[Snyk] Fix for 9 vulnerabilities

[dextrorsal]

Snyk has created this PR to fix 9 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

• requirements.txt

⚠️ Warning

equests 2.28.1 requires urllib3, which is not installed.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[sentry]

Bug: The update to urllib3==2.6.3 is incompatible with the pinned requests==2.28.1, which requires urllib3<2.0.
_{Severity: CRITICAL}

🔍 Detailed Analysis

The requirements.txt file pins requests==2.28.1 while upgrading urllib3 to version 2.6.3. According to package metadata, requests==2.28.1 has a strict dependency requirement of urllib3>=1.21.1,<2. This version conflict will likely cause dependency resolution to fail or lead to runtime errors when requests is used. Critical functions like get_jupiter_swap_ix_v6() in src/driftpy/drift_client.py, which rely on requests.get() and requests.post(), will fail, breaking the Jupiter swap functionality.

💡 Suggested Fix

To resolve the incompatibility, either downgrade urllib3 to a version below 2.0 that is compatible with requests==2.28.1, or upgrade requests to a more recent version (e.g., requests>=2.30.0) that officially supports urllib3>=2.0.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: requirements.txt#L63

Potential issue: The `requirements.txt` file pins `requests==2.28.1` while upgrading
`urllib3` to version `2.6.3`. According to package metadata, `requests==2.28.1` has a
strict dependency requirement of `urllib3>=1.21.1,<2`. This version conflict will likely
cause dependency resolution to fail or lead to runtime errors when `requests` is used.
Critical functions like `get_jupiter_swap_ix_v6()` in `src/driftpy/drift_client.py`,
which rely on `requests.get()` and `requests.post()`, will fail, breaking the Jupiter
swap functionality.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8467191}