urllib3 2.5.0 has a CVE; update to 2.6.0

[eean]

SeleniumBase has a <2.6.0 dependency on urllib3; this should be changed to <2.7.0. See GHSA-gm62-xv2j-4w53.

[mdmintz]

Hello, it'll be changed to this in the next release:

urllib3>=1.26.20,<2;python_version<"3.10"
urllib3>=1.26.20,<2.7.0;python_version>="3.10"

For the deprecated Python versions still supported (3.8 or 3.9), those will likely stay at urllib3>=1.26.20,<2.
(Although the possibility of dropping 3.8 soon is under consideration.)

[mdmintz]

Although if I'm dropping 3.8, then I'll check to see if 3.9 works on urllib3==2.6.0, and if so, maybe I can upgrade 3.9 too.

[mdmintz]

3.9 will have to stay at <2 --> urllib3>=1.26.20,<2;python_version<"3.10".
Google explains what I ran into:

For 3.10 and newer Python, it'll soon be --> urllib3>=1.26.20,<2.7.0;python_version>="3.10"

[mdmintz]

This was resolved in 4.45.0 - https://github.com/seleniumbase/SeleniumBase/releases/tag/v4.45.0

urllib3 versioning changed to:

urllib3>=1.26.20,<2;python_version<"3.10"
urllib3>=1.26.20,<3;python_version>="3.10"

(python_version>=3.10 now has urllib3 <3 ... more flexibility than <2.7.0)