diff --git a/CVE-2022-40899.patch b/CVE-2022-40899.patch
deleted file mode 100644
index 1f114c8..0000000
--- a/CVE-2022-40899.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Index: future-0.16.0/src/future/backports/http/cookiejar.py
-===================================================================
---- future-0.16.0.orig/src/future/backports/http/cookiejar.py
-+++ future-0.16.0/src/future/backports/http/cookiejar.py
-@@ -224,10 +224,14 @@ LOOSE_HTTP_DATE_RE = re.compile(
-        (?::(\d\d))?    # optional seconds
-     )?                 # optional clock
-        \s*
--    ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+)? # timezone
-+    (?:
-+       ([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+) # timezone
-        \s*
--    (?:\(\w+\))?       # ASCII representation of timezone in parens.
--       \s*$""", re.X | re.ASCII)
-+    )?
-+    (?:
-+       \(\w+\)         # ASCII representation of timezone in parens.
-+       \s*
-+    )?$""", re.X | re.ASCII)
- def http2time(text):
-     """Returns time in seconds since epoch of time represented by a string.
- 
-@@ -297,9 +301,11 @@ ISO_DATE_RE = re.compile(
-       (?::?(\d\d(?:\.\d*)?))?  # optional seconds (and fractional)
-    )?                    # optional clock
-       \s*
--   ([-+]?\d\d?:?(:?\d\d)?
--    |Z|z)?               # timezone  (Z is "zero meridian", i.e. GMT)
--      \s*$""", re.X | re. ASCII)
-+   (?:
-+      ([-+]?\d\d?:?(:?\d\d)?
-+       |Z|z)             # timezone  (Z is "zero meridian", i.e. GMT)
-+      \s*
-+   )?$""", re.X | re. ASCII)
- def iso2time(text):
-     """
-     As for http2time, but parses the ISO 8601 formats:
-Index: future-0.16.0/tests/test_future/test_http_cookiejar.py
-===================================================================
---- future-0.16.0.orig/tests/test_future/test_http_cookiejar.py
-+++ future-0.16.0/tests/test_future/test_http_cookiejar.py
-@@ -103,6 +103,14 @@ class DateTimeTests(unittest.TestCase):
-                               "http2time(%s) is not None\n"
-                               "http2time(test) %s" % (test, http2time(test)))
- 
-+    def test_http2time_redos_regression_actually_completes(self):
-+        # LOOSE_HTTP_DATE_RE was vulnerable to malicious input which caused
-+        # catastrophic backtracking (REDoS). If we regress to cubic complexity,
-+        # this test will take a very long time to succeed. If fixed, it should
-+        # complete within a fraction of a second.
-+        http2time("01 Jan 1970{}00:00:00 GMT!".format(" " * 10 ** 5))
-+        http2time("01 Jan 1970 00:00:00{}GMT!".format(" " * 10 ** 5))
-+
-     def test_iso2time(self):
-         def parse_date(text):
-             return time.gmtime(iso2time(text))[:6]
-@@ -162,6 +170,13 @@ class DateTimeTests(unittest.TestCase):
-                               "iso2time(%s) is not None\n"
-                               "iso2time(test) %s" % (test, iso2time(test)))
- 
-+    def test_iso2time_performance_regression(self):
-+        # If ISO_DATE_RE regresses to quadratic complexity, this test will take
-+        # a very long time to succeed. If fixed, it should complete within a
-+        # fraction of a second.
-+        iso2time('1994-02-03{}14:15:29 -0100!'.format(' '*10**6))
-+        iso2time('1994-02-03 14:15:29{}-0100!'.format(' '*10**6))
-+
- 
- class HeaderTests(unittest.TestCase):
- 
diff --git a/future-0.18.2.tar.gz b/future-0.18.2.tar.gz
deleted file mode 100644
index 4106099..0000000
--- a/future-0.18.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d
-size 829220
diff --git a/future-0.18.3.tar.gz b/future-0.18.3.tar.gz
new file mode 100644
index 0000000..d603fed
--- /dev/null
+++ b/future-0.18.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:34a17436ed1e96697a86f9de3d15a3b0be01d8bc8de9c1dffd59fb8234ed5307
+size 840896
diff --git a/python-future.changes b/python-future.changes
index 297226c..8ec31f5 100644
--- a/python-future.changes
+++ b/python-future.changes
@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Sat Jan 21 09:53:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.18.3:
+  * Backport fix for bpo-38804 (c91d70b)
+  * Fix bug in fix_print.py fixer (dffc579)
+  * Fix bug in fix_raise.py fixer (3401099)
+  * Fix newint bool in py3 (fe645ba)
+  * Fix bug in super() with metaclasses (6e27aac)
+  * docs: fix simple typo, reqest -> request (974eb1f)
+  * Correct eq (c780bf5)
+  * Pass if lint fails (2abe00d)
+  * fix order (f96a219)
+  * Add flake8 to image (046ff18)
+  * Make lint.sh executable (58cc984)
+  * Add docker push to optimize CI (01e8440)
+  * Build System (42b3025)
+  * Add docs build status badge to README.md (3f40bd7)
+  * Use same docs requirements in tox (18ecc5a)
+  * Add docs/requirements.txt (5f9893f)
+  * Add PY37_PLUS, PY38_PLUS, and PY39_PLUS (bee0247)
+  * fix 2.6 test, better comment (ddedcb9)
+  * fix 2.6 test (3f1ff7e)
+  * remove nan test (4dbded1)
+  * include list test values (e3f1a12)
+  * fix other python2 test issues (c051026)
+  * fix missing subTest (f006cad)
+  * import from old imp library on older python versions (fc84fa8)
+  * replace fstrings with format for python 3.4,3.5 (4a687ea)
+  * minor style/spelling fixes (8302d8c)
+  * improve cmp function, add unittest (0d95a40)
+  * Pin typing==3.7.4.1 for Python 3.3 compatiblity (1a48f1b)
+  * Fix various py26 unit test failures (9ca5a14)
+  * Add initial contributing guide with docs build instruction (e55f915)
+  * Add docs building to tox.ini (3ee9e7f)
+  * Support NumPy's specialized int types in builtins.round (b4b54f0)
+  * Added r""" to the docstring to avoid warnings in python3 (5f94572)
+  * Add subclasscheck for past.types.basestring (c9bc0ff)
+  * Correct example in README (681e78c)
+  * Add simple documentation (6c6e3ae)
+  * Add pre-commit hooks (a9c6a37)
+  * Handling of next and next by future.utils.get_next was reversed (52b0ff9)
+  * Add a test for our fix (461d77e)
+  * Compare headers to correct definition of str (3eaa8fd)
+  * Add support for negative ndigits in round; additionally, fixing a bug so
+    that it handles passing in Decimal properly (a4911b9)
+  * Add tkFileDialog to future.movers.tkinter (f6a6549)
+  * Sort before comparing dicts in TestChainMap (6126997)
+  * Fix typo (4dfa099)
+  * Fix formatting in "What's new" (1663dfa)
+  * Fix typo (4236061)
+  * Avoid DeprecationWarning caused by invalid escape (e4b7fa1)
+  * Fixup broken link to external django documentation re: porting to Python 3
+    and unicode_literals (d87713e)
+  * Fixed newdict checking version every time (99030ec)
+  * Add count from 2.7 to 2.6 (1b8ef51)
+- drop CVE-2022-40899.patch (upstream) 
+
 -------------------------------------------------------------------
 Thu Jan  5 12:03:41 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
 
diff --git a/python-future.spec b/python-future.spec
index 08043dc..5e5404b 100644
--- a/python-future.spec
+++ b/python-future.spec
@@ -17,7 +17,7 @@
 
 
 Name:           python-future
-Version:        0.18.2
+Version:        0.18.3
 Release:        0
 Summary:        Single-source support for Python 3 and 2
 # See https://github.com/PythonCharmers/python-future/issues/242 for PSF licensing
@@ -32,8 +32,6 @@ Patch1:         future-correct-mimetype.patch
 # PATCH-FIX-UPSTREAM python39-build.patch gh#PythonCharmers/python-future#578 mcepl@suse.com
 # Overcome incompatibilites with python 3.9
 Patch2:         python39-build.patch
-# PATCH-FIX-UPSTREAM CVE-2022-40899.patch gh#PythonCharmers/python-future#610 bsc#1206673
-Patch3:         CVE-2022-40899.patch
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes