From 493ca296959b02957749aab2268ef317440d7b04 Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Wed, 10 Dec 2025 18:47:26 +0100
Subject: [PATCH] FOLIO-4417: Bump urllib3 from 1.26.* to 2.6.1 fixing vulns

Bump the urllib3 version from 1.26.* to 2.6.1 in

* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/vufind-indexer/requirements.txt#L6
* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt#L17
* https://github.com/folio-org/folio-tools/blob/522e1612f0b16493fbb7bdb9ba6ce84fd30b4f33/kubernetes-utilities/md2kubeyaml/requirements.txt#L8

urllib3 < 2.6.0 has these security vulnerabilities that are fixed in 2.6.1:

* CVE-2025-66471 https://github.com/advisories/GHSA-2xpw-w6gg-jr37
* CVE-2025-66418 https://github.com/advisories/GHSA-gm62-xv2j-4w53
---
 kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt | 2 +-
 kubernetes-utilities/md2kubeyaml/requirements.txt               | 2 +-
 vufind-indexer/requirements.txt                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt b/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt
index 97f3690..3c8296a 100644
--- a/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt
+++ b/kubernetes-utilities/ci-cleanup/module-cleanup/requirements.txt
@@ -14,5 +14,5 @@ requests==2.31.0
 requests-oauthlib==1.2.0
 rsa==4.8
 six==1.13.0
-urllib3==1.26.8
+urllib3==2.6.1
 websocket-client==0.56.0
diff --git a/kubernetes-utilities/md2kubeyaml/requirements.txt b/kubernetes-utilities/md2kubeyaml/requirements.txt
index ec12793..5271463 100644
--- a/kubernetes-utilities/md2kubeyaml/requirements.txt
+++ b/kubernetes-utilities/md2kubeyaml/requirements.txt
@@ -5,4 +5,4 @@ Jinja2==2.11.3
 MarkupSafe==1.1.1
 pkg-resources==0.0.0
 requests==2.31.0
-urllib3==1.26.5
+urllib3==2.6.1
diff --git a/vufind-indexer/requirements.txt b/vufind-indexer/requirements.txt
index 011554d..a8c63d3 100644
--- a/vufind-indexer/requirements.txt
+++ b/vufind-indexer/requirements.txt
@@ -3,4 +3,4 @@ chardet==3.0.4
 idna==2.8
 jmespath==0.9.4
 requests==2.31.0
-urllib3==1.26.5
+urllib3==2.6.1