You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR bumps urllib3 minimum version to 2.6.0 in packaging because of a vulnerability in 2.5.0. It also includes an updated requirements.txtand lock file for dependencies in dev/CI.
flowchart LR
A["urllib3 2.5.0"] -->|security vulnerability| B["urllib3 2.6.0"]
C["pyproject.toml"] -->|version update| B
D["requirements.txt"] -->|version update| B
E["requirements_lock.txt"] -->|hash update| B
Loading
File Walkthrough
Relevant files
Dependencies
pyproject.toml
Update urllib3 minimum version constraint
py/pyproject.toml
Updated urllib3 minimum version constraint from 2.5.0 to 2.6.0
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: No runtime code: The PR only updates dependency versions and does not add or modify runtime code where audit logging could be implemented, so compliance cannot be assessed from the diff.
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: No error paths: The changes are limited to dependency pinning with no new executable logic, so error handling and edge cases cannot be evaluated from the diff.
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: No input handling: Only dependency versions and hashes were updated with no new input surfaces or data handling logic, so validation and security handling cannot be assessed from the diff.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
💥 What does this PR do?
This PR bumps urllib3 minimum version to 2.6.0 in packaging because of a vulnerability in 2.5.0. It also includes an updated
requirements.txtand lock file for dependencies in dev/CI.https://github.com/SeleniumHQ/selenium/security/dependabot/226
https://github.com/SeleniumHQ/selenium/security/dependabot/224
🔄 Types of changes
PR Type
Enhancement
Description
Bump urllib3 minimum version to 2.6.0
Addresses security vulnerability in urllib3 2.5.0
Updates lock file with new urllib3 hashes
Diagram Walkthrough
File Walkthrough
pyproject.toml
Update urllib3 minimum version constraintpy/pyproject.toml
requirements.txt
Pin urllib3 to 2.6.0 versionpy/requirements.txt
requirements_lock.txt
Update urllib3 lock file with new hashespy/requirements_lock.txt