This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new d41a45dfc upgrade urllib3
d41a45dfc is described below
commit d41a45dfc438888c02ae4562b47134dcaad09060
Author: Dave Brondsema <dbronds...@slashdotmedia.com>
AuthorDate: Mon Jun 23 21:07:41 2025 +0000
upgrade urllib3
---
Allura/allura/lib/plugin.py | 1 +
requirements.txt | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 2e9e42786..96d2a1ad0 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -142,6 +142,7 @@ def authenticate_request(self):
return M.User.anonymous()
if asbool(config.get('auth.reject_untracked_sessions', False)) and not
user.validate_session(self.session.id):
+ # does this break login csrf?
log.info(f'Session ID is not tracked: {self.session.id}')
self.logout()
return M.User.anonymous()
diff --git a/requirements.txt b/requirements.txt
index e74b6596b..81a323f8d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -313,7 +313,7 @@ urllib3==1.26.20 ; python_full_version < '3.10'
# via
# botocore
# requests
-urllib3==2.4.0 ; python_full_version >= '3.10'
+urllib3==2.5.0 ; python_full_version >= '3.10'
# via
# botocore
# requests
