Upgrade urllib3 to fix 2 Dependabot alerts

[jsjiang]

Upgrade urllib3 to fix 2 Dependabot alerts in poetry.lock

• Upgrade urllib3 to version 2.6.0 or later.
• Severity: High 8.9/ 10

[jsjiang]

Ref: How to upgrade Django and other Python packages

[jsjiang]

• Created branch 968_upgrade_urllib3_for_security_alerts
• upgraded urllib3 to 2.6.0
• created tag v3.3.21_rc0 for testing

poetry add urllib3@2.6.0
poetry update
poetry check --lock

git status
On branch 968_upgrade_urllib3_for_security_alerts
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   poetry.lock
        modified:   pyproject.toml

[jsjiang]

From Copilot code review:

The urllib3 dependency uses an exact version pin (2.6.0) instead of a version constraint with caret (^) like all other dependencies in this file. This means the project will not receive patch or minor updates automatically. Consider using "^2.6.0" to allow compatible updates, which is consistent with the versioning pattern used for all other dependencies in this file.

[jsjiang]

Updated urllib3 from "2.6.0" to "^2.6.0" to allow compatible updates, which is consistent with the versioning pattern used for all other dependencies in this file.

See pull request #980