Skip to content

LCORE-1080: Bump-up urllib3 to version 2.6.2 #926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tisnik merged 1 commit into from
Dec 16, 2025
Merged

LCORE-1080: Bump-up urllib3 to version 2.6.2 #926

tisnik merged 1 commit into from
Dec 16, 2025

Conversation

@tisnik
Copy link
Contributor

@tisnik tisnik commented Dec 16, 2025
edited by coderabbitai bot
Loading

Description

Bump-up urllib3 to version 2.6.2

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: N/A
  • Generated by: N/A

Related Tickets & Documents

  • Related Issue #LCORE-1080

Summary by CodeRabbit

  • Chores
    • Updated urllib3 dependency to version 2.6.2.
    • Updated package integrity metadata to match the new dependency release.
    • No functional, behavioral, or public API changes; existing features remain unaffected.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 16, 2025
edited
Loading

Walkthrough

urllib3 is bumped from 2.6.1 to 2.6.2 in pyproject.toml and both architecture-specific requirements files, with their associated checksum/hash entries updated. No code, API, or exported-entity changes were made.

Changes

Cohort / File(s) Summary
Dependency updates
pyproject.toml, requirements.aarch64.txt, requirements.x86_64.txt		 urllib3 version changed from 2.6.1 → 2.6.2; corresponding sha256 hash entries updated in both requirements files. No other functional or structural changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Simple, consistent dependency/version and hash updates across three files.

Possibly related PRs

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title clearly and specifically describes the main change: bumping urllib3 from 2.6.1 to 2.6.2, which aligns with all file modifications (requirements.aarch64.txt, requirements.x86_64.txt, and pyproject.toml).
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 792ccf9 and 0681546.

⛔ Files ignored due to path filters (1)
  • uv.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • pyproject.toml (1 hunks)
  • requirements.aarch64.txt (1 hunks)
  • requirements.x86_64.txt (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • requirements.x86_64.txt
  • requirements.aarch64.txt
🧰 Additional context used
📓 Path-based instructions (1)
pyproject.toml

📄 CodeRabbit inference engine (CLAUDE.md)

pyproject.toml: Configure pylint with source-roots = "src"
Exclude src/auth/k8s.py from pyright type checking

Files:

  • pyproject.toml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
  • GitHub Check: build-pr
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
  • GitHub Check: E2E: server mode / azure
  • GitHub Check: E2E: library mode / azure
  • GitHub Check: E2E: library mode / ci
  • GitHub Check: E2E: server mode / vertexai
  • GitHub Check: E2E: library mode / vertexai
  • GitHub Check: E2E: server mode / ci
🔇 Additional comments (1)
pyproject.toml (1)

55-55: urllib3 2.6.2 is valid and secure.

urllib3 2.6.2 exists on PyPI and was released December 11, 2025. The patch version bump includes minor bug fixes such as correcting HTTP version debug logs, removing Python 3.8 support, adding Python 3.13 support, fixing chunked request body encoding, and addressing ResourceWarning and compatibility issues. No breaking changes are introduced between 2.6.1 and 2.6.2, and no known security vulnerabilities affect either version.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@tisnik tisnik force-pushed the bump-up-urllib3-to-2.6.2 branch from 792ccf9 to 0681546 Compare December 16, 2025 15:20
@tisnik tisnik merged commit 1cc0e55 into lightspeed-core:main Dec 16, 2025
19 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tisnik