Update urllib3 python wheel for security (#1038)

isc-dchui · web-flow · commit b7ed99daeec4 · 2026-01-14T09:16:27.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,9 +25,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 to load using multicompile instead of trying to do own multi-threading of item load which causes
 lock contention by bypassing IRIS compiler.
 - #481: Improve BuildDependencyGraph performance by doing the following:
- - Eliminate recursion and use iteration.
- - Remove depth first search and do pure breadth first search.
- - Have better caching of results for module searches by collapsing search expressions (reducing expressions that are intersections).
+    - Eliminate recursion and use iteration.
+    - Remove depth first search and do pure breadth first search.
+    - Have better caching of results for module searches by collapsing search expressions (reducing expressions that are intersections).
 
 ### Removed
 - #938: Removed secret flag NewVersion handling in %Publish()
@@ -50,6 +50,9 @@ lock contention by bypassing IRIS compiler.
 - #828: The `CheckStatus` flag for `<Invoke>` action has been deprecated. Default behavior is now to always check the status of the method if and only if the method signature returns %Library.Status
 - #885: `-synchronous` flag since loading dependencies synchronously is now the default behavior.
 
+### Security
+- urllib3 wheel has been updated to 2.6.3
+
 ## [0.10.4] - 2025-10-21
 
 ### Added
diff --git a/module.xml b/module.xml
@@ -45,7 +45,7 @@
       <PythonWheel Name="referencing-0.36.2-py3-none-any.whl" ExtraPipFlags="--no-deps" />
       <PythonWheel Name="requests-2.32.4-py3-none-any.whl" ExtraPipFlags="--no-deps" />
       <PythonWheel Name="typing_extensions-4.12.2-py3-none-any.whl" ExtraPipFlags="--no-deps" />
-      <PythonWheel Name="urllib3-2.6.0-py3-none-any.whl" ExtraPipFlags="--no-deps" />
+      <PythonWheel Name="urllib3-2.6.3-py3-none-any.whl" ExtraPipFlags="--no-deps" />
 
       <!-- Pure python implementation of rpds-py for offline installation or behind a
             firewall.
diff --git a/preload/cls/IPM/Installer.cls b/preload/cls/IPM/Installer.cls
@@ -438,7 +438,7 @@ ClassMethod CleanupOldMappings() As %Status
         }
         set $namespace = namespace
         // check if IPM is installed in this namespace
-        if '$$$comClassDefined("%IPM.Utils.Module") {
+        if '$$$comClassDefined("%IPM.Main") {
             continue
         }
 
diff --git a/wheels/requirements.txt b/wheels/requirements.txt
@@ -11,6 +11,6 @@ oras==0.1.30
 referencing==0.36.2
 requests==2.32.4
 typing_extensions==4.12.2
-urllib3==2.6.0
+urllib3==2.6.3
 # When https://github.com/pypa/pip/pull/10837 is merged, we should specify per-requirement `--no-deps` in requirements.txt directly,
 # so that dependabot etc. don't pick up vulnerabilities in `rpds-py`, which we implement ourselves.
diff --git a/wheels/urllib3-2.6.3-py3-none-any.whl b/wheels/urllib3-2.6.3-py3-none-any.whl

Original file line number	Diff line number	Diff line change
`@@ -438,7 +438,7 @@ ClassMethod CleanupOldMappings() As %Status`
`438`	`438`	`}`
`439`	`439`	`set $namespace = namespace`
`440`	`440`	`// check if IPM is installed in this namespace`
`441`		`- if '$$$comClassDefined("%IPM.Utils.Module") {`
	`441`	`+ if '$$$comClassDefined("%IPM.Main") {`
`442`	`442`	`continue`
`443`	`443`	`}`
`444`	`444`