From 9f399c589d9db4e91a55fb27f103cd11aab7c4d1 Mon Sep 17 00:00:00 2001
From: Miguel Jacq <mig@mig5.net>
Date: Fri, 9 Jan 2026 12:07:46 +1100
Subject: [PATCH] Update urllib3 dependency to resolve CVE-2026-21441

---
 CHANGELOG.md | 4 ++++
 poetry.lock  | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 808fb36..f5cb7bb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 0.8.3 (unreleased)
+
+ * Update urllib3 dependency to resolve CVE-2026-21441
+
 # 0.8.2
 
  * Add ability to delete an invoice via 'Manage Invoices' dialog
diff --git a/poetry.lock b/poetry.lock
index c320489..af05c5f 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -622,13 +622,13 @@ files = [
 
 [[package]]
 name = "urllib3"
-version = "2.6.2"
+version = "2.6.3"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "urllib3-2.6.2-py3-none-any.whl", hash = "sha256:ec21cddfe7724fc7cb4ba4bea7aa8e2ef36f607a4bab81aa6ce42a13dc3f03dd"},
-    {file = "urllib3-2.6.2.tar.gz", hash = "sha256:016f9c98bb7e98085cb2b4b17b87d2c702975664e4f060c6532e64d1c1a5e797"},
+    {file = "urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"},
+    {file = "urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed"},
 ]
 
 [package.extras]