Bump urllib3 to 2.7.0 (CVE-2026-44432, CVE-2026-44431)

[niceking]

Summary

Bumps the transitive urllib3 dependency to 2.7.0 to address two Dependabot alerts:

• #13 — GHSA-mf9v-mfxr-j63j / CVE-2026-44432 (CVSS 7.5, High) — decompression-bomb safeguard bypass in streaming API.
• #14 — GHSA-qccp-gfcp-xxvc / CVE-2026-44431 — sensitive headers (Authorization, Cookie, Proxy-Authorization) forwarded across origins in proxied low-level redirects.

Linear: TE-5845

Vulnerabilities

CVE-2026-44432 — decompression-bomb bypass (alert #13)

urllib3 versions >= 2.6.0, < 2.7.0 bypass decompression-bomb safeguards in two cases:

1. The second HTTPResponse.read(amt=N) / stream(amt=N) call when the response is decoded with the official brotli library.
2. HTTPResponse.drain_conn() after a partial read (any compression algorithm).

A small amount of highly-compressed data can be fully decoded in one operation → high CPU and memory pressure on the client (CWE-409 — data amplification).

CVE-2026-44431 — cross-origin header leak (alert #14)

urllib3 versions >= 1.23, < 2.7.0 strip sensitive headers on cross-origin redirects in the high-level APIs (urllib3.request(), PoolManager.request(), ProxyManager.request()), but do not strip them when the low-level flow ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) is used. Authorization, Cookie, and Proxy-Authorization can leak across origins.

Impact assessment for this project

The collector posts JSON payloads to the Buildkite Test Engine via requests.post(...) in collector/api.py:

• Endpoint is fixed/trusted (analytics-api.buildkite.com by default, otherwise operator-configured).
• No streaming (stream=True, iter_content, HTTPResponse.read(amt=...), drain_conn() are not used) → CVE-2026-44432 not reachable.
• No brotli / brotlicffi dependency → CVE-2026-44432 not reachable.
• No ProxyManager, no low-level connection_from_url().urlopen(..., assert_same_host=False), no manual redirect handling → CVE-2026-44431 not reachable.
• Response body is only used for raise_for_status().

Neither vulnerability is exploitable in practice today. This bump is preventative — it clears the alerts and protects against future drift if streaming, Brotli, or low-level proxy usage is ever introduced.

Notes

• urllib3 2.7.0 requires Python ≥ 3.10. Because this project still supports Python 3.9, the lockfile pins urllib3 2.6.3 for Python 3.9 and 2.7.0 for Python ≥ 3.10 (uv resolution markers). Upstream urllib3 did not backport either fix to the 2.6.x line, so Python 3.9 users remain technically exposed — but unaffected in practice because the collector does not exercise the vulnerable paths (see above).

Verification

uv sync --all-extras
uv run pytest
# 103 passed, 5 skipped

[niceking]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Chef's kiss.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".