Skip to content

ggshield>=1.43.0 is not compatible with urllib3 > 2.6.0 #1160

New issue
New issue
Open
Open
ggshield>=1.43.0 is not compatible with urllib3 > 2.6.0#1160
Labels
status:newThis issue needs to be reviewedtype:bugSomething isn't working
@rsutariy

Description

@rsutariy
rsutariy
opened on Dec 12, 2025

Environment

  • ggshield version>=1.43.0
  • Operating system (Linux, macOS, Windows): macOS
  • Python version : 3.13.5

Describe the bug

While attempting to upgrade urllib3 to version 2.6.0 or higher to resolve security vulnerabilities, we discovered that ggshield 1.43.0 is not compatible with newer urllib3 versions. The ggshield package enforces a dependency constraint requiring:
urllib3 < 2.3.dev0
This prevents us from upgrading urllib3 to a secure version and blocks vulnerability remediation.

Steps to reproduce:

  1. Install Python environment with urllib3 >= 2.6.0
  2. Install ggshield==1.43.0

Actual result:
Observe dependency conflict error:
ggshield requires urllib3<2.3.dev0

Expected result:
ggshield should support urllib3 >= 2.6.0 or publish a compatible version that removes the restrictive dependency.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:newThis issue needs to be reviewedtype:bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions