Bump zeep from 4.3.2 to 4.3.3

[dependabot]

Bumps zeep from 4.3.2 to 4.3.3.

Release notes

Sourced from zeep's releases.

4.3.3

Highlights

• Wire up the forbid_external setting (previously defined but unused since the move off defusedxml in 4.0). When enabled, zeep refuses to transitively fetch http/https resources via xsd:import, xsd:include, wsdl:import or lxml entity resolution, raising zeep.exceptions.ExternalReferenceForbidden. The user-supplied entry-point WSDL/schema URL is still loaded. The default remains False to preserve existing behaviour; enable it when loading WSDLs from untrusted sources to mitigate SSRF via attacker-controlled import targets.

Internal

• Tooling only (no runtime changes): migrated dependency/build management to uv and replaced isort/flake8/black with ruff.

Changelog

Sourced from zeep's changelog.

4.3.3 (2026-06-18)

• Wire up the forbid_external setting (previously defined but unused since the move off defusedxml in 4.0). When enabled it refuses to transitively fetch http/https resources via xsd:import, xsd:include, wsdl:import or lxml entity resolution, raising zeep.exceptions.ExternalReferenceForbidden. The user-supplied entry-point WSDL/schema URL is still loaded. The default remains False to preserve existing behaviour; enable when loading WSDLs from untrusted sources to mitigate SSRF via attacker-controlled import targets.
• Internal tooling only: migrate dependency/build management to uv and replace isort/flake8/black with ruff. No runtime changes.

Commits

• 1b7072c Release 4.3.3
• e0e6572 Release 4.3.3
• a3c1919 chore: single-source the version, drop bumpversion
• 7e90b09 fix: use relative coverage paths for cross-OS combine
• e12eb1f ci: bump actions to fix nodejs warning
• e053fc4 fix: resolve ruff lint findings surfaced by CI
• db2424b chore: migrate to uv and ruff, drop tox/pip
• fe2671a chore: move to ruff
• f790550 chore: bump pytest
• 7f8d84b chore: update and pin actions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.