From c6e9e113e1921f63fe6638dfc4567c3fe71ca8f0 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Tue, 30 Dec 2025 15:16:27 -0600 Subject: [PATCH 1/3] Upgrade urllib3 to resolve CVEs --- poetry.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 6e93a276..09d31f3d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1285,21 +1285,21 @@ typing-extensions = ">=4.12.0" [[package]] name = "urllib3" -version = "2.5.0" +version = "2.6.2" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"}, - {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"}, + {file = "urllib3-2.6.2-py3-none-any.whl", hash = "sha256:ec21cddfe7724fc7cb4ba4bea7aa8e2ef36f607a4bab81aa6ce42a13dc3f03dd"}, + {file = "urllib3-2.6.2.tar.gz", hash = "sha256:016f9c98bb7e98085cb2b4b17b87d2c702975664e4f060c6532e64d1c1a5e797"}, ] [package.extras] -brotli = ["brotli (>=1.0.9) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\""] +brotli = ["brotli (>=1.2.0) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=1.2.0.0) ; platform_python_implementation != \"CPython\""] h2 = ["h2 (>=4,<5)"] socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] -zstd = ["zstandard (>=0.18.0)"] +zstd = ["backports-zstd (>=1.0.0) ; python_version < \"3.14\""] [[package]] name = "uvloop" From 0ab24df63a349172b5873034e1f05585436205d0 Mon Sep 17 00:00:00 2001 From: Lawrence Elitzer Date: Tue, 30 Dec 2025 15:21:56 -0600 Subject: [PATCH 2/3] Fix Python 3.9 module import race condition in contract tests Add eager import of utils.retries module to prevent KeyError in module lock when templates.py triggers lazy import via __getattr__. This is a known Python 3.9 issue with nested imports that was fixed in 3.10+. The urllib3 upgrade changed import timing enough to expose this latent bug in the lazy loading mechanism. --- _test_contract/conftest.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/_test_contract/conftest.py b/_test_contract/conftest.py index e373bd53..6bba4732 100644 --- a/_test_contract/conftest.py +++ b/_test_contract/conftest.py @@ -7,6 +7,10 @@ from unstructured_client import UnstructuredClient, utils +# Python 3.9 workaround: eagerly import retries to avoid lazy import race condition +# This prevents a KeyError in module lock when templates.py triggers lazy import of utils.retries +from unstructured_client.utils import retries # noqa: F401 + FAKE_API_KEY = "91pmLBeETAbXCpNylRsLq11FdiZPTk" From e46c9cb49631ee34d702383123bf627c3725e791 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Wed, 31 Dec 2025 03:24:59 +0000 Subject: [PATCH 3/3] Bump version to 0.42.7 Co-authored-by: lawrence --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d4d21457..4b3207df 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "unstructured-client" -version = "0.42.6" +version = "0.42.7" description = "Python Client SDK for Unstructured API" authors = [{ name = "Unstructured" },] readme = "README-PYPI.md"