Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): bump urllib3 from 1.26.14 to 2.0.3 (#54)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 2.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/92196a0f08b2c2139117546ccfbdd3429eb72469"><code>92196a0</code></a> Release 2.0.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/52d2eb1d19cc23b14043591b7d7904c6e5311fa5"><code>52d2eb1</code></a> Fix assert_hostname=False (<a href="https://redirect.github.com/urllib3/urllib3/issues/3055">#3055</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/bfbd47e3da75702f14d124b64ce877a0e0cd331a"><code>bfbd47e</code></a> Fix Python 3.12 CI</li> <li><a href="https://github.com/urllib3/urllib3/commit/b63cc4c4868dadf1545ad9c5c189096532148a7d"><code>b63cc4c</code></a> Correct docstring for Retry backoff factor (<a href="https://redirect.github.com/urllib3/urllib3/issues/3037">#3037</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/7e3884d973c56267c32e0dacf19804afd8a00175"><code>7e3884d</code></a> Allow non-OpenSSL TLS libaries with a warning</li> <li><a href="https://github.com/urllib3/urllib3/commit/e67f13c44fa4aada1954df96eb8cccbb5f2dbd2a"><code>e67f13c</code></a> Add 1.26.16 release to CHANGES.rst on main</li> <li><a href="https://github.com/urllib3/urllib3/commit/ffa2b634392a389da7033834fa485fd648d37e42"><code>ffa2b63</code></a> Deprecate URLs without an explicit scheme</li> <li><a href="https://github.com/urllib3/urllib3/commit/4e9060bfa03af9d6057423b3a54f67e0cd2e7892"><code>4e9060b</code></a> Added OpenGraph information to the documentation</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e94754f85c59d826ac0604d0dd2a0b41874bb36"><code>8e94754</code></a> Remove outdated reference in LICENSE.txt</li> <li><a href="https://github.com/urllib3/urllib3/commit/5dbc8e23488862aadab0706128d387af2f406b51"><code>5dbc8e2</code></a> Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.14...2.0.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.14&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information