chore(deps): upgrade urllib3 to 2.6.3

* Upgrades urllib3 from 1.26.20 to 2.6.3 to resolve security
  vulnerabilities:
    - GHSA-pq67-6m6q-mj2v
    - CVE-2025-66418
    - CVE-2025-66471
    - CVE-2026-21441
* Updates pyproject.toml constraint from "urllib3 (<2.0.0)" to
  "urllib3 (>=2.6.0,<3.0.0)".
* Removes all vulnerability exceptions from scripts/test as they
  are now resolved (4 urllib3 CVEs) or patched (nbconvert CVE-2025-
  53000 fixed in 7.17.0).
* Also includes code quality fixes:
  - Fix pytest.raises to use context manager form (RUF061)
  - Format code with ruff

Co-Authored-by: Peter Weber <[email protected]>

Author: rerowep

pyproject.toml

@@ -73,12 +73,10 @@ dependencies = [
     "dcxml (>=0.1.2)",
     "DeepDiff (>=5.5.0)",
     "docutils (<0.18.0)",
-    # to avoid conflict for urllib3
     "dparse (>=0.5.2)",
     "Mako (>=1.2.2)",
     "jsonresolver",
-    # needed for elasticsearch 7.13.4
-    "urllib3 (<2.0.0)",
+    "urllib3 (>=2.6.0,<3.0.0)",
     "pyparsing (>=3.1.1)",
     "dnspython (>2.4.2)",
     "cryptography (>41.0.7)",

rero_ils/theme/menus.py

@@ -160,8 +160,10 @@ def init_menu_tools(app):
             "viewcode": request.view_args.get("viewcode", app.config.get("RERO_ILS_SEARCH_GLOBAL_VIEW_CODE")),
             "recordType": "collections",
         },
-        visible_when=lambda: app.config.get("RERO_ILS_SEARCH_GLOBAL_VIEW_CODE")
-        != request.view_args.get("viewcode", app.config.get("RERO_ILS_SEARCH_GLOBAL_VIEW_CODE")),
+        visible_when=lambda: (
+            app.config.get("RERO_ILS_SEARCH_GLOBAL_VIEW_CODE")
+            != request.view_args.get("viewcode", app.config.get("RERO_ILS_SEARCH_GLOBAL_VIEW_CODE"))
+        ),
         text=TextWithIcon(icon='<i class="fa fa-graduation-cap"></i>', text="Exhibition/course"),
         order=2,
         id="collections-menu",
@@ -311,8 +313,9 @@ def is_not_read_only():
     rero_register(
         item,
         endpoint="security.register",
-        visible_when=lambda: not app.config.get("RERO_ILS_PUBLIC_USERPROFILES_READONLY", False)
-        and not current_user.is_authenticated,
+        visible_when=lambda: (
+            not app.config.get("RERO_ILS_PUBLIC_USERPROFILES_READONLY", False) and not current_user.is_authenticated
+        ),
         text=TextWithIcon(icon='<i class="fa fa-user-plus"></i>', text="Sign Up"),
         order=2,
         id="signup-menu",

scripts/test

@@ -73,17 +73,7 @@ fi
 
 function pretests () {
   info_msg "Check vulnerabilities:"
-  # nbconvert 7.16.6  CVE-2025-53000
-  add_exceptions "CVE-2025-53000"
-  # urllib3 1.26.20 GHSA-pq67-6m6q-mj2v 2.5.0
-  add_exceptions "GHSA-pq67-6m6q-mj2v"
-  # urllib3 1.26.20 CVE-2025-66418 2.6.0
-  add_exceptions "CVE-2025-66418"
-  # urllib3 1.26.20 CVE-2025-66471 2.6.0
-  add_exceptions "CVE-2025-66471"
-  # urllib3   1.26.20 CVE-2026-21441 2.6.3
-  add_exceptions "CVE-2026-21441"
-  PIPAPI_PYTHON_LOCATION=`which python` pip-audit ${pip_audit_exceptions}
+  PIPAPI_PYTHON_LOCATION=`which python` pip-audit
 
   info_msg "Check json:"
   invenio reroils utils check_json tests/data rero_ils/modules data

tests/api/selfcheck/test_models.py

@@ -68,4 +68,5 @@ def test_selfcheckuser(app):
         comments="a third comment",
     )
     db.session.add(selfcheck_terminal)
-    pytest.raises(IntegrityError, db.session.commit)
+    with pytest.raises(IntegrityError):
+        db.session.commit()