Fix urllib3 HIGH CVEs (CVE-2026-44431/44432)

[moshemorad]

Fixes the two HIGH Dependabot alerts for urllib3 (decompression-bomb safeguards bypass in the streaming API), surfaced in Vanta.

• Error trying to list pods #77 requirements.txt — already at urllib3==2.7.0
• krr version information hasn't been updated since v1.1.1 #76 enforcer/requirements.txt — bumped urllib3==2.6.3 → 2.7.0 (this PR)

poetry.lock and pyproject.toml already require urllib3 ^2.7.0, confirming compatibility.

Scope: HIGH severity only, as requested. MEDIUM findings (pytest, requests, idna) intentionally left out.

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9944ac4f-67a3-454b-981e-cf861b63faf6

📥 Commits

Reviewing files that changed from the base of the PR and between 2d07503 and 7ca4344.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• enforcer/requirements.txt
• pyproject.toml
• requirements.txt

---

Walkthrough

The pull request updates the urllib3 dependency from version 2.6.3 to 2.7.0 across three configuration files: pyproject.toml, requirements.txt, and enforcer/requirements.txt. All other requirements remain unchanged.

Changes

urllib3 Version Bump

Layer / File(s)	Summary
urllib3 version bump across all requirement files pyproject.toml, requirements.txt, enforcer/requirements.txt	urllib3 is upgraded from 2.6.3 to 2.7.0 consistently across pyproject.toml (caret constraint), requirements.txt (pinned), and enforcer/requirements.txt (pinned).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• robusta-dev/krr#527: Both PRs bump the urllib3 dependency from 2.6.3 to 2.7.0 in pyproject.toml and requirements.txt with the same version constraints, representing an overlapping change.

Suggested reviewers

• Sheeproid

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix urllib3 HIGH CVEs (CVE-2026-44431/44432)' accurately reflects the main objective of the PR, which updates urllib3 across multiple files to address two HIGH-severity CVEs.
Description check	✅ Passed	The description is well-related to the changeset, explaining the CVEs being fixed, which requirements files are updated, and confirming compatibility with existing configurations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch patch-urllib3-cves

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}