chore: upgrade urllib3 to resolve CVEs (#320)

lawrence-u10d · cursoragent · web-flow · commit 06b8b0473e31 · 2025-12-30T22:18:03.000-06:00
Resolves CVE-2025-66471 and CVE-2025-66418  --- > [!NOTE] > Addresses dependency security and stability updates. > > - **Upgrade** `urllib3` from `2.5.0` to `2.6.2` in `poetry.lock` (includes extras changes) > - **Bump** package version to `0.42.7` in `pyproject.toml` > - **Test fix**: add Python 3.9 workaround in `_test_contract/conftest.py` to eagerly import `unstructured_client.utils.retries` to avoid a lazy-import race `KeyError` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e46c9cb. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>  --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com>
diff --git a/_test_contract/conftest.py b/_test_contract/conftest.py
@@ -7,6 +7,10 @@
 
 from unstructured_client import UnstructuredClient, utils
 
+# Python 3.9 workaround: eagerly import retries to avoid lazy import race condition
+# This prevents a KeyError in module lock when templates.py triggers lazy import of utils.retries
+from unstructured_client.utils import retries  # noqa: F401
+
 FAKE_API_KEY = "91pmLBeETAbXCpNylRsLq11FdiZPTk"
 
 
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 
 [project]
 name = "unstructured-client"
-version = "0.42.6"
+version = "0.42.7"
 description = "Python Client SDK for Unstructured API"
 authors = [{ name = "Unstructured" },]
 readme = "README-PYPI.md"
