From 52b3d0808dea8d39736d50b13def452f48aa5aa9 Mon Sep 17 00:00:00 2001
From: Rob Rudin <rudin@progress.com>
Date: Wed, 14 Jan 2026 11:01:41 -0500
Subject: [PATCH] MLE-26598 Forcing usage of urllib 2.6.3

---
 poetry.lock    | 8 ++++----
 pyproject.toml | 3 +++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index d53623f..d242d76 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1264,14 +1264,14 @@ files = [
 
 [[package]]
 name = "urllib3"
-version = "2.6.0"
+version = "2.6.3"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "urllib3-2.6.0-py3-none-any.whl", hash = "sha256:c90f7a39f716c572c4e3e58509581ebd83f9b59cced005b7db7ad2d22b0db99f"},
-    {file = "urllib3-2.6.0.tar.gz", hash = "sha256:cb9bcef5a4b345d5da5d145dc3e30834f58e8018828cbc724d30b4cb7d4d49f1"},
+    {file = "urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"},
+    {file = "urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed"},
 ]
 
 [package.extras]
@@ -1316,4 +1316,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = "^3.9"
-content-hash = "5e493143f8452bfd44c157402cdd66c42e9f742d7c34988bd9b8e2ae87334f9d"
+content-hash = "8331d4fbbd7b3c664872db7a5d15a8b3f755800a45e330696e7ecd95373df46d"
diff --git a/pyproject.toml b/pyproject.toml
index 873fc63..cfed115 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,6 +12,9 @@ python = "^3.9"
 requests = "^2.32.5"
 requests_toolbelt = "^1.0.0"
 
+# Forcing version to eliminate CVEs; transitive dependency of requests.
+urllib3 = "^2.6.3"
+
 [tool.poetry.group.test.dependencies]
 pytest = "^7.4.0"