package/python-urllib3: security bump to v2.5.0

For release note, see: https://github.com/urllib3/urllib3/releases/tag/2.5.0 This fixes the following vulnerabilities: - CVE-2025-50181: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation - CVE-2025-50182: urllib3 does not control redirects in browsers and Node.js Signed-off-by: Titouan Christophe <titouan.christophe@mind.be> [Julien: add link to release note in commit log] Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-07-01 18:21:16 +02:00
parent 184a1b94a5
commit 7006854ce1
2 changed files with 4 additions and 4 deletions
--- a/package/python-urllib3/python-urllib3.hash
+++ b/package/python-urllib3/python-urllib3.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/urllib3/json
-md5  787104cdecd70e6688713f8a079ffd3f  urllib3-2.4.0.tar.gz
-sha256  414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466  urllib3-2.4.0.tar.gz
+md5  2b8a86438e4d35fbc90572dbdb424759  urllib3-2.5.0.tar.gz
+sha256  3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760  urllib3-2.5.0.tar.gz
 # Locally computed sha256 checksums
 sha256  130e3a64d5fdd5d096a752694634a7d9df284469de86e5732100268041e3d686  LICENSE.txt
--- a/package/python-urllib3/python-urllib3.mk
+++ b/package/python-urllib3/python-urllib3.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################

-PYTHON_URLLIB3_VERSION = 2.4.0
+PYTHON_URLLIB3_VERSION = 2.5.0
 PYTHON_URLLIB3_SOURCE = urllib3-$(PYTHON_URLLIB3_VERSION).tar.gz
-PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/8a/78/16493d9c386d8e60e442a35feac5e00f0913c0f4b7c217c11e8ec2ff53e0
+PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc
 PYTHON_URLLIB3_LICENSE = MIT
 PYTHON_URLLIB3_LICENSE_FILES = LICENSE.txt
 PYTHON_URLLIB3_CPE_ID_VENDOR = python