From 90ef231f338917649ebeb33089ed44eb812bb24b Mon Sep 17 00:00:00 2001
From: Mohse Morad <moshemorad12340@gmail.com>
Date: Mon, 8 Jun 2026 15:16:36 +0300
Subject: [PATCH] Patch urllib3 CVEs in enforcer: bump to 2.7.0

The enforcer image pinned urllib3==2.6.3, still vulnerable to
CVE-2026-44431 (sensitive headers on cross-origin redirects) and
CVE-2026-44432 (DoS via excessive response decompression), both fixed
in 2.7.0. Companion to the krr image bump in this branch.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 enforcer/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/enforcer/requirements.txt b/enforcer/requirements.txt
index 75e1cbf7..2415c8a2 100644
--- a/enforcer/requirements.txt
+++ b/enforcer/requirements.txt
@@ -7,4 +7,4 @@ cachetools==5.3.3
 prometheus-client==0.20.0
 kubernetes==26.1.0
 pyasn1>=0.6.2
-urllib3==2.6.3
+urllib3==2.7.0