Support for urllib3>=2.x (Current dependency blocks security updates)

[MagicAlex238]

Hi, I'm unable to keep my Python environment secure because crossrefapi 1.6.0 requires urllib3==1.26.16, but recent security vulnerabilities require upgrading to urllib3 2.x or later. Here :" Successfully uninstalled urllib3-1.26.16
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
crossrefapi 1.6.0 requires urllib3==1.26.16, but you have urllib3 2.5.0 which is incompatible.
Successfully installed urllib3-2.5.0
"

When I try to upgrade urllib3 for security reasons, crossrefapi forces a downgrade, which leaves my environment exposed to known vulnerabilities.

Could you please update crossrefapi to support urllib3>=2.x?
If there are compatibility issues, could you provide guidance or a timeline for when support might be added?

Thank you!
xxx

[fabiobatalha]

Hello @MagicAlex238 ,

Not sure if it is a problem with the API. Are you using the latest release 1.6.1 ? Is you Python up to date ?

Take a look in the code source. the supported versions of urllib3 are ^2.2.3, so you are able to upgrade until the current version 2.5.0.