upgrade urllib3 to 2.6.0 #972
Conversation
There was a problem hiding this comment.
Pull request overview
This PR upgrades urllib3 from version 2.5.0 to 2.6.0, adding it as an explicit dependency in pyproject.toml. The urllib3 library is used in the opensearch-update management command for disabling SSL warnings when working with local development servers. The upgrade also includes automatic updates to several other dependencies (boto3, botocore, protobuf) in the lock file to maintain compatibility.
Key Changes
- Added urllib3 2.6.0 as an explicit dependency in pyproject.toml
- Updated poetry.lock with urllib3 2.6.0 and transitive dependency updates
- Lock file regenerated with Poetry 1.8.5 (downgraded from 2.2.1)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pyproject.toml | Added urllib3 2.6.0 as an explicit dependency |
| poetry.lock | Updated lock file with urllib3 2.6.0 and transitive dependencies (boto3, botocore, protobuf); regenerated with Poetry 1.8.5 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ecs-logging = "^2.2.0" | ||
| opensearch-dsl = "^2.1.0" | ||
| mysqlclient = "^2.2.7" | ||
| urllib3 = "2.6.0" |
There was a problem hiding this comment.
The urllib3 dependency uses an exact version pin (2.6.0) instead of a version constraint with caret (^) like all other dependencies in this file. This means the project will not receive patch or minor updates automatically. Consider using "^2.6.0" to allow compatible updates, which is consistent with the versioning pattern used for all other dependencies in this file.
| urllib3 = "2.6.0" | |
| urllib3 = "^2.6.0" |
There was a problem hiding this comment.
Yes, adding it as "^2.6.0" allows it to automatically be upgraded in the future with poetry update or something similar.
sfisher
left a comment
sfisher
left a comment
There was a problem hiding this comment.
If you want to allow it update to the major version (with poetry update) you could add the ^.
Looks good to me, though.
| ecs-logging = "^2.2.0" | ||
| opensearch-dsl = "^2.1.0" | ||
| mysqlclient = "^2.2.7" | ||
| urllib3 = "2.6.0" |
There was a problem hiding this comment.
Yes, adding it as "^2.6.0" allows it to automatically be upgraded in the future with poetry update or something similar.
|
Use urllib3 = "2.6.0" for this release. Considering using "^2.6.0" in a future release if we feel comfortable with urllib3 updates. |
@sfisher Hi Scott,
Since urllib3 is imported in some scripts, I added
urllib3 2.6.0topyproject.tomland updated thepoetry.lockfile. A testing tagv3.3.21_rc0was created and deployed to ezid-stg. Functional and UI tests all look good.Please review and let me know if you have questions.
Thank you
Jing