chore: dependency updates

[thephez]

Updates urllib3 and requests dependencies to resolve vulnerabilities with earlier versions.

[coderabbitai]

Walkthrough

Updated dependency versions in requirements.txt: requests from 2.32.3 to 2.32.5 and urllib3 from 2.3.0 to 2.5.0. No other files or public interfaces changed.

Changes

Cohort / File(s)	Summary
Dependency version bumps requirements.txt	Updated requests 2.32.3 → 2.32.5 and urllib3 2.3.0 → 2.5.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

I twitch my whiskers at version lifts,
Two little bumps, dependency gifts.
requests hops forward, urllib3 too—
Carrots of code, fresh and new.
In the garden of pins I cheer,
Small steps today, smooth runs this year. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: dependency updates" succinctly and accurately summarizes the primary change in the changeset (dependency version bumps in requirements.txt), making it clear and relevant for a teammate scanning the history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 50587ce and 9c5be41.

📒 Files selected for processing (1)

• requirements.txt (2 hunks)

🔇 Additional comments (2)

requirements.txt (2)

60-60: Requests 2.32.5 bump looks good.

• 2.32.5 is the latest (released Aug 18, 2025) and supports Python 3.9–3.14, so it’s compatible with the Python 3.13 toolchain used to compile this lockfile. (pypi.org)
• Keeps the prior security fix from 2.32.4 (CVE-2024-47081) while reverting problematic SSLContext caching. (github.com)

---

103-103: urllib3 2.5.0 bump is appropriate and security‑motivated.

• 2.5.0 includes fixes for CVE‑2025‑50181 and CVE‑2025‑50182. (github.com)
• Compatible with Requests 2.32.x, which requires urllib3 < 3. (urllib3.readthedocs.io)
• Note: urllib3 ≥2 requires the runtime’s ssl module to be OpenSSL ≥1.1.1; ensure your build runners meet this (they typically do). (urllib3.readthedocs.io)

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}