Fix CVE-2023-45803 and CVE-2024-37891 by updating urllib3 constraint (#886)

devin-ai-integration[bot] · arbiv · web-flow · commit e160076757fa · 2025-11-19T12:31:41.000+02:00
Co-authored-by: Devin AI &lt;158243242+devin-ai-integration[bot]@users.noreply.github.com&gt;
Co-authored-by: Yosef Arbiv &lt;yosef.arbiv@gmail.com&gt;
diff --git a/integration_tests/requirements.txt b/integration_tests/requirements.txt
@@ -3,4 +3,6 @@ pytest-xdist
 pytest-parametrization
 pytest-html
 filelock
-urllib3==2.0.6
+# urllib3>=2.2.2 fixes CVE-2023-45803 and CVE-2024-37891
+# Upper bound <3.0.0 prevents breaking changes from future major versions
+urllib3>=2.2.2,<3.0.0
