python-urllib3: update to 2.6.3

- Fixed HTTPResponse.read_chunked() to properly handle leftover data
  in the decoder's buffer when reading compressed chunked responses.
- Fixed a security issue where decompression-bomb safeguards of the
  streaming API were bypassed when HTTP redirects were followed.
  (CVE-2026-21441)
- Started treating Retry-After times greater than 6 hours as 6 hours
  by default.
- Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten.

Release notes:
https://github.com/urllib3/urllib3/releases/tag/2.6.2
https://github.com/urllib3/urllib3/releases/tag/2.6.3

Signed-off-by: Wei-Ting Yang <redacted>

diff --git a/lang/python/python-urllib3/Makefile b/lang/python/python-urllib3/Makefile
index d2772022f170dcfb4a72731380a5d0fd53759adb..c4a3a0211d8dd2abf0ef7fafc7eced683d64061c 100644 (file)
--- a/lang/python/python-urllib3/Makefile
+++ b/lang/python/python-urllib3/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-urllib3
-PKG_VERSION:=2.6.1
+PKG_VERSION:=2.6.3
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
@@ -17,7 +17,7 @@ PKG_LICENSE_FILES:=LICENSE.txt
 PKG_CPE_ID:=cpe:/a:python:urllib3
 
 PYPI_NAME:=urllib3
-PKG_HASH:=5379eb6e1aba4088bae84f8242960017ec8d8e3decf30480b3a1abdaa9671a3f
+PKG_HASH:=1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed
 
 PKG_BUILD_DEPENDS:= \
        python-hatch-vcs/host \