Build(deps): Bump urllib3 from 2.6.2 to 2.6.3 by dependabot[bot] · Pull Request #3017 · koxudaxi/datamodel-code-generator

dependabot · 2026-03-03T01:27:36Z

Bumps urllib3 from 2.6.2 to 2.6.3.

Release notes

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by @D47A, 8.9 High, GHSA-38jv-5279-wg99)

Started treating Retry-After times greater than 6 hours as 6 hours by default. (urllib3/urllib3#3743)

Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. (urllib3/urllib3#3752)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)

Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)

Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

Commits

0248277 Release 2.6.3
8864ac4 Merge commit from fork
70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
34284cb Mention experimental features in the security policy (#3746)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.2...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

codspeed-hq · 2026-03-03T01:34:07Z

Merging this PR will not alter performance

⚠️

Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 11 untouched benchmarks
⏩ 98 skipped benchmarks¹

_{Comparing dependabot/uv/urllib3-2.6.3 (e08f8fb) with main (991f0ff)²}

98 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩
No successful run was found on main (24d7a35) during the generation of this report, so 991f0ff was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

codecov · 2026-03-03T01:42:28Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (991f0ff) to head (e08f8fb).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##              main     #3017    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files           94        94            
  Lines        18182     18348   +166     
  Branches      2108      2129    +21     
==========================================
+ Hits         18182     18348   +166

Flag	Coverage Δ
unittests	`100.00% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

github-actions · 2026-03-04T02:02:36Z

📚 Docs Preview: https://pr-3017.datamodel-code-generator.pages.dev

github-actions · 2026-03-04T04:17:20Z

🎉 Released in 0.54.1

This PR is now available in the latest release. See the release notes for details.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 3, 2026

Merge branch 'main' into dependabot/uv/urllib3-2.6.3

e08f8fb

koxudaxi merged commit 690c535 into main Mar 4, 2026
37 checks passed

koxudaxi deleted the dependabot/uv/urllib3-2.6.3 branch March 4, 2026 04:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Build(deps): Bump urllib3 from 2.6.2 to 2.6.3#3017

Build(deps): Bump urllib3 from 2.6.2 to 2.6.3#3017
koxudaxi merged 2 commits intomainfrom
dependabot/uv/urllib3-2.6.3

dependabot Bot commented on behalf of github Mar 3, 2026

Uh oh!

codspeed-hq Bot commented Mar 3, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Mar 3, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Mar 4, 2026

Uh oh!

Uh oh!

github-actions Bot commented Mar 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 3, 2026

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

Changes

2.6.3 (2026-01-07)

Uh oh!

codspeed-hq Bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merging this PR will not alter performance

Footnotes

Uh oh!

codecov Bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions Bot commented Mar 4, 2026

Uh oh!

Uh oh!

github-actions Bot commented Mar 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codspeed-hq Bot commented Mar 3, 2026 •

edited

Loading

codecov Bot commented Mar 3, 2026 •

edited

Loading