 26, 2026 13:43
@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e6f5e59c-9e1e-49bf-8240-9dfc615bdfff

📥 Commits

Reviewing files that changed from the base of the PR and between deee296 and c5609c8.

⛔ Files ignored due to path filters (1)
  • poetry.lock is excluded by !**/*.lock
📒 Files selected for processing (1)
  • pyproject.toml

📝 Walkthrough

Walkthrough

pyproject.toml updates the urllib3 dependency constraint from >=2.5.0 to >=2.7.0.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: raising the urllib3 minimum version for security fixes.
Description check ✅ Passed The description accurately explains the urllib3 dependency bump and the security advisories it addresses.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch andriy/inf-urllib3-tf-playwright-stealth

Comment @coderabbitai help to get the list of available commands.

@andriy-sudo andriy-sudo merged commit 0ba5643 into main Jun 26, 2026
6 checks passed
@andriy-sudo andriy-sudo deleted the andriy/inf-urllib3-tf-playwright-stealth branch June 26, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants