{"id":5090,"library":"urllib3-secure-extra","title":"urllib3-secure-extra","description":"urllib3-secure-extra is a marker library (version 0.1.0) designed to detect if the main urllib3 library was installed with its now-deprecated `[secure]` extra. It does not provide any direct functionality or APIs itself. Its presence indicates that a project or one of its dependencies is still relying on the deprecated `urllib3[secure]` installation method. This library has a single release and is not expected to have a regular release cadence, as its purpose is tied to the deprecation of a feature in `urllib3`.","status":"maintenance","version":"0.1.0","language":"en","source_language":"en","source_url":"https://github.com/urllib3/urllib3-secure-extra","tags":["urllib3","secure","deprecated","marker","ssl","tls"],"install":[{"cmd":"pip install urllib3-secure-extra","lang":"bash","label":"Installation (for detection purposes only)"}],"dependencies":[{"reason":"This package is a marker for the deprecated 'secure' extra of urllib3, indicating an indirect dependency.","package":"urllib3","optional":false}],"imports":[],"quickstart":{"code":"# urllib3-secure-extra is a marker package and does not expose any direct API for usage.\n# Its presence is detected by package managers if urllib3[secure] was installed.\n# To check if it's installed (indicating the deprecated extra was used somewhere):\ntry:\n    import urllib3_secure_extra\n    print(\"urllib3-secure-extra is installed. This means urllib3[secure] (deprecated) was used.\")\nexcept ImportError:\n    print(\"urllib3-secure-extra is NOT installed. urllib3[secure] (deprecated) was likely not used directly.\")\n\n# The recommended approach is to ensure 'urllib3[secure]' is NOT installed.\n# Instead, install 'urllib3' directly and manage SSL dependencies explicitly if needed.\n# For example, ensure you have certifi and optionally pyOpenSSL/ndg-httpsclient/pyasn1 for specific use cases.","lang":"python","description":"This quickstart demonstrates how to check for the presence of the `urllib3-secure-extra` marker package. It is crucial to understand that `urllib3-secure-extra` itself is not meant for direct interaction or API calls. Its installation serves as an indicator that the deprecated `urllib3[secure]` extra was installed, either directly or as a dependency of another package. The primary goal should be to remove the `[secure]` extra from your `urllib3` installations."},"warnings":[{"fix":"Remove `[secure]` from your `urllib3` dependency specifications (e.g., in `requirements.txt`). Simply install `urllib3` without the extra. For specific SSL needs that were previously covered by `[secure]`, install `pyOpenSSL` and ensure `urllib3.contrib.pyopenssl` is correctly injected if truly required (though usually not necessary with modern Python and OpenSSL).","message":"The `urllib3[secure]` extra, which `urllib3-secure-extra` marks, is deprecated and has been removed in urllib3 2.0. Installing `urllib3[secure]` will result in errors or unexpected behavior with urllib3 2.x and newer.","severity":"breaking","affected_versions":"urllib3 >= 2.0"},{"fix":"For most modern Python environments (2.7.10+ and OpenSSL 1.1.1+), the `[secure]` extra and direct PyOpenSSL injection are no longer necessary for basic secure connections. Ensure your Python and OpenSSL versions are up-to-date. If PyOpenSSL is strictly required, manage its installation explicitly and use the `urllib3.contrib.pyopenssl` module directly if needed, understanding its implications.","message":"The `urllib3.contrib.pyopenssl` module was also deprecated alongside the `[secure]` extra. While it was later undeprecated, its direct use with `inject_into_urllib3()` should be reviewed.","severity":"deprecated","affected_versions":"urllib3 1.26.12 to <2.0 (initial deprecation); urllib3 >= 2.0 (removed via [secure] extra)"},{"fix":"Do not attempt to import or use `urllib3_secure_extra` in your code. Focus on identifying and updating the root cause: the `urllib3[secure]` dependency in your project or its dependencies.","message":"This library is purely a marker. Its existence in your environment signifies a deprecated dependency in your project or its transitive dependencies. It does not provide any functionality to be imported or called.","severity":"gotcha","affected_versions":"All versions of urllib3-secure-extra"}],"env_vars":null,"last_verified":"2026-04-12T00:00:00.000Z","next_check":"2026-07-11T00:00:00.000Z"}