Skip to content

[🐛 Bug]: selenium 4.34.0 from PyPI depends on urllib3 2.4.0 when it should be 2.5.0 #15994

New issue
New issue
Closed
Closed
[🐛 Bug]: selenium 4.34.0 from PyPI depends on urllib3 2.4.0 when it should be 2.5.0#15994
Labels
A-needs-triagingA Selenium member will evaluate this soon!C-pyPython BindingsI-defectSomething is not working as intendedOS-linux
@depleater

Description

@depleater
depleater
opened on Jul 4, 2025

Description

I upgraded my Python project's Pip requirements.txt file to depend on selenium==4.34.0, expecting that to depend on urllib3 version 2.5.0 instead of 2.4.0.

Environment: Ubuntu Linux 24.04, Python 3.12.3.

Reason I expected this: PR 15909 was merged as part of release 4.34.0, which was intended to update the urllib3 dependency to require 2.5.0 (ref: 367c8c1).

Reason for wanting the newer urllib3: version 2.4.0 of urllib3 is affected by CVE-2025-50182, and I wanted my vulnerability scanner to stop complaining. :-)

What actually happened: Installing via pip install selenium==4.34.0 still requires urllib3 version 2.4.0 and pip still thinks it (selenium 4.34.0) is incompatible with urllib3 version 2.5.0.

Potential fix: I suspect PR 15909 just forgot to update the py/BUILD.bazel file, so the fix may be as simple as:

diff -U3 a/py/BUILD.bazel b/py/BUILD.bazel
--- a/py/BUILD.bazel    2025-07-04 18:47:59.287487810 +1000
+++ b/py/BUILD.bazel    2025-07-04 18:48:40.040172731 +1000
@@ -308,10 +308,10 @@
     python_requires = ">=3.9",
     python_tag = "py3",
     requires = [
-        "urllib3[socks]~=2.4.0",
+        "urllib3[socks]~=2.5.0",
         "trio~=0.30.0",
         "trio-websocket~=0.12.2",
-        "certifi>=2025.4.26",
+        "certifi>=2025.6.15",
         "typing_extensions~=4.14.0",
         "websocket-client~=1.8.0",
     ],

Reproducible Code

pip install selenium==4.34.0
# Should report "urllib3==2.5.0", but reports "urllib3==2.4.0".
pip freeze | grep urllib3

Debugging Logs

What version of Selenium are you currently using?

4.34.0

The following statements are true

  • This applies to the most recent version of Selenium (we can't fix old versions)
  • This hasn't already been reported (I searched and didn't find it)
  • All information necessary to reproduce the issue has been provided above

Did this work for you before?

Not sure, this is my first time trying it

If yes, what version of Selenium did it work with?

No response

Operating System

Linux (specify in the description)

Selenium Language Binding

Python

Which browsers are you experiencing the issue with?

No response

Are you using Selenium Grid?

No

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-needs-triagingA Selenium member will evaluate this soon!C-pyPython BindingsI-defectSomething is not working as intendedOS-linux

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions