chore(deps): update urllib3 minimum version

[miketheman]

The current constraint expresses at least urllib3 version 1.10.0,
which has at least 5 CVEs open.

Projects relying on sentry-sdk will get an optimistic version of
the latest, so current test suites are already using the latest version
which patches these vulnerabilities.

Refs:

• GHSA-www2-v7xj-xrc6 (critical)
• GHSA-mh33-7rrq-662w (high)
• GHSA-hmv2-79q8-fv6g (high)
• GHSA-wqvq-5m8c-6g24 (moderate)
• GHSA-5phf-pp7p-vc2r (moderate)

Signed-off-by: Mike Fiedler miketheman@gmail.com

[miketheman]

@sl0thentr0py any chance for a review here? It's be nice to close out some if these security issues.

[miketheman]

Test fails for Python 3.4 - how long are you planning on supporting legacy versions?

[sl0thentr0py]

Hi @miketheman, we're looking into dropping 3.4 but we need to follow some deprecation process first, will get back to you when I know more.

[github-actions]

This pull request has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[miketheman]

@sl0thentr0py any chance of coming back to this?

[sl0thentr0py]

thx @miketheman and sorry for the delay.
getting rid of 3.4 will still take some time due to our 'support everything' policy internally but I've added conditional markers according to PEP 508 which should make this a bit better for the overall ecosystem security wise.

[miketheman]

Thanks @sl0thentr0py ! Looking forward to the release and closing the vulnerable alerts.