Update to 2.6.1 (close RHBZ#2419408)

- Fixes CVE-2025-66471 / GHSA-2xpw-w6gg-jr37 - Fixes CVE-2025-66418 / GHSA-gm62-xv2j-4w53
2025-12-08 11:12:58 +00:00 · 2025-12-08 11:12:58 +00:00 · 5baec5bbec
commit 5baec5bbec
parent 9b878192d6
3 changed files with 4 additions and 8 deletions
--- a/python-urllib3.spec
+++ b/python-urllib3.spec
@ -5,7 +5,7 @@
 %bcond extradeps %{undefined rhel}

 Name:           python-urllib3
-Version:        2.5.0
+Version:        2.6.1
 Release:        %autorelease
 Summary:        HTTP library with thread-safe connection pooling, file post, and more

@ -85,12 +85,6 @@ Recommends:     python3-urllib3+socks
 %autosetup -n urllib3-%{version}
 %setup -q -n urllib3-%{version} -T -D -b 1

-# Unpin hatch-vcs version
-# See https://github.com/urllib3/urllib3/issues/3612
-sed -i 's/hatch-vcs==/hatch-vcs>=/' pyproject.toml
-# Allow setuptools_scm 9, https://github.com/urllib3/urllib3/commit/1ce1b59ec6
-sed -i 's/setuptools-scm>=8,<9/setuptools-scm>=8,<10/' pyproject.toml
-
 # Make sure that the RECENT_DATE value doesn't get too far behind what the current date is.
 # RECENT_DATE must not be older that 2 years from the build time, or else test_recent_date
 # (from test/test_connection.py) would fail. However, it shouldn't be to close to the build time either,