chore: upgrade urllib to latest (#240)

BartoszBlizniak · Copilot · web-flow · commit 8bf84fe6e803 · 2025-12-16T12:52:21.000Z
* fix: update `urllib3` and `click` dependencies

* remove click changes, this will be added in different pr

* changelogs

* changelogs

* mock sso ring test

* patch httpretty fake socket shutdown for urllib3 2.0+ compatibility

* Update cloudsmith_cli/core/tests/test_rest.py

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;

---------

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,16 +7,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Fixed
+
+- Upgraded `urllib3` from `v1.26.20` to `v2.5.0`.
+- Added `mock_keyring` fixture to prevent SSO token refresh attempts during individual `test_rest.py` test which runs in pipelines (full suite passes). Caused by [HTTPretty issue 484](https://github.com/gabrielfalcao/HTTPretty/issues/484).
+- Entitlement token list command now fixed
+
 ### Added
 
 - Set `--show-all` to alias `--page-all`
 - Add the ability to use a shortcut within `--page-size` to use pass `-1` or `*` to retrieve all pages i.e. `--page-size -1` or `--page-size *` (note the wildcard may require escaping in some shell environments)
 - Added support for deny policy management commands (list, create, get, update, delete)
 
-### Fixed
-
-- Entitlement token list command now fixed
-
 ## [1.9.4] - 2025-11-07
 
 > No code changes in this release. Version bump performed for release process consistency and to address packaging/metadata updates.
diff --git a/cloudsmith_cli/cli/commands/metrics/entitlements.py b/cloudsmith_cli/cli/commands/metrics/entitlements.py
@@ -123,6 +123,7 @@ def usage(ctx, opts, owner_repo, tokens, start, finish):
         owner = owner_repo[0]
         repo = None
 
+    data = None
     context_msg = "Failed to get list of metrics!"
     data = {}
     with handle_api_exceptions(ctx, opts=opts, context_msg=context_msg):
diff --git a/cloudsmith_cli/core/rest.py b/cloudsmith_cli/core/rest.py
@@ -106,7 +106,7 @@ def create_requests_session(
     retry = RetryWithCallback(
         backoff_factor=backoff_factor,
         connect=retries,
-        method_whitelist=False,
+        allowed_methods=False,
         read=retries,
         status_forcelist=tuple(status_forcelist),
         status=retries,
diff --git a/cloudsmith_cli/core/tests/test_rest.py b/cloudsmith_cli/core/tests/test_rest.py
@@ -1,11 +1,13 @@
 import httpretty
+import pytest
 
 from ..api.init import initialise_api
 from ..rest import RestClient
 
 
 class TestRestClient:
     @httpretty.activate(allow_net_connect=False, verbose=True)
+    @pytest.mark.usefixtures("mock_keyring")
     def test_implicit_retry_for_status_codes(self):
         """Assert that the rest client retries certain status codes automatically."""
         # initialise_api() needs to be called before RestClient can be instantiated,
@@ -37,3 +39,32 @@ def test_implicit_retry_for_status_codes(self):
 
         assert len(httpretty.latest_requests()) == 6
         assert r.status == 200
+
+
+@pytest.fixture
+def mock_keyring(monkeypatch):
+    """Mock keyring functions to prevent reading real SSO tokens from the system keyring.
+
+    This is necessary because initialise_api() checks the keyring for SSO tokens,
+    and if found, it attempts to refresh them via a network request. When running
+    this test in isolation with httpretty mocking enabled, that network request
+    will fail because it's not mocked.
+    """
+    # Import here to avoid circular imports
+    import httpretty.core
+
+    from .. import keyring
+
+    # Mock all keyring getter functions to return None/False
+    monkeypatch.setattr(keyring, "get_access_token", lambda api_host: None)
+    monkeypatch.setattr(keyring, "get_refresh_token", lambda api_host: None)
+    monkeypatch.setattr(keyring, "should_refresh_access_token", lambda api_host: False)
+
+    # Patch httpretty's fake socket to handle shutdown() which urllib3 2.0+ calls
+    # This fixes: "Failed to socket.shutdown because a real socket does not exist"
+    monkeypatch.setattr(
+        httpretty.core.fakesock.socket,
+        "shutdown",
+        lambda self, how: None,
+        raising=False,
+    )
diff --git a/requirements.txt b/requirements.txt
@@ -135,7 +135,7 @@ typing-extensions==4.13.2
     # via
     #   astroid
     #   pylint
-urllib3==1.26.20
+urllib3==2.5.0
     # via
     #   cloudsmith-api
     #   cloudsmith-cli (setup.py)
diff --git a/setup.py b/setup.py
@@ -58,7 +58,7 @@ def get_long_description():
         "requests>=2.18.4",
         "requests_toolbelt>=0.8.0",
         "semver>=2.7.9",
-        "urllib3<2.0",
+        "urllib3>=2.5",
     ],
     entry_points={
         "console_scripts": ["cloudsmith=cloudsmith_cli.cli.commands.main:main"]
