Merge pull request #1288 from bunkerity/dev

Merge branch "dev" into branch "staging"
2026-05-24 09:28:37 +00:00 · 2024-06-18 11:13:23 +01:00 · 2024-06-18 11:13:23 +01:00 · 38b2473759
commit 38b2473759
parent 18517b9553 c5a1d8fdf2
61 changed files with 424 additions and 200 deletions
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@ -92,7 +92,7 @@ jobs:
      # Build cached image
      - name: Build image
        if: inputs.CACHE == true
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          file: ${{ inputs.DOCKERFILE }}
@ -105,7 +105,7 @@ jobs:
      # Build non-cached image
      - name: Build image
        if: inputs.CACHE != true
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          file: ${{ inputs.DOCKERFILE }}
@ -117,7 +117,7 @@ jobs:
      # Check OS vulnerabilities
      - name: Check OS vulnerabilities
        if: ${{ inputs.CACHE_SUFFIX != 'arm' }}
-        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
        with:
          vuln-type: os
          skip-dirs: /root/.cargo
--- a/.github/workflows/linux-build.yml
+++ b/.github/workflows/linux-build.yml
@ -94,7 +94,7 @@ jobs:
      # Build testing package image
      - name: Build package image
        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          load: true
@ -106,7 +106,7 @@ jobs:
      # Build non-testing package image
      - name: Build package image
        if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          load: true
@ -142,7 +142,7 @@ jobs:
          images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
      - name: Build test image
        if: inputs.TEST == true
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          file: tests/linux/Dockerfile-${{ inputs.LINUX }}
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@ -70,7 +70,7 @@ jobs:
          images: bunkerity/${{ inputs.IMAGE }}
      # Build and push
      - name: Build and push
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
+        uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0
        with:
          context: .
          file: ${{ inputs.DOCKERFILE }}
--- a/.github/workflows/push-packagecloud.yml
+++ b/.github/workflows/push-packagecloud.yml
@ -42,7 +42,7 @@ jobs:
      - name: Check out repository code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: Install ruby
-        uses: ruby/setup-ruby@ff740bc00a01b3a50fffc55a1071b1060eeae9dc # v1.180.0
+        uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
        with:
          ruby-version: "3.0"
      - name: Install packagecloud
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@
 - [FEATURE] Add failover logic in case the NGINX configuration is not valid to fallback to the previous configuration and log the error to prevent the service from being stopped
 - [UI] Force HTTPS on setup wizard
 - [UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
+- [UI] Force HTTPS even if UI is installed in advanced mode
 - [UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
 - [UI] Optimize the way the UI handles the requests and the responses
 - [AUTOCONF] Refactor Autoconf config parsing and saving logic so that it doesn't override the scheduler or UI config every time
--- a/README.md
+++ b/README.md
@ -86,6 +86,19 @@ Learn more about the core security features in the [security tuning](https://doc

 A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github). Feel free to visit it and perform some security tests.

+## BunkerWeb Cloud
+
+Don't want to self-host and manage your own BunkerWeb instance(s) ? You might be interested into BunkerWeb Cloud, our fully managed SaaS offer for BunkerWeb.
+
+Try our [BunkerWeb Cloud beta offer for free](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_source=github&utm_campaign=self) and get access to :
+
+- Fully managed BunkerWeb instance hosted in our cloud
+- All BunkerWeb features including PRO ones
+- Monitoring platform including dashboards and alerts
+- Technical support to assist you in the configuration
+
+You will find more information about BunkerWeb Cloud in the [FAQ page](https://panel.bunkerweb.io/knowledgebase/55/BunkerWeb-Cloud?utm_source=github&utm_campaign=self) of the BunkerWeb panel.
+
 ## PRO version

 When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.
--- a/docs/index.md
+++ b/docs/index.md
@ -59,6 +59,19 @@ To delve deeper into the core security features, we invite you to explore the [s

 A demo website protected with BunkerWeb is available at [demo.bunkerweb.io](https://demo.bunkerweb.io/?utm_campaign=self&utm_source=doc). Feel free to visit it and perform some security tests.

+## BunkerWeb Cloud
+
+Don't want to self-host and manage your own BunkerWeb instance(s) ? You might be interested into BunkerWeb Cloud, our fully managed SaaS offer for BunkerWeb.
+
+Try our [BunkerWeb Cloud beta offer for free](https://panel.bunkerweb.io/order/bunkerweb-cloud/14?utm_source=doc&utm_campaign=self) and get access to :
+
+- Fully managed BunkerWeb instance hosted in our cloud
+- All BunkerWeb features including PRO ones
+- Monitoring platform including dashboards and alerts
+- Technical support to assist you in the configuration
+
+You will find more information about BunkerWeb Cloud in the [FAQ page](https://panel.bunkerweb.io/knowledgebase/55/BunkerWeb-Cloud?utm_source=doc&utm_campaign=self) of the BunkerWeb panel.
+
 ## PRO version

 When using BunkerWeb you have the choice of the version you want to use : open-source or PRO.
--- a/docs/requirements.in
+++ b/docs/requirements.in
@ -1,4 +1,4 @@
 mike==2.1.1
-mkdocs-material[imaging]==9.5.26
+mkdocs-material[imaging]==9.5.27
 mkdocs-print-site-plugin==2.5.0
 pytablewriter==1.2.0
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@ -317,9 +317,9 @@ mkdocs-get-deps==0.2.0 \
    --hash=sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c \
    --hash=sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134
    # via mkdocs
-mkdocs-material==9.5.26 \
-    --hash=sha256:56aeb91d94cffa43b6296fa4fbf0eb7c840136e563eecfd12c2d9e92e50ba326 \
-    --hash=sha256:5d01fb0aa1c7946a1e3ae8689aa2b11a030621ecb54894e35aabb74c21016312
+mkdocs-material==9.5.27 \
+    --hash=sha256:a7d4a35f6d4a62b0c43a0cfe7e987da0980c13587b5bc3c26e690ad494427ec0 \
+    --hash=sha256:af8cc263fafa98bb79e9e15a8c966204abf15164987569bd1175fd66a7705182
    # via
    #   -r requirements.in
    #   mkdocs-print-site-plugin
@ -637,9 +637,9 @@ typepy==1.3.2 \
    #   dataproperty
    #   pytablewriter
    #   tabledata
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
 verspec==0.1.0 \
    --hash=sha256:741877d5633cc9464c45a469ae2a31e801e6dbbaa85b9675d481cda100f11c31 \
--- a/docs/web-ui.md
+++ b/docs/web-ui.md
@ -31,6 +31,8 @@ Because the web UI is a web application, the recommended installation procedure
    * Do not open the web UI on the Internet without any further restrictions
    * Apply settings listed in the [security tuning section](security-tuning.md) of the documentation

+    **Please note that using HTTPS in front the web UI is mandatory since version 1.5.8 of BunkerWeb.**
+
 !!! info "Multisite mode"

    The usage of the web UI implies enabling the [multisite mode](concepts.md#multisite-mode).
@ -39,7 +41,7 @@ Because the web UI is a web application, the recommended installation procedure

 !!! info "Wizard"

-    The setup wizard is a feature that helps you to **configure** and **install the web UI** using a **user-friendly interface**. You will need to set the `UI_HOST` setting (`https://hostname-of-web-ui:7000`) and browse the `/setup` URI of your server to access the setup wizard.
+    The setup wizard is a feature that helps you to **configure** and **install the web UI** using a **user-friendly interface**. You will need to set the `UI_HOST` setting (`http://hostname-of-web-ui:7000`) and browse the `/setup` URI of your server to access the setup wizard.

 <figure markdown>
  ![Overview](assets/img/ui-wizard-account.webp){ align=center, width="350" }
@ -70,7 +72,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th

    !!! tip "Accessing the setup wizard"

-        You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your server.
+        You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.


    Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :
@ -162,7 +164,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th

    !!! tip "Accessing the setup wizard"

-        You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your server.
+        You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.

    Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) :

@ -269,7 +271,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th

    !!! tip "Accessing the setup wizard"

-        You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your server.
+        You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.

    Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) :

@ -399,7 +401,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th

    !!! tip "Accessing the setup wizard"

-        You can access the setup wizard by browsing the `https://your-ip-address/setup` URI of your server.
+        You can access the setup wizard by browsing the `https://your-ip-address-or-fqdn/setup` URI of your server.

    Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) :

@ -832,6 +834,7 @@ After a successful login/password combination, you will be prompted to enter you

    - `ADMIN_USERNAME` : username to access the web UI
    - `ADMIN_PASSWORD` : password to access the web UI
+    - `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)

    Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.

@ -953,6 +956,7 @@ After a successful login/password combination, you will be prompted to enter you

    - `ADMIN_USERNAME` : username to access the web UI
    - `ADMIN_PASSWORD` : password to access the web UI
+    - `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)

    Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.

@ -1088,6 +1092,7 @@ After a successful login/password combination, you will be prompted to enter you

    - `ADMIN_USERNAME` : username to access the web UI
    - `ADMIN_PASSWORD` : password to access the web UI
+    - `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)

    Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). We recommend you to connect BunkerWeb and web UI using a dedicated network (like `bw-universe` also used by the scheduler and autoconf) so it won't be on the same network of your web services for obvious security reasons. Please note that the web UI container is listening on the `7000` port.

@ -1236,6 +1241,7 @@ After a successful login/password combination, you will be prompted to enter you

    - `ADMIN_USERNAME` : username to access the web UI
    - `ADMIN_PASSWORD` : password to access the web UI
+    - `OVERRIDE_ADMIN_CREDS` : force override the admin credentials even if we already have a user in the database (default = `no`)

    Accessing the web UI through BunkerWeb is a classical [reverse proxy setup](quickstart-guide.md#protect-http-applications). Network segmentation between web UI and web services is not covered in this documentation. Please note that the web UI container is listening on the `7000` port.

@ -1590,6 +1596,7 @@ After a successful login/password combination, you will be prompted to enter you
    ```conf
    ADMIN_USERNAME=changeme
    ADMIN_PASSWORD=changeme
+    OVERRIDE_ADMIN_CREDS=no
    ```

    Each time you edit the `/etc/bunkerweb/ui.env` file, you will need to restart the service :
--- a/src/common/core/order.json
+++ b/src/common/core/order.json
@ -15,7 +15,7 @@
    "letsencrypt",
    "selfsigned"
  ],
-  "set": ["sessions", "whitelist", "letsencrypt", "customcert", "selfsigned"],
+  "set": ["sessions", "whitelist", "letsencrypt", "customcert", "selfsigned", "ui"],
  "ssl_certificate": ["customcert", "letsencrypt", "selfsigned"],
  "access": [
    "whitelist",
--- a/src/common/core/ui/confs/default-server-http/ui.conf
+++ b/src/common/core/ui/confs/default-server-http/ui.conf
@ -38,7 +38,27 @@ location /setup/check {
    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
    default_type 'text/plain';
    content_by_lua_block {
-        ngx.say("ok")
+        local logger = require "bunkerweb.logger":new("UI")
+        local args, err = ngx.req.get_uri_args(1)
+        if err == "truncated" or not args["server_name"] or args["server_name"] == "" then
+            logger:log(ngx.NOTICE, "Received standard server name check")
+            ngx.print("ok")
+        else
+            logger:log(ngx.NOTICE, "Received remote server name check for " .. args["server_name"])
+            local http = require "resty.http".new()
+            local res, err = http:request_uri("https://" .. args["server_name"] .. "/setup/check", {ssl_verify = false})
+            if not res then
+                ngx.print("ko")
+                logger:log(ngx.ERR, "Server name check failed : " .. err)
+                return
+            end
+            if res.status == 200 and res.body == "ok" then
+                ngx.print("ok")
+                return
+            end
+            logger:log(ngx.ERR, "Server name check failed : status = " .. tostring(res.status) .. " and body != ok")
+            ngx.print("ko")
+        end
    }
 }

--- a/src/common/core/ui/ui.lua
+++ b/src/common/core/ui/ui.lua
@ -0,0 +1,19 @@
+local class = require "middleclass"
+local plugin = require "bunkerweb.plugin"
+
+local ui = class("ui", plugin)
+
+function ui:initialize(ctx)
+	-- Call parent initialize
+	plugin.initialize(self, "ui", ctx)
+end
+
+function ui:set()
+	local https_configured = self.variables["USE_UI"]
+	if https_configured == "yes" then
+		self.ctx.bw.https_configured = "yes"
+	end
+	return self:ret(true, "set https_configured to " .. https_configured)
+end
+
+return ui
--- a/src/common/db/Database.py
+++ b/src/common/db/Database.py
@ -1272,6 +1272,9 @@ class Database:
                        session.query(Services_settings).filter(Services_settings.service_id.in_(missing_ids)).delete()
                        session.query(Custom_configs).filter(Custom_configs.service_id.in_(missing_ids)).delete()
                        session.query(Jobs_cache).filter(Jobs_cache.service_id.in_(missing_ids)).delete()
+                        session.query(Metadata).filter_by(id=1).update(
+                            {Metadata.custom_configs_changed: True, Metadata.last_custom_configs_change: datetime.now()}
+                        )
                        changed_services = True

                drafts = {service for service in services if config.pop(f"{service}_IS_DRAFT", "no") == "yes"}
--- a/src/common/gen/requirements.txt
+++ b/src/common/gen/requirements.txt
@ -294,9 +294,9 @@ six==1.16.0 \
    # via
    #   kubernetes
    #   python-dateutil
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   docker
    #   kubernetes
--- a/src/deps/requirements-deps.txt
+++ b/src/deps/requirements-deps.txt
@ -182,9 +182,9 @@ toposort==1.10 \
    --hash=sha256:bfbb479c53d0a696ea7402601f4e693c97b0367837c8898bc6471adfca37a6bd \
    --hash=sha256:cbdbc0d0bee4d2695ab2ceec97fe0679e9c10eab4b2a87a9372b929e70563a87
    # via pip-compile-multi
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
 wheel==0.43.0 \
    --hash=sha256:465ef92c69fa5c5da2d1cf8ac40559a8c940886afcef87dcf14b9470862f1d85 \
--- a/src/scheduler/requirements.txt
+++ b/src/scheduler/requirements.txt
@ -350,9 +350,9 @@ six==1.16.0 \
    --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
    --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
    # via configobj
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
 zipp==3.19.2 \
    --hash=sha256:bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19 \
--- a/src/ui/gunicorn.conf.py
+++ b/src/ui/gunicorn.conf.py
@ -1,8 +1,11 @@
 from contextlib import suppress
 from hashlib import sha256
+from json import JSONDecodeError, dumps, loads
 from os import cpu_count, getenv, getpid, sep, urandom
 from os.path import join
 from pathlib import Path
+from signal import SIGINT, SIGTERM, signal
+from threading import Lock
 from regex import compile as re_compile
 from sys import path as sys_path
 from time import sleep
@ -36,7 +39,7 @@ workers = MAX_WORKERS
 worker_class = "gthread"
 threads = int(getenv("MAX_THREADS", MAX_WORKERS * 2))
 max_requests_jitter = min(8, MAX_WORKERS)
-graceful_timeout = 5
+graceful_timeout = 30

 DEBUG = getenv("DEBUG", False)

@ -46,10 +49,12 @@ if DEBUG:
    reload = True
    reload_extra_files = [file.as_posix() for file in Path(sep, "usr", "share", "bunkerweb", "ui", "templates").iterdir()]

+LOCK = Lock()
+

 def on_starting(server):
+    TMP_DIR.mkdir(parents=True, exist_ok=True)
    if not getenv("FLASK_SECRET") and not TMP_DIR.joinpath(".flask_secret").is_file():
-        TMP_DIR.mkdir(parents=True, exist_ok=True)
        TMP_DIR.joinpath(".flask_secret").write_text(sha256(urandom(32)).hexdigest(), encoding="utf-8")

    LOGGER = setup_logger("UI")
@ -125,6 +130,29 @@ def on_starting(server):
    LOGGER.info("UI is ready")


+def handle_stop(signum=None, frame=None):
+    if not TMP_DIR.joinpath(".ui.json").is_file():
+        return
+
+    ui_data = "Error"
+    while ui_data == "Error":
+        with suppress(JSONDecodeError):
+            ui_data = loads(TMP_DIR.joinpath(".ui.json").read_text(encoding="utf-8"))
+
+    ui_data["SERVER_STOPPING"] = True
+
+    with LOCK:
+        TMP_DIR.joinpath(".ui.json").write_text(dumps(ui_data), encoding="utf-8")
+
+
+signal(SIGINT, handle_stop)
+signal(SIGTERM, handle_stop)
+
+
+def on_reload(server):
+    handle_stop()
+
+
 def when_ready(server):
    RUN_DIR.mkdir(parents=True, exist_ok=True)
    RUN_DIR.joinpath("ui.pid").write_text(str(getpid()), encoding="utf-8")
@ -135,3 +163,4 @@ def on_exit(server):
    RUN_DIR.joinpath("ui.pid").unlink(missing_ok=True)
    TMP_DIR.joinpath("ui.healthy").unlink(missing_ok=True)
    TMP_DIR.joinpath(".flask_secret").unlink(missing_ok=True)
+    TMP_DIR.joinpath(".ui.json").unlink(missing_ok=True)
--- a/src/ui/main.py
+++ b/src/ui/main.py
@ -21,7 +21,7 @@ from datetime import datetime, timedelta, timezone
 from dateutil.parser import parse as dateutil_parse
 from docker import DockerClient
 from docker.errors import NotFound as docker_NotFound, APIError as docker_APIError, DockerException
-from flask import Flask, Response, flash, jsonify, redirect, render_template, request, send_file, session, url_for
+from flask import Flask, Response, flash, jsonify, make_response, redirect, render_template, request, send_file, session, url_for
 from flask_login import current_user, LoginManager, login_required, login_user, logout_user
 from flask_wtf.csrf import CSRFProtect, CSRFError
 from hashlib import sha256
@ -212,14 +212,6 @@ def manage_bunkerweb(method: str, *args, operation: str = "reloads", is_draft: b
            operation, error = app.config["CONFIG"].edit_service(args[1], args[0], check_changes=(was_draft != is_draft or not is_draft), is_draft=is_draft)
        elif operation == "delete":
            operation, error = app.config["CONFIG"].delete_service(args[2], check_changes=(was_draft != is_draft or not is_draft))
-
-        if not error:
-            if was_draft != is_draft or not is_draft:
-                # update changes in db
-                ret = app.config["DB"].checked_changes(["config", "custom_configs"], value=True)
-                if ret:
-                    app.logger.error(f"Couldn't set the changes to checked in the database: {ret}")
-                    ui_data["TO_FLASH"].append({"content": f"An error occurred when setting the changes to checked in the database : {ret}", "type": "error"})
    elif method == "global_config":
        operation, error = app.config["CONFIG"].edit_global_conf(args[0])

@ -458,11 +450,16 @@ def handle_csrf_error(_):

@app.before_request
 def before_request():
+    ui_data = get_ui_data()
+
+    if ui_data.get("SERVER_STOPPING", False):
+        response = make_response(jsonify({"message": "Server is shutting down, try again later."}), 503)
+        response.headers["Retry-After"] = 30  # Clients should retry after 30 seconds # type: ignore
+        return response
+
    app.config["SCRIPT_NONCE"] = sha256(urandom(32)).hexdigest()

    if not request.path.startswith(("/css", "/images", "/js", "/json", "/webfonts")):
-        ui_data = get_ui_data()
-
        if (
            app.config["DB"].database_uri
            and app.config["DB"].readonly
@ -646,6 +643,11 @@ def setup():
    )


+@app.route("/setup/loading", methods=["GET"])
+def setup_loading():
+    return render_template("setup_loading.html")
+
+
@app.route("/totp", methods=["GET", "POST"])
@login_required
 def totp():
--- a/src/ui/templates/setup.html
+++ b/src/ui/templates/setup.html
@ -246,6 +246,7 @@
                                        <span class="sr-only" aria-check-result></span>
                                    </button>
                                </div>
+                                <p class="mt-4">In case of issues, you can also click <a id="check_url" class="privacy-link" href="https://www.example.com/setup/check" target="_blank">here</a> to perform a manual check.</p>
                            </div>
                            <!-- auto let's encrypt-->
                            <div class="flex flex-col relative col-span-12 my-3 mx-2 max-w-[400px] w-full">
@ -369,15 +370,38 @@
          this.checkBtn.addEventListener("click", (e) => {
            e.preventDefault();
            this.updateCheck("unknown");
-            // get resume
-            const api = `https://${this.servInp.value}/setup/check`;
-            fetch(api)
-              .then((res) => {
+            const self = this;
+            async function fetchCheck(url) {
+                try {
+                  let res = await fetch(url);
+                  let text = await res.text();
+                  text = text.trim();
+                  if (res.status == 200 && text == "ok") {
+                    return true;
+                  }
+                }
+                catch (err) {
+                  return false;
+                }
+                return false;
+            }
+            (async () => {
+              // Check DNS setup
+              let ok = await fetchCheck(`https://${this.servInp.value}/setup/check`);
+              if (!ok) {
+                // Fallback to remote call
+                ok = await fetchCheck(`${window.location.origin}/setup/check?server_name=${this.servInp.value}`);
+                if (!ok) {
+                  this.updateCheck("error");
+                }
+                else {
+                  this.updateCheck("success");
+                }
+              }
+              else {
                this.updateCheck("success");
-              })
-              .catch((err) => {
-                this.updateCheck("error");
-              });
+              }
+            })();
          });
        }

@ -417,6 +441,7 @@
          this.sslCheck = document.querySelector("#auto_lets_encrypt");
          this.urlInp = document.querySelector("#ui_url");
          this.resumeEl = document.querySelector("[data-resume]");
+          this.checkUrl = document.querySelector("#check_url");
          this.init();
        }

@ -443,6 +468,7 @@
          }
          this.urlInp.value = this.urlInp.value.replace("//", "/");
          this.resumeEl.textContent = `https://${this.servInp.value}${this.urlInp.value}`;
+          this.checkUrl.href = `https://${this.servInp.value}/setup/check`;
        }
      }

@ -592,7 +618,7 @@
            this.hideErrMsg();

            // Send email
-            if(this.checkEmailInp.checked && this.emailInp.checkValidity()) {
+            if(this.checkEmailInp.checked && this.emailInp.checkValidity() && this.emailInp.value != "") {
              this.subscribe();
            }

@ -613,27 +639,7 @@
            })
              .then((res) => {
                if (res.status === 200) {
-                  setTimeout(() => {
-                    window.open(`${api}login`, "_self");
-                  }, 60000);
-                  setTimeout(() => {
-                    setInterval(() => {
-                      fetch(`${api}check`, {
-                        mode: "cors",
-                        cache: "no-cache",
-                      })
-                        .then((res) => {
-                          if (res.status === 200 ) {
-                            return res.json();
-                          }
-                        }).then(res => {
-                          if (res.message === "ok") {
-                            window.open(`${api}login`, "_self");
-                          }
-                        })
-                        .catch((err) => {});
-                    }, 1000);
-                  }, 5000);
+                  window.location.href = `https://${this.servInp.value}/setup/loading?target_uri=${this.urlInp.value}`;
                }
              })
              .catch((err) => {
--- a/src/ui/templates/setup_loading.html
+++ b/src/ui/templates/setup_loading.html
--- a/tests/core/antibot/requirements.txt
+++ b/tests/core/antibot/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/authbasic/requirements.txt
+++ b/tests/core/authbasic/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/backup/requirements.txt
+++ b/tests/core/backup/requirements.txt
@ -112,9 +112,9 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via docker
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   docker
    #   requests
--- a/tests/core/badbehavior/requirements.txt
+++ b/tests/core/badbehavior/requirements.txt
@ -114,9 +114,9 @@ requests==2.32.3 \
    # via
    #   -r requirements.in
    #   docker
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   docker
    #   requests
--- a/tests/core/blacklist/api/requirements.txt
+++ b/tests/core/blacklist/api/requirements.txt
@ -31,9 +31,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
--- a/tests/core/blacklist/init/requirements.txt
+++ b/tests/core/blacklist/init/requirements.txt
@ -179,7 +179,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/blacklist/requirements.txt
+++ b/tests/core/blacklist/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/brotli/requirements.txt
+++ b/tests/core/brotli/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/bunkernet/api/requirements.txt
+++ b/tests/core/bunkernet/api/requirements.txt
@ -31,9 +31,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
--- a/tests/core/bunkernet/requirements.txt
+++ b/tests/core/bunkernet/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/bwcli/requirements.txt
+++ b/tests/core/bwcli/requirements.txt
@ -112,9 +112,9 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via docker
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   docker
    #   requests
--- a/tests/core/clientcache/requirements.txt
+++ b/tests/core/clientcache/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/cors/requirements.txt
+++ b/tests/core/cors/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/country/requirements.txt
+++ b/tests/core/country/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/customcert/requirements.txt
+++ b/tests/core/customcert/requirements.txt
@ -251,9 +251,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/dnsbl/init/requirements.txt
+++ b/tests/core/dnsbl/init/requirements.txt
@ -59,9 +59,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via selenium
 wsproto==1.2.0 \
    --hash=sha256:ad565f26ecb92588a3e43bc3d96164de84cd9902482b130d0ddbaa9664a85065 \
--- a/tests/core/dnsbl/requirements.txt
+++ b/tests/core/dnsbl/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/errors/requirements.txt
+++ b/tests/core/errors/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/greylist/api/requirements.txt
+++ b/tests/core/greylist/api/requirements.txt
@ -31,9 +31,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
--- a/tests/core/greylist/init/requirements.txt
+++ b/tests/core/greylist/init/requirements.txt
@ -179,7 +179,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/greylist/requirements.txt
+++ b/tests/core/greylist/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/gzip/requirements.txt
+++ b/tests/core/gzip/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/headers/requirements.txt
+++ b/tests/core/headers/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/inject/requirements.txt
+++ b/tests/core/inject/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/letsencrypt/requirements.txt
+++ b/tests/core/letsencrypt/requirements.txt
@ -200,7 +200,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/limit/requirements.txt
+++ b/tests/core/limit/requirements.txt
@ -144,7 +144,7 @@ typing-extensions==4.12.2 \
    --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
    --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
    # via anyio
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/misc/requirements.txt
+++ b/tests/core/misc/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/modsecurity/requirements.txt
+++ b/tests/core/modsecurity/requirements.txt
@ -114,9 +114,9 @@ requests==2.32.3 \
    # via
    #   -r requirements.in
    #   docker
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   docker
    #   requests
--- a/tests/core/redirect/requirements.txt
+++ b/tests/core/redirect/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/redis/requirements.txt
+++ b/tests/core/redis/requirements.txt
@ -135,9 +135,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
@ -637,9 +637,9 @@ ujson==5.10.0 \
    --hash=sha256:f8ccb77b3e40b151e20519c6ae6d89bfe3f4c14e8e210d910287f778368bb3d1 \
    --hash=sha256:fbd8fd427f57a03cff3ad6574b5e299131585d9727c8c366da4624a9069ed746
    # via fastapi
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/reverseproxy/api/requirements.txt
+++ b/tests/core/reverseproxy/api/requirements.txt
@ -31,9 +31,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
--- a/tests/core/reverseproxy/requirements.txt
+++ b/tests/core/reverseproxy/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/reversescan/requirements.txt
+++ b/tests/core/reversescan/requirements.txt
@ -124,9 +124,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
@ -589,9 +589,9 @@ ujson==5.10.0 \
    --hash=sha256:f8ccb77b3e40b151e20519c6ae6d89bfe3f4c14e8e210d910287f778368bb3d1 \
    --hash=sha256:fbd8fd427f57a03cff3ad6574b5e299131585d9727c8c366da4624a9069ed746
    # via fastapi
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
 uvicorn==0.30.1 \
    --hash=sha256:cd17daa7f3b9d7a24de3617820e634d0933b69eed8e33a516071174427238c81 \
--- a/tests/core/selfsigned/requirements.txt
+++ b/tests/core/selfsigned/requirements.txt
@ -200,7 +200,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/sessions/requirements.txt
+++ b/tests/core/sessions/requirements.txt
@ -159,9 +159,9 @@ trio-websocket==0.11.1 \
    --hash=sha256:18c11793647703c158b1f6e62de638acada927344d534e3c7628eedcb746839f \
    --hash=sha256:520d046b0d030cf970b8b2b2e00c4c2245b3807853ecd44214acd33d74581638
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium
--- a/tests/core/whitelist/api/requirements.txt
+++ b/tests/core/whitelist/api/requirements.txt
@ -31,9 +31,9 @@ dnspython==2.6.1 \
    --hash=sha256:5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 \
    --hash=sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
    # via email-validator
-email-validator==2.1.1 \
-    --hash=sha256:200a70680ba08904be6d1eef729205cc0d687634399a5924d842533efb824b84 \
-    --hash=sha256:97d882d174e2a65732fb43bfce81a3a834cbc1bde8bf419e30ef5ea976370a05
+email-validator==2.1.2 \
+    --hash=sha256:14c0f3d343c4beda37400421b39fa411bbe33a75df20825df73ad53e06a9f04c \
+    --hash=sha256:d89f6324e13b1e39889eab7f9ca2f91dc9aebb6fa50a6d8bd4329ab50f251115
    # via fastapi
 exceptiongroup==1.2.1 \
    --hash=sha256:5258b9ed329c5bbdd31a309f53cbfb0b155341807f6ff7606a1e801a891b29ad \
--- a/tests/core/whitelist/init/requirements.txt
+++ b/tests/core/whitelist/init/requirements.txt
@ -179,7 +179,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/core/whitelist/requirements.txt
+++ b/tests/core/whitelist/requirements.txt
@ -108,7 +108,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@ -257,7 +257,7 @@ requests==2.32.3 \
    --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
    --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
    # via -r requirements.in
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via requests
--- a/tests/ui/requirements.txt
+++ b/tests/ui/requirements.txt
@ -167,9 +167,9 @@ typing-extensions==4.12.2 \
    --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
    --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
    # via selenium
-urllib3==2.2.1 \
-    --hash=sha256:450b20ec296a467077128bff42b73080516e71b56ff59a60a02bef2232c4fa9d \
-    --hash=sha256:d0570876c61ab9e520d776c38acbbb5b05a776d3f9ff98a5c8fd5162a444cf19
+urllib3==2.2.2 \
+    --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+    --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
    # via
    #   requests
    #   selenium