Bump urllib3 from 2.3.0 to 2.4.0 (#10717)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.4.0</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support. If your company or organization uses Python and
would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and
thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h1>Features</h1>
<ul>
<li>Applied PEP 639 by specifying the license fields in pyproject.toml.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3522">#3522</a>)</li>
<li>Updated exceptions to save and restore more properties during the
pickle/serialization process. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3567">#3567</a>)</li>
<li>Added <code>verify_flags</code> option to
<code>create_urllib3_context</code> with a default of
<code>VERIFY_X509_PARTIAL_CHAIN</code> and
<code>VERIFY_X509_STRICT</code> for Python 3.13+. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3571">#3571</a>)</li>
</ul>
<h1>Bugfixes</h1>
<ul>
<li>Fixed a bug with partial reads of streaming data in Emscripten. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3555">#3555</a>)</li>
</ul>
<h1>Misc</h1>
<ul>
<li>Switched to uv for installing development dependecies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3550">#3550</a>)</li>
<li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub
releases. Attestation of release files since v2.3.0 can be found on
PyPI. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3566">#3566</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.4.0 (2025-04-10)</h1>
<h2>Features</h2>
<ul>
<li>Applied PEP 639 by specifying the license fields in pyproject.toml.
(<code>[#3522](urllib3/urllib3#3522)
&lt;https://github.com/urllib3/urllib3/issues/3522&gt;</code>__)</li>
<li>Updated exceptions to save and restore more properties during the
pickle/serialization process.
(<code>[#3567](urllib3/urllib3#3567)
&lt;https://github.com/urllib3/urllib3/issues/3567&gt;</code>__)</li>
<li>Added <code>verify_flags</code> option to
<code>create_urllib3_context</code> with a default of
<code>VERIFY_X509_PARTIAL_CHAIN</code> and
<code>VERIFY_X509_STRICT</code> for Python 3.13+.
(<code>[#3571](urllib3/urllib3#3571)
&lt;https://github.com/urllib3/urllib3/issues/3571&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Fixed a bug with partial reads of streaming data in Emscripten.
(<code>[#3555](urllib3/urllib3#3555)
&lt;https://github.com/urllib3/urllib3/issues/3555&gt;</code>__)</li>
</ul>
<h2>Misc</h2>
<ul>
<li>Switched to uv for installing development dependecies.
(<code>[#3550](urllib3/urllib3#3550)
&lt;https://github.com/urllib3/urllib3/issues/3550&gt;</code>__)</li>
<li>Removed the <code>multiple.intoto.jsonl</code> asset from GitHub
releases. Attestation of release files since v2.3.0 can be found on
PyPI. (<code>[#3566](urllib3/urllib3#3566)
&lt;https://github.com/urllib3/urllib3/issues/3566&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/a5ff7ac3bbb8659e2ec3ed41dd43889f06a7d7bc"><code>a5ff7ac</code></a>
Release 2.4.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/a135db29f72f828b0ef7314b856d19696a6f48ba"><code>a135db2</code></a>
Upgrade memray and coverage to fix macOS tests (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3589">#3589</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/8f40e71612505a9985b0a58ad793cd84ec97614a"><code>8f40e71</code></a>
Upgrade the publishing action to get correct licensing info on PyPI (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3585">#3585</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3ff4e49ddf889554cf295b4a2e1189d066b60c71"><code>3ff4e49</code></a>
Add a link to the 2024 annual report (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3586">#3586</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/75709c1dbd6770618f061fd0b8a6950c7741f17b"><code>75709c1</code></a>
Set verify flags in <code>create_urllib3_context</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3577">#3577</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5c8f82a2f1c1b7a8360f0c84b5a88f25df070811"><code>5c8f82a</code></a>
Bump astral-sh/setup-uv from 5.3.0 to 5.4.1 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3580">#3580</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/42e90d894b30ef8b897708eb1cdfa24e83cf5067"><code>42e90d8</code></a>
Bump actions/setup-python from 5.4.0 to 5.5.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3579">#3579</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3e8f2db735dcaced6a3b777aa1966f40c018af7c"><code>3e8f2db</code></a>
Stop using Ubuntu 20.04 and 22.04 in CI (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3570">#3570</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e29db82a6df5f9a9acbb6997899f93bda79bb61e"><code>e29db82</code></a>
Update exceptions to have more of their attributes pickled (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3572">#3572</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f8a0c4360ad67aefd79317279ee90c72d5d18697"><code>f8a0c43</code></a>
Add PyPy 3.11 to CI</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

requirements/constraints.txt

@@ -268,7 +268,7 @@ typing-inspection==0.4.0
     # via pydantic
 uritemplate==4.1.1
     # via gidgethub
-urllib3==2.3.0
+urllib3==2.4.0
     # via requests
 uvloop==0.21.0 ; platform_system != "Windows"
     # via

requirements/dev.txt

@@ -259,7 +259,7 @@ typing-inspection==0.4.0
     # via pydantic
 uritemplate==4.1.1
     # via gidgethub
-urllib3==2.3.0
+urllib3==2.4.0
     # via requests
 uvloop==0.21.0 ; platform_system != "Windows" and implementation_name == "cpython"
     # via

requirements/doc-spelling.txt

@@ -72,7 +72,7 @@ towncrier==23.11.0
     # via
     #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
-urllib3==2.3.0
+urllib3==2.4.0
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file:

requirements/doc.txt

@@ -65,7 +65,7 @@ towncrier==23.11.0
     # via
     #   -r requirements/doc.in
     #   sphinxcontrib-towncrier
-urllib3==2.3.0
+urllib3==2.4.0
     # via requests
 
 # The following packages are considered to be unsafe in a requirements file: