chore(deps): update dependency urllib3 to v2 [security] (#466)

renovate[bot] · patheard · web-flow · commit b0a3652e4523 · 2025-10-29T14:35:54.000-04:00
* chore(deps): update dependency urllib3 to v2 [security]

* fix: use boto3 rather than aws-cli to retrieve env vars

---------

Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: Pat Heard &lt;patrick.heard@cds-snc.ca&gt;
diff --git a/api/Dockerfile b/api/Dockerfile
@@ -43,7 +43,6 @@ ENV PYTHONPATH="/pymodules"
 
 RUN apk upgrade --no-cache \
     && apk add --no-cache \
-    aws-cli \
     binutils \
     libstdc++
 
diff --git a/api/bin/entry.sh b/api/bin/entry.sh
@@ -38,12 +38,7 @@ if [ ! -f "$ENV_PATH/.env" ]; then
     if [ ! -d "$ENV_PATH" ]; then
         mkdir "$ENV_PATH"
     fi
-    aws ssm get-parameters \
-        --region ca-central-1 \
-        --with-decryption \
-        --names github-secret-scanning-config \
-        --query 'Parameters[*].Value' \
-        --output text > "$TMP_ENV_FILE"
+    python -c "import boto3; client = boto3.client('ssm'); response = client.get_parameters(Names=['github-secret-scanning-config'], WithDecryption=True); print(response['Parameters'][0]['Value'] if response['Parameters'] else '')" > "$TMP_ENV_FILE"
 fi
 
 # Check if environment vars were retrieved
diff --git a/api/requirements.txt b/api/requirements.txt
@@ -1,6 +1,7 @@
+boto3==1.40.55
 cryptography==44.0.3
 fastapi==0.119.1
 mangum==0.19.0
 python-dotenv==1.1.1
 requests==2.32.5
-urllib3<2 # Boto currently does not support urllib3 2+
+urllib3==2.5.0
