diff --git a/poetry.lock b/poetry.lock
index e084a9c..4c82cd2 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1326,14 +1326,14 @@ markers = {main = "extra == \"sqlalchemy\"", dev = "python_version == \"3.10\""}
 
 [[package]]
 name = "urllib3"
-version = "2.6.0"
+version = "2.6.3"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.9"
 groups = ["main", "dev"]
 files = [
-    {file = "urllib3-2.6.0-py3-none-any.whl", hash = "sha256:c90f7a39f716c572c4e3e58509581ebd83f9b59cced005b7db7ad2d22b0db99f"},
-    {file = "urllib3-2.6.0.tar.gz", hash = "sha256:cb9bcef5a4b345d5da5d145dc3e30834f58e8018828cbc724d30b4cb7d4d49f1"},
+    {file = "urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"},
+    {file = "urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed"},
 ]
 
 [package.extras]
@@ -1381,4 +1381,4 @@ sqlalchemy = ["greenlet", "requests", "sqlalchemy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<4"
-content-hash = "fbdb02910452087091d7e0d440ae48e8fcfaad2bd543f7145fef440a451e127e"
+content-hash = "6163456f70109ca7bc68ad97ba9772b25f4849bc0808fe5f13e0bffcc71f22e6"
diff --git a/pyproject.toml b/pyproject.toml
index 9125625..c537106 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -16,7 +16,7 @@ sqlalchemy = {version = ">=2.0,<3", optional = true}
 greenlet = {version = ">=3.2.4,<4", optional = true}
 requests = "^2.25.0"
 # Pin urllib3 to a known-safe version (requests depends on urllib3 transitively).
-urllib3 = "==2.6.0"
+urllib3 = "==2.6.3"
 # Explicitly pinning h11 to version 0.16.0 to override a CVE-affected transitive dependency in httpx.
 h11 = "0.16.0"
 
@@ -29,7 +29,7 @@ pytest = ">=7.1.3,<10.0.0"
 pytest-cov = ">=4,<8"
 parameterized = ">=0.8.1,<0.10.0"
 tox = ">=3.26,<5.0"
-urllib3 = "==2.6.0"
+urllib3 = "==2.6.3"
 flake8 = ">=5,<8"
 mock = ">=4.0.3,<6.0.0"
 responses = ">=0.22,<0.26"