deps(python): bump urllib3 to 1.26.16

google-auth and requests both require urllib3 1.X so bumping patch version and intructing dependabot to ignore v2 upgrades for now. Signed-off-by: Lance Austin <[email protected]>
emissary-ingress · Aug 3, 2023 · af0723a · af0723a
1 parent c20b274
commit af0723a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -70,7 +70,10 @@ updates:
     open-pull-requests-limit: 10
     ignore:
       - dependency-name: pytest
-
+      - dependency-name: urllib3
+        versions: 
+          - "<2.0"
+        version-update: semver-minor
   - package-ecosystem: docker
     directory: "/docker/base-python"
     schedule:

diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md
@@ -194,5 +194,5 @@ libraries:
     six                 1.16.0     MIT license
     tomli               2.0.1      MIT license
     typing_extensions   4.7.1      Python Software Foundation license
-    urllib3             1.26.13    MIT license
+    urllib3             1.26.16    MIT license
     websocket-client    1.6.1      Apache License 2.0
diff --git a/python/requirements.txt b/python/requirements.txt
@@ -90,7 +90,7 @@ six==1.16.0
     #   python-dateutil
 typing-extensions==4.7.1
     # via -r requirements.in
-urllib3==1.26.13
+urllib3==1.26.16
     # via
     #   google-auth
     #   kubernetes