FOLIO-4417: Bump urllib3 from 1.26.* to 2.6.1 fixing vulns#359

Open

julianladisch wants to merge 2 commits intomasterfrom

Contributor

julianladisch commented Dec 10, 2025

https://folio-org.atlassian.net/browse/FOLIO-4417

Bump the urllib3 version from 1.26.* to 2.6.1 in

folio-tools/vufind-indexer/requirements.txt

Line 6 in 522e161

urllib3==1.26.5
folio-tools/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt

Line 17 in 522e161

urllib3==1.26.8
folio-tools/kubernetes-utilities/md2kubeyaml/requirements.txt

Line 8 in 522e161

urllib3==1.26.5

urllib3 < 2.6.0 has these security vulnerabilities that are fixed in 2.6.1:


          FOLIO-4417: Bump urllib3 from 1.26.* to 2.6.1 fixing vulns

493ca29

Bump the urllib3 version from 1.26.* to 2.6.1 in

* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/vufind-indexer/requirements.txt#L6
* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt#L17
* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/kubernetes-utilities/md2kubeyaml/requirements.txt#L8

urllib3 < 2.6.0 has these security vulnerabilities that are fixed in 2.6.1:

* CVE-2025-66471 GHSA-2xpw-w6gg-jr37
* CVE-2025-66418 GHSA-gm62-xv2j-4w53

julianladisch requested review from ihardy and zburke

December 10, 2025 17:49


          Merge branch 'master' into FOLIO-4417

2b34dcd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet