From c37b23433e5e7117444b0da90c8d6cc56f20d85b Mon Sep 17 00:00:00 2001 From: "F.N. Claessen" Date: Tue, 12 May 2026 11:43:05 +0200 Subject: [PATCH 1/2] chore: upgrade urllib3 to v2.7.0 Signed-off-by: F.N. Claessen --- pyproject.toml | 2 ++ uv.lock | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index f2078189..9a18d952 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -27,6 +27,8 @@ dependencies = [ "pandas>=2.1.4", "async-timeout>=5.0.1", "packaging>=26.0", + # Below: minimum requirements solely here for security reasons + "urllib3>=2.7.0", # https://github.com/FlexMeasures/flexmeasures-client/security/dependabot/16 ] [project.urls] diff --git a/uv.lock b/uv.lock index 7eafbebf..e1233691 100644 --- a/uv.lock +++ b/uv.lock @@ -435,6 +435,7 @@ dependencies = [ { name = "packaging" }, { name = "pandas", version = "2.3.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, { name = "pandas", version = "3.0.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "urllib3" }, ] [package.optional-dependencies] @@ -479,6 +480,7 @@ requires-dist = [ { name = "s2-python", marker = "extra == 's2'", specifier = ">=0.8.1" }, { name = "semver", marker = "extra == 's2'", specifier = ">=3.0.4" }, { name = "tzdata", marker = "extra == 's2'", specifier = ">=2025.3" }, + { name = "urllib3", specifier = ">=2.7.0" }, ] provides-extras = ["s2"] @@ -1654,11 +1656,11 @@ wheels = [ [[package]] name = "urllib3" -version = "2.6.3" +version = "2.7.0" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/c7/24/5f1b3bdffd70275f6661c76461e25f024d5a38a46f04aaca912426a2b1d3/urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed", size = 435556, upload-time = "2026-01-07T16:24:43.925Z" } +sdist = { url = "https://files.pythonhosted.org/packages/53/0c/06f8b233b8fd13b9e5ee11424ef85419ba0d8ba0b3138bf360be2ff56953/urllib3-2.7.0.tar.gz", hash = "sha256:231e0ec3b63ceb14667c67be60f2f2c40a518cb38b03af60abc813da26505f4c", size = 433602, upload-time = "2026-05-07T16:13:18.596Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/39/08/aaaad47bc4e9dc8c725e68f9d04865dbcb2052843ff09c97b08904852d84/urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4", size = 131584, upload-time = "2026-01-07T16:24:42.685Z" }, + { url = "https://files.pythonhosted.org/packages/7f/3e/5db95bcf282c52709639744ca2a8b149baccf648e39c8cc87553df9eae0c/urllib3-2.7.0-py3-none-any.whl", hash = "sha256:9fb4c81ebbb1ce9531cce37674bbc6f1360472bc18ca9a553ede278ef7276897", size = 131087, upload-time = "2026-05-07T16:13:17.151Z" }, ] [[package]] From 77bb9402cbc173ce07b70f37389886a3ef1c0b62 Mon Sep 17 00:00:00 2001 From: "F.N. Claessen" Date: Tue, 12 May 2026 11:44:59 +0200 Subject: [PATCH 2/2] dev: rename license file, which I suspect dependabot has an issue with: InstallationError("Invalid requirement: 'Apache License' (from line 1 of dependabot_tmp_dir/LICENSE.txt)") Signed-off-by: F.N. Claessen --- LICENSE.txt => LICENSE | 0 pyproject.toml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename LICENSE.txt => LICENSE (100%) diff --git a/LICENSE.txt b/LICENSE similarity index 100% rename from LICENSE.txt rename to LICENSE diff --git a/pyproject.toml b/pyproject.toml index 9a18d952..2c963688 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,7 +8,7 @@ description = "Async client to connect to the FlexMeasures API" readme = "README.rst" requires-python = ">=3.10, <3.13" license = "Apache-2.0" -license-files = ["LICENSE.txt"] +license-files = ["LICENSE"] authors = [ {name = "Flexmeasures", email = "info@seita.nl"} ]