fix(deps): bump urllib3 to 2.6.3

[Odilhao]

Summary

Bumps urllib3 from 2.5.0 to 2.6.3 to address CVE-2025-4632.

Changes

• pyproject.toml: adds explicit urllib3 = ">=2.6.3" lower-bound constraint (was previously only a transitive dependency via requests/aiohttp)
• poetry.lock: introduced on this branch (was absent); generated via poetry update urllib3
• requirements.txt: regenerated with correct SHA-256 hashes via make generate-requirements-txt — collateral version bumps within project constraints are included

Regeneration steps used

# 1. Add urllib3 = ">=2.6.3" to [tool.poetry.dependencies] in pyproject.toml
# 2. Create poetry.lock and resolve urllib3
poetry update urllib3
# 3. Re-export hash-pinned requirements.txt
make generate-requirements-txt

CVEs fixed

• CVE-2025-4632

Made with Cursor

[sourcery-ai]

Sorry @Odilhao, your pull request is larger than the review limit of 150000 diff characters

[jdobes]

@Odilhao There is also 'urllib3==2.5.0' in requirements-dev.txt, pls bump it also there to make tests pass