Fix: Pin urllib3<2 to resolve IPv6 Zone ID ValueError

[amritamishra01]

Summary
This PR restricts the urllib3 dependency to versions <2 to resolve a regression in IPv6 Zone ID parsing. urllib3 v2.0 introduced stricter URL validation that causes requests to raise a ValueError when processing link-local IPv6 addresses with Zone IDs (e.g., fe80::...%eth0).
The Problem
When using urllib3 v2.x (default in recent installs), passing an IPv6 address with a Zone ID results in a ValueError during the validation phase, preventing the request from reaching the socket layer.
Reproduction:
import requests

Raises ValueError on urllib3 v2.x

requests.get('http://[fe80::be0f:a7ff:fe00:2929%25eth0]/')
Error:
ValueError: 'fe80::be0f:a7ff:fe00:2929' does not appear to be an IPv4 or IPv6 address
The Solution
Updated setup.py to pin urllib3>=1.21.1,<2. This reverts to the stable v1.26.x behavior, which is permissive of Zone IDs and correctly passes them to the underlying OS socket.

Verification
Reproduction Script: Confirmed that the ValueError is no longer raised and the request attempts a network connection.
Test Suite: Ran pytest tests locally.
Result: 595 passed, 15 skipped (No regressions found).
Related Issues
Fixes #6808 (Double-digit link-local IPv6 zone id raises ValueError)

[telefoontoestel]

Would it not be possible to fix the cause of the issue instead? The package is already vulnerable for CVE-2025-66471 which has been classified as a High with a rating of 8.9. Merging this would block a significant amount of releases that require vulnerabilities to be resolved.

[sigmavirus24]

You should pin this in your own dependency list, not here. We will not be merging this