Skip to content

Commit

Permalink
⬆️ Bump urllib3 from 1.26.16 to 2.0.4 (#427)
Browse files Browse the repository at this point in the history 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.16 to
2.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.0.4</h2>
<ul>
<li>Added support for union operators to <code>HTTPHeaderDict</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2254">#2254</a>)</li>
<li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code>
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/3078">#3078</a>)</li>
<li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the
<code>http.client.connect</code> audit event to have the same behavior
as the standard library HTTP client (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2757">#2757</a>)</li>
<li>Relied on the standard library for checking hostnames in supported
PyPy releases (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3087">#3087</a>)</li>
</ul>
<h2>2.0.3</h2>
<ul>
<li>Allowed alternative SSL libraries such as LibreSSL, while still
issuing a warning as we cannot help users facing issues with
implementations other than OpenSSL. <a
href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li>
<li>Deprecated URLs which don't have an explicit scheme <a
href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li>
<li>Fixed response decoding with Zstandard when compressed data is made
of several frames. <a
href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li>
<li>Fixed <code>assert_hostname=False</code> to correctly skip hostname
check. <a
href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li>
</ul>
<h2>2.0.2</h2>
<ul>
<li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes
if buffered decompressed data was still available to be read even if the
underlying socket is closed. This prevents a compressed response from
being truncated. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li>
</ul>
<h2>2.0.1</h2>
<ul>
<li>Fixed a socket leak when fingerprint or hostname verifications fail.
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li>
<li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first
<code>read</code> call or when the internal response body buffer was
otherwise empty. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li>
</ul>
<h2>2.0.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h1>Removed</h1>
<ul>
<li>Removed support for Python 2.7, 3.5, and 3.6 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>,
<a
href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li>
<li>Removed fallback on certificate <code>commonName</code> in
<code>match_hostname()</code> function. This behavior was deprecated in
May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used
to verify the hostname by default. To enable verifying the hostname
against <code>commonName</code> use
<code>SSLContext.hostname_checks_common_name = True</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li>
<li>Removed support for Python with an <code>ssl</code> module compiled
with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives.
Python is moving to require OpenSSL with PEP 644 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li>
<li>Removed support for OpenSSL versions earlier than 1.1.1 or that
don't have SNI support. When an incompatible OpenSSL version is detected
an <code>ImportError</code> is raised (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li>
<li>Removed the list of default ciphers for OpenSSL 1.1.1+ and
SecureTransport as their own defaults are already secure (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li>
<li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and
support for Google App Engine Standard Environment (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li>
<li>Removed deprecated <code>Retry</code> options
<code>method_whitelist</code>,
<code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li>
<li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li>
<li>Removed default value of <code>None</code> for the
<code>request_context</code> parameter of
<code>urllib3.PoolManager.connection_from_pool_key</code>. This change
should have no effect on users as the default value of <code>None</code>
was an invalid option and was never used (<a
href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li>
<li>Removed the <code>urllib3.request</code> module.
<code>urllib3.request.RequestMethods</code> has been made a private API.
This change was made to ensure that <code>from urllib3 import
request</code> imported the top-level <code>request()</code> function
instead of the <code>urllib3.request</code> module (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li>
<li>Removed support for SSLv3.0 from the
<code>urllib3.contrib.pyopenssl</code> even when support is available
from the compiled OpenSSL library (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li>
<li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module
(<a
href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li>
<li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>,
<code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module
<code>urllib3.util.ssl_</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li>
<li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li>
<li>Removed the <code>_prepare_conn</code> method from
<code>HTTPConnectionPool</code>. Previously this was only used to call
<code>HTTPSConnection.set_cert()</code> by
<code>HTTPSConnectionPool</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li>
<li>Removed <code>tls_in_tls_required</code> property from
<code>HTTPSConnection</code>. This is now determined from the
<code>scheme</code> parameter in
<code>HTTPConnection.set_tunnel()</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li>
</ul>
<h1>Deprecated</h1>
<ul>
<li>Deprecated <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> which will be removed in urllib3
v2.1.0. Instead use <code>HTTPResponse.headers</code> and
<code>HTTPResponse.headers.get(name, default)</code>. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>,
<a
href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li>
<li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will
be removed in urllib3 v2.1.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li>
<li>Deprecated <code>urllib3.contrib.securetransport</code> module which
will be removed in urllib3 v2.1.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li>
<li>Deprecated <code>ssl_version</code> option in favor of
<code>ssl_minimum_version</code>. <code>ssl_version</code> will be
removed in urllib3 v2.1.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li>
<li>Deprecated the <code>strict</code> parameter as it's not longer
needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li>
<li>Deprecated the <code>NewConnectionError.pool</code> attribute which
will be removed in urllib3 v2.1.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li>
<li>Deprecated <code>format_header_param_html5</code> and
<code>format_header_param</code> in favor of
<code>format_multipart_header_param</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.0.4 (2023-07-19)</h1>
<ul>
<li>Added support for union operators to <code>HTTPHeaderDict</code>
(<code>[#2254](urllib3/urllib3#2254)
&lt;https://github.com/urllib3/urllib3/issues/2254&gt;</code>__)</li>
<li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code>
(<code>[#3078](urllib3/urllib3#3078)
&lt;https://github.com/urllib3/urllib3/issues/3078&gt;</code>__)</li>
<li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the
<code>http.client.connect</code> audit event to have the same behavior
as the standard library HTTP client
(<code>[#2757](urllib3/urllib3#2757)
&lt;https://github.com/urllib3/urllib3/issues/2757&gt;</code>__)</li>
<li>Relied on the standard library for checking hostnames in supported
PyPy releases
(<code>[#3087](urllib3/urllib3#3087)
&lt;https://github.com/urllib3/urllib3/issues/3087&gt;</code>__)</li>
</ul>
<h1>2.0.3 (2023-06-07)</h1>
<ul>
<li>Allowed alternative SSL libraries such as LibreSSL, while still
issuing a warning as we cannot help users facing issues with
implementations other than OpenSSL.
(<code>[#3020](urllib3/urllib3#3020)
&lt;https://github.com/urllib3/urllib3/issues/3020&gt;</code>__)</li>
<li>Deprecated URLs which don't have an explicit scheme
(<code>[#2950](urllib3/urllib3#2950)
&lt;https://github.com/urllib3/urllib3/pull/2950&gt;</code>_)</li>
<li>Fixed response decoding with Zstandard when compressed data is made
of several frames.
(<code>[#3008](urllib3/urllib3#3008)
&lt;https://github.com/urllib3/urllib3/issues/3008&gt;</code>__)</li>
<li>Fixed <code>assert_hostname=False</code> to correctly skip hostname
check. (<code>[#3051](urllib3/urllib3#3051)
&lt;https://github.com/urllib3/urllib3/issues/3051&gt;</code>__)</li>
</ul>
<h1>2.0.2 (2023-05-03)</h1>
<ul>
<li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes
if buffered decompressed data
was still available to be read even if the underlying socket is closed.
This prevents
a compressed response from being truncated.
(<code>[#3009](urllib3/urllib3#3009)
&lt;https://github.com/urllib3/urllib3/issues/3009&gt;</code>__)</li>
</ul>
<h1>2.0.1 (2023-04-30)</h1>
<ul>
<li>Fixed a socket leak when fingerprint or hostname verifications fail.
(<code>[#2991](urllib3/urllib3#2991)
&lt;https://github.com/urllib3/urllib3/issues/2991&gt;</code>__)</li>
<li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first
<code>read</code> call or when the internal response body buffer was
otherwise empty.
(<code>[#2998](urllib3/urllib3#2998)
&lt;https://github.com/urllib3/urllib3/issues/2998&gt;</code>__)</li>
</ul>
<h1>2.0.0 (2023-04-26)</h1>
<p>Read the <code>v2.0 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removed</h2>
<ul>
<li>Removed support for Python 2.7, 3.5, and 3.6
(<code>[#883](urllib3/urllib3#883)
&lt;https://github.com/urllib3/urllib3/issues/883&gt;</code><strong>,
<code>[#2336](urllib3/urllib3#2336)
&lt;https://github.com/urllib3/urllib3/issues/2336&gt;</code></strong>).</li>
<li>Removed fallback on certificate <code>commonName</code> in
<code>match_hostname()</code> function.
This behavior was deprecated in May 2000 in RFC 2818. Instead only
<code>subjectAltName</code>
is used to verify the hostname by default. To enable verifying the
hostname against
<code>commonName</code> use <code>SSLContext.hostname_checks_common_name
= True</code>
(<code>[#2113](urllib3/urllib3#2113)
&lt;https://github.com/urllib3/urllib3/issues/2113&gt;</code>__).</li>
<li>Removed support for Python with an <code>ssl</code> module compiled
with LibreSSL, CiscoSSL,
wolfSSL, and all other OpenSSL alternatives. Python is moving to require
OpenSSL with PEP 644
(<code>[#2168](urllib3/urllib3#2168)
&lt;https://github.com/urllib3/urllib3/issues/2168&gt;</code>__).</li>
<li>Removed support for OpenSSL versions earlier than 1.1.1 or that
don't have SNI support.
When an incompatible OpenSSL version is detected an
<code>ImportError</code> is raised
(<code>[#2168](urllib3/urllib3#2168)
&lt;https://github.com/urllib3/urllib3/issues/2168&gt;</code>__).</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9fa144545eedb5dc4a2cc3f255e95602a1d7db0"><code>c9fa144</code></a>
Release version 2.0.4 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3084">#3084</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d40d146765a7f7a899427c8add54de67b4b6599a"><code>d40d146</code></a>
Add Illia to CODEOWNERS</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/0a375d19243efb08c9d8a0f3356701ca11ef9791"><code>0a375d1</code></a>
Raise <code>http.client.connect</code> audit events in
<code>HTTPConnection</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2859">#2859</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c056eb3df6aae4d1dff0365baded46235d413520"><code>c056eb3</code></a>
Bump actions/setup-python from 4.6.0 to 4.7.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/a1c184b298823f13dd34c783d56ea538848282f1"><code>a1c184b</code></a>
Remove warnings filters fixed in pytest 7.4.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3086">#3086</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/609c5464cc9d2673549b651b713e07424517fa85"><code>609c546</code></a>
Add support for union operators to <code>HTTPHeaderDict</code> (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2943">#2943</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/05b21ca5d29764aae60c72e4e3bfceead0f70f95"><code>05b21ca</code></a>
Bump cryptography from 41.0.0 to 41.0.2</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/9aa0d4f6cb0d4b34e20fafed4481ac7d785d4969"><code>9aa0d4f</code></a>
Bump cryptography from 39.0.1 to 41.0.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3057">#3057</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/326c4238cbabe85007aa7b1f2e80b880fd01d903"><code>326c423</code></a>
Rely on the standard library for checking hostnames in supported PyPy
releases</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d0ac08d58511c4121138bd46436076409d21acbf"><code>d0ac08d</code></a>
Bump gh-action-pypi-publish to v1.8.8</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.16...2.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.16&new-version=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
  • Loading branch information
@github-actions
github-actions[bot] committed Sep 5, 2023
2 parents 960fe4d + 2f9e354 commit bb9d6a4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion requirements.txt
View file
Expand Up @@ -295,7 +295,7 @@ typing-extensions==4.7.1
# myst-parser
unidecode==1.3.6
# via sphinx-autoapi
urllib3==1.26.16
urllib3==2.0.4
# via requests
virtualenv==20.23.1
# via pre-commit
Expand Down

0 comments on commit bb9d6a4

Please sign in to comment.