Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
283: Bump requests from 2.25.1 to 2.26.0 r=alallema a=dependabot[bot] Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.26.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/master/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.26.0 (2021-07-13)</h2> <p><strong>Improvements</strong></p> <ul> <li> <p>Requests now supports Brotli compression, if either the <code>brotli</code> or <code>brotlicffi</code> package is installed. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5783">#5783</a>)</p> </li> <li> <p><code>Session.send</code> now correctly resolves proxy configurations from both the Session and Request. Behavior now matches <code>Session.request</code>. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5681">#5681</a>)</p> </li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed a race condition in zip extraction when using Requests in parallel from zip archive. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5707">#5707</a>)</li> </ul> <p><strong>Dependencies</strong></p> <ul> <li> <p>Instead of <code>chardet</code>, use the MIT-licensed <code>charset_normalizer</code> for Python3 to remove license ambiguity for projects bundling requests. If <code>chardet</code> is already installed on your machine it will be used instead of <code>charset_normalizer</code> to keep backwards compatibility. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5797">#5797</a>)</p> <p>You can also install <code>chardet</code> while installing requests by specifying <code>[use_chardet_on_py3]</code> extra as follows:</p> <pre lang="shell"><code>pip install "requests[use_chardet_on_py3]" </code></pre> <p>Python2 still depends upon the <code>chardet</code> module.</p> </li> <li> <p>Requests now supports <code>idna</code> 3.x on Python 3. <code>idna</code> 2.x will continue to be used on Python 2 installations. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5711">#5711</a>)</p> </li> </ul> <p><strong>Deprecations</strong></p> <ul> <li> <p>The <code>requests[security]</code> extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5867">#5867</a>)</p> </li> <li> <p>Requests has officially dropped support for Python 3.5. (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5867">#5867</a>)</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/a1a6a549a0143d9b32717dbe3d75cd543ae5a4f6"><code>a1a6a54</code></a> v2.26.0</li> <li><a href="https://github.com/psf/requests/commit/e253eba5ed8922affe50089548a15fbda298fefd"><code>e253eba</code></a> Stop abusing pytest-httpbin to test commonName support</li> <li><a href="https://github.com/psf/requests/commit/f6c0619d892a41dcf84933810ffda89e9f6b10d4"><code>f6c0619</code></a> Disable requests[security] and remove 3.5 support references</li> <li><a href="https://github.com/psf/requests/commit/33cf965f7271ab4978ed551754db37865c4085db"><code>33cf965</code></a> Allow idna 3.x to be installed on Python 3.x</li> <li><a href="https://github.com/psf/requests/commit/5351469472eccee7ed1a6cae53341446c520d807"><code>5351469</code></a> Add support for brotli decoding (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5783">#5783</a>)</li> <li><a href="https://github.com/psf/requests/commit/24630743cecd3d0e9db7bee7e47381dbadf2d789"><code>2463074</code></a> Avoid zip extract racing condition by using read+write instead extract (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5707">#5707</a>)</li> <li><a href="https://github.com/psf/requests/commit/2ed84f55b22f19a1e1e8eea2e50963dce62052d3"><code>2ed84f5</code></a> Switch LGPL'd chardet for MIT licensed charset_normalizer (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5797">#5797</a>)</li> <li><a href="https://github.com/psf/requests/commit/33d448eb21bbbf643cc1f61493b0b606d8352aea"><code>33d448e</code></a> Pin Flask to <2.0 to fix the test suite</li> <li><a href="https://github.com/psf/requests/commit/1466ad713cf84738cd28f1224a7ab4a19e50e361"><code>1466ad7</code></a> Fix GitHub links (<a href="https://github-redirect.dependabot.com/psf/requests/issues/5835">#5835</a>)</li> <li><a href="https://github.com/psf/requests/commit/f6d43b03fbb9a1e75ed63a9aa15738a8fce99b50"><code>f6d43b0</code></a> Updated to new be-cordial-or-be-on-your-way URL and CoC now references Python...</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.25.1...v2.26.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.25.1&new-version=2.26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information