Drop support for Python 3.8 & upgrade urllib3 to 2.5.0

[WilliamCollishaw]

Summary

Drop support for Python 3.8 & upgrade urllib3 to 2.5.0. The version of urllib3 currently in use contains some security findings and we're at a stage where this can be upgraded. See additional context.

If there is already a timeline planned for this release, would love to know what that is.

Desired Behavior

Should be no change in behavior minus no support for Python 3.8

Possible Solution

Self explanitory

Additional context

The version of urllib3 being used currently is triggering security findings in our scanners. New relic have stated a version dropping support for Python 3.8 should be released and in November 2025 (source) and urllib3 is only being held back at an old version because they have already dropped python 3.8 support (as of 2.2.0). There should no longer be any reason to accept the risk of CVE-2025-50181 as is being done here.

[Newrelic-Boomi]

https://new-relic.atlassian.net/browse/NR-485743

[WilliamCollishaw]

https://new-relic.atlassian.net/browse/NR-485743

Any way for me to get access to that without making an account? Or a TL;DR of what is shared on there?

[TimPansino]

Our support window for Python 3.8 just elapsed at the start of this month. We're planning to do this in this quarter, or at the latest in January. That'll be in v12.0.0.

That other comment with a JIRA link is a bot that copies Github issues into tickets for us, there's nothing else in there except the contents of this thread.

[WilliamCollishaw]

Thank you @TimPansino!