Fix urllib3 CVE-2026-44431/44432 in enforcer requirements

moshemorad · claude · moshemorad · commit 7ca43444296e · 2026-06-08T15:10:46.000+03:00
Bump urllib3 2.6.3 -> 2.7.0 in enforcer/requirements.txt to fix the decompression-bomb streaming-API bypass (Dependabot alert #76, HIGH). The root requirements.txt and poetry.lock are already on 2.7.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff --git a/enforcer/requirements.txt b/enforcer/requirements.txt
@@ -7,4 +7,4 @@ cachetools==5.3.3
 prometheus-client==0.20.0
 kubernetes==26.1.0
 pyasn1>=0.6.2
-urllib3==2.6.3
+urllib3==2.7.0
