Bump urllib3 from 2.5.0 to 2.6.0 in /docs#392
Conversation
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.5.0...2.6.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| name = "urllib3" | ||
| version = "2.5.0" | ||
| version = "2.6.0" | ||
| description = "HTTP library with thread-safe connection pooling, file post, and more." |
There was a problem hiding this comment.
docs/poetry.lock now pins urllib3 2.6.0 (lines 1054-1056), but docs/uv.lock still pins 2.5.0; scripts/update-locks.sh runs uv sync in the docs directory, so anyone following that workflow continues to install the vulnerable 2.5.0 despite this bump. Please refresh docs/uv.lock so the uv-managed docs environment also picks up 2.6.0.
Useful? React with 👍 / 👎.
1 participant
Bumps urllib3 from 2.5.0 to 2.6.0.
Release notes
Sourced from urllib3's releases.
Changelog
Sourced from urllib3's changelog.
... (truncated)
Commits
720f484Release 2.6.024d7b67Merge commit from forkc19571dMerge commit from fork816fcf0Bump actions/setup-python from 6.0.0 to 6.1.0 (#3725)18af0a1Improve speed ofBytesQueueBuffer.get()by using memoryview (#3711)1f6abacBump versions of pre-commit hooks (#3716)1c8fbf7Bump actions/checkout from 5.0.0 to 6.0.0 (#3722)7784b9eAdd Python 3.15 to CI (#3717)0241c9eUpdated docs to reflect change in optional zstd dependency fromzstandardt...7afcabbExpand environment variable of SSLKEYLOGFILE (#3705)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.