Re: [PR] chore: bump urllib3 to 2.6.0 [superset]

Thu, 11 Dec 2025 03:09:20 -0800 


codeant-ai-for-open-source[bot] commented on code in PR #36526:
URL: https://github.com/apache/superset/pull/36526#discussion_r2610168805


##########
requirements/base.in:
##########
@@ -16,7 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-urllib3==2.5.0
+urllib3==2.6.0

Review Comment:
   **Suggestion:** Strict equality pin `urllib3==2.6.0` can cause dependency 
resolution failures when another package requires a different urllib3 version; 
use a compatible range so the resolver can find a mutually compatible set of 
packages. [possible bug]
   
   **Severity Level:** Critical 🚨
   ```suggestion
   urllib3>=2.6.0,<3.0.0
   ```
   <details>
   <summary><b>Why it matters? ⭐ </b></summary>
   
   The PR added an exact pin. Exact pins can cause dependency resolution 
failures when other packages require a different urllib3 version.
   Switching to a compatible range (e.g. >=2.6.0,<3.0.0) gives the resolver 
flexibility and aligns with how most other deps in this file are specified.
   This is a real, actionable change that can prevent install-time conflicts.
   </details>
   <details>
   <summary><b>Prompt for AI Agent 🤖 </b></summary>
   
   ```mdx
   This is a comment left during a code review.
   
   **Path:** requirements/base.in
   **Line:** 19:19
   **Comment:**
        *Possible Bug: Strict equality pin `urllib3==2.6.0` can cause 
dependency resolution failures when another package requires a different 
urllib3 version; use a compatible range so the resolver can find a mutually 
compatible set of packages.
   
   Validate the correctness of the flagged issue. If correct, How can I resolve 
this? If you propose a fix, implement it and please make it concise.
   ```
   </details>



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to