Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate [secure] extra #2680

Closed
sethmlarson opened this issue Jul 15, 2022 · 16 comments · Fixed by #3147
Closed

Deprecate [secure] extra #2680

sethmlarson opened this issue Jul 15, 2022 · 16 comments · Fixed by #3147
Milestone
v2.x

Comments

@sethmlarson
Copy link
Member

sethmlarson commented Jul 15, 2022
edited by pquentin

Are you seeing a DeprecationWarning?

Hello! If you're seeing one of the below messages in DeprecationWarning you're in the right place:

'urllib3[secure]' extra is deprecated and will be removed in a future release of urllib3 2.x.

'urllib3.contrib.pyopenssl' module is deprecated and will be removed in a future release of urllib3 2.x.

These warnings mean you're using deprecated code. But no worries! You can stop the deprecation warnings by following these steps:

  • If you're using Python 2.7.10 or later and OpenSSL 1.1.1+ (this is almost everyone) then you won't need the urllib3[secure] extra or urllib3.contrib.pyopenssl module. Both were necessary a long time ago, but aren't necessary any more! You can read more context below if you're interested.

  • If you're using an old version of Requests (ie <2.26.0) then you should upgrade to a newer version. Requests v2.26.0 stopped using urllib3[secure] and urllib3.contrib.pyopenssl and didn't encounter any issues for users upgrading.

  • If you're using an old version of Selenium (ie <4.4.3) then you should upgrade to a newer version. Selenium v4.4.1 stopped using urllib3[secure], but only in v4.4.3 was an appropriate dependency on certifi added.

  • Ensure that you're not installing urllib3[secure] anywhere, either in a requirements.txt or directly. You should remove all instances of [secure] and instead only install urllib3.

  • Ensure that your code isn't using the urllib3.contrib.pyopenssl module. We've decided to undeprecate this module in Undeprecate pyOpenSSL third-party module #3126.

  • Ensure that none of your dependencies are installing the urllib3[secure] extra. We have created a list of projects using the urllib3[secure] extra which we have notified and created a PR for each but not all have responded. If you find additional packages then notifying the package about this issue is appreciated.

  • Ensure that none of your dependencies are using the urllib3.contrib.pyopenssl module. If you find a package that is using this module then I suggest notifying the package by pointing to this issue. We've decided to undeprecate this module in Undeprecate pyOpenSSL third-party module #3126.

  • Finally, to silence the DeprecationWarning, uninstall the urllib3-secure-extra package with:

    $ python -m pip uninstall urllib3-secure-extra

Context

There are not nearly as many reasons to use the pyOpenSSL TLS implementation as there previously were. The primary motivations behind creating the implementation were to support SNI before it was available in Python's ssl module everywhere. Requests started using this implementation unconditionally by default but two years ago this was changed to only on Python versions without SNI support. I suspect this number is shrinking.

The [secure] extra began as a way to install all dependencies for our pyOpenSSL TLS implementation but now is only an unfortunate misnomer as it's no more secure than our default implementation on all supported Python versions.

My proposal for now is:

  • Create documentation for pyOpenSSL's deprecation in the docs. We'll be targetting a "future 2.x release" with the actual removal.
  • Begin unconditionally emitting a DeprecationWarning when urllib3.contrib.pyopenssl.inject_into_urllib3 is called and point to the documentation.
  • Remove the [secure] extra on as many packages as possible. If any actually require one of the dependencies (pyOpenSSL, certifi, idna) then add that dependency explicitly to their packages' install_requires. Remove use of inject_into_urllib3 if used anywhere in the package.
  • Search for inject_into_urllib3 on GitHub and see what we find? If there are big projects using it we should alert them.

Timeline for deprecation and removal

In a urllib3 v2.1.0:

  • Make the [secure] extra empty.
  • Make the inject_into_urllib3 function raise an exception with a URL to the documentation.

In a version after that:

  • Remove the [secure] extra
  • Remove the inject_into_urllib3 function and pyopenssl contrib module.
@sethmlarson sethmlarson added this to the v2.x milestone Jul 15, 2022
@sethmlarson sethmlarson pinned this issue Jul 20, 2022
@graingert
Copy link
Contributor

graingert commented Jul 20, 2022
edited

You can make urllib3[secure] depend on something like urllib3-deprecated-secure and then raise a DeprecationWarning if you see that module installed

You'll also be able to use pypi stats to see how many people install it

You can then yank urllib3-deprecated-secure with a message to show when someone tries to install it

@sethmlarson sethmlarson mentioned this issue Jul 28, 2022
Closed
6 tasks
This was referenced Aug 4, 2022
Closed
Merged
Open
fyunusa added a commit to fyunusa/selenium that referenced this issue Aug 10, 2022
@fyunusa
Removed [secure] extra from urllib3 dependencies
d9f584e 
pyOpenSSL and urllib3[secure] are deprecated in the upcoming release (1.26.12)
urllib3/urllib3#2680
This was referenced Aug 10, 2022
Merged
Merged
Open
Merged
Merged
Merged
Merged
Merged
Open
Merged
Merged
Open
Merged
Open
Open
Closed
Merged
symonk pushed a commit to SeleniumHQ/selenium that referenced this issue Aug 14, 2022
@fyunusa
[py]: Remove deprecated urllib3[secure] extras dependency (#10932)
95f0cba 
* Update setup.py

 pyOpenSSL and urllib3[secure] are deprecated in the upcoming release of (1.26.12)
Removed [secure] extra from the urllib3 dependencies

* Removed [secure] extra from urllib3 dependencies

pyOpenSSL and urllib3[secure] are deprecated in the upcoming release (1.26.12)
urllib3/urllib3#2680

* Removed urllib [secure]

Removed urllib3[secure] dependency
@sethmlarson sethmlarson removed this from the v2.x milestone Aug 19, 2022
@ddzialak ddzialak mentioned this issue Aug 22, 2022
Closed
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Aug 22, 2022
py-urllib3: updated to 1.26.12
b53543a 
1.26.12 (2022-08-22)
--------------------
* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
  Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
  for justification and info on how to migrate.
github-merge-queue bot pushed a commit to bazelbuild/rules_python that referenced this issue Oct 4, 2023
@dependabot
build(deps): bump urllib3 from 1.25.11 to 1.26.17 in /examples/pip_in…
961e233 
…stall (#1444)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.11 to
1.26.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would
raise an <code>OverflowError</code> on Python 3.9 and earlier.</li>
</ul>
<h1>1.26.10 (2022-07-07)</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/18e92145e9cddbabdf51c98f54202aa37fd5d4c8"><code>18e9214</code></a>
Use trusted publishing for PyPI</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d25cf83bbae850a290fe34ed1610ae55c0558b36"><code>d25cf83</code></a>
[1.26] Fix invalid test_ssl_failure_midway_through_conn</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25cca389496b86ee809c21e5b641aeaa74809263"><code>25cca38</code></a>
[1.26] Fix test_ssl_object_attributes</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.25.11...1.26.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.25.11&new-version=1.26.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bazelbuild/rules_python/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@darylmathison darylmathison mentioned this issue Oct 4, 2023
Merged
david-lyft pushed a commit to lyft/omnibot that referenced this issue Oct 4, 2023
@dependabot
Bump urllib3 from 1.26.5 to 1.26.17 (#98)
f8e3843 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to
1.26.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would
raise an <code>OverflowError</code> on Python 3.9 and earlier.</li>
</ul>
<h1>1.26.10 (2022-07-07)</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/18e92145e9cddbabdf51c98f54202aa37fd5d4c8"><code>18e9214</code></a>
Use trusted publishing for PyPI</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d25cf83bbae850a290fe34ed1610ae55c0558b36"><code>d25cf83</code></a>
[1.26] Fix invalid test_ssl_failure_midway_through_conn</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25cca389496b86ee809c21e5b641aeaa74809263"><code>25cca38</code></a>
[1.26] Fix test_ssl_object_attributes</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/lyft/omnibot/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@arunshaji95 arunshaji95 mentioned this issue Oct 5, 2023
Merged
@jleaniz jleaniz mentioned this issue Oct 5, 2023
Merged
3 tasks
@pquentin pquentin mentioned this issue Oct 6, 2023
Merged
mergify bot pushed a commit to aws/aws-cdk that referenced this issue Oct 6, 2023
@dependabot
chore(deps): Bump urllib3 from 1.26.7 to 1.26.17 in /packages/@aws-cd…
7b0f824 
…k/aws-lambda-python-alpha/test/lambda-handler-project/shared (#27387)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.7 to 1.26.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code> with many distinct origins would cause connection pools to be closed while requests are in progress (<a href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in IPv6 Zone ID parsing (<a href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in <code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code> packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the <code>urllib3.contrib.pyopenssl</code> module. Both will be removed in v2.x. See this <a href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed with Sigstore!</strong> You can verify the distributables using the <code>.sig</code> and <code>.crt</code> files included on this release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (<code>[#3139](urllib3/urllib3#3139) &lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code> with many distinct origins
would cause connection pools to be closed while requests are in progress (<code>[#2954](urllib3/urllib3#2954) &lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused (<code>[#2645](urllib3/urllib3#2645) &lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899) &lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte (<code>[#2901](urllib3/urllib3#2901) &lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0. (<code>[#2850](urllib3/urllib3#2850) &lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the type hint of <code>PoolKey.key_retries</code> by adding <code>bool</code> to the union. (<code>[#2865](urllib3/urllib3#2865) &lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code> packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the <code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue &lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to <code>HTTPResponse.read</code> would
raise an <code>OverflowError</code> on Python 3.9 and earlier.</li>
</ul>
<h1>1.26.10 (2022-07-07)</h1>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a> Release 1.26.17</li>
<li><a href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a> Backport GHSA-v845-jxx5-vc9f (<a href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a> Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a> [1.26] Configure OS for RTD to fix building docs</li>
<li><a href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a> [1.26] Improve error message when calling urllib3.request() (<a href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a> [1.26] Run coverage even with failed jobs</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a> Release 1.26.16</li>
<li><a href="https://github.com/urllib3/urllib3/commit/18e92145e9cddbabdf51c98f54202aa37fd5d4c8"><code>18e9214</code></a> Use trusted publishing for PyPI</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d25cf83bbae850a290fe34ed1610ae55c0558b36"><code>d25cf83</code></a> [1.26] Fix invalid test_ssl_failure_midway_through_conn</li>
<li><a href="https://github.com/urllib3/urllib3/commit/25cca389496b86ee809c21e5b641aeaa74809263"><code>25cca38</code></a> [1.26] Fix test_ssl_object_attributes</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.7...1.26.17">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.7&new-version=1.26.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts).

</details>
github-actions bot pushed a commit to bacalhau-project/bacalhau that referenced this issue Oct 11, 2023
@dependabot
Bump urllib3 from 1.26.11 to 1.26.17 in /ops (#2877)
98d5b65 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.11 to
1.26.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/18e92145e9cddbabdf51c98f54202aa37fd5d4c8"><code>18e9214</code></a>
Use trusted publishing for PyPI</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d25cf83bbae850a290fe34ed1610ae55c0558b36"><code>d25cf83</code></a>
[1.26] Fix invalid test_ssl_failure_midway_through_conn</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25cca389496b86ee809c21e5b641aeaa74809263"><code>25cca38</code></a>
[1.26] Fix test_ssl_object_attributes</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.11...1.26.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.11&new-version=1.26.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bacalhau-project/bacalhau/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@sethmlarson sethmlarson unpinned this issue Oct 15, 2023
wdbaruni pushed a commit to bacalhau-project/bacalhau that referenced this issue Oct 16, 2023
@dependabot @wdbaruni
Bump urllib3 from 1.26.11 to 1.26.17 in /ops (#2877)
1c74048 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.11 to
1.26.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/18e92145e9cddbabdf51c98f54202aa37fd5d4c8"><code>18e9214</code></a>
Use trusted publishing for PyPI</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d25cf83bbae850a290fe34ed1610ae55c0558b36"><code>d25cf83</code></a>
[1.26] Fix invalid test_ssl_failure_midway_through_conn</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25cca389496b86ee809c21e5b641aeaa74809263"><code>25cca38</code></a>
[1.26] Fix test_ssl_object_attributes</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.11...1.26.17">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.11&new-version=1.26.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bacalhau-project/bacalhau/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
meteorcloudy pushed a commit to bazelbuild/continuous-integration that referenced this issue Oct 18, 2023
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18 in /buildkite/docker/ubuntu1604 (#…
9403602 
…1761)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bazelbuild/continuous-integration/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to bazelbuild/rules_python that referenced this issue Oct 18, 2023
@dependabot
build(deps): bump urllib3 from 1.26.7 to 1.26.18 in /tests/pip_reposi…
fc47e09 
…tory_entry_points (#1500)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.7 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.7...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.7&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/bazelbuild/rules_python/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
kylesurowiec pushed a commit to kylesurowiec/spotify-coverflow that referenced this issue Oct 22, 2023
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18 (#13)
d61197e 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/kylesurowiec/spotify-coverflow/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Qalthos pushed a commit to ansible/pylibssh that referenced this issue Oct 30, 2023
@dependabot
Bump urllib3 from 1.26.5 to 1.26.18 in /docs (#525)
1ef361a 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/ansible/pylibssh/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
VadVergasov pushed a commit to VadVergasov/vkparserbot that referenced this issue Nov 13, 2023
@dependabot
Bump urllib3 from 2.0.7 to 2.1.0 (#386)
43a9038 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.0 (2023-11-13)</h1>
<p>Read the <code>v2 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/69be2992f8a25a1f27e49f339e4d5b98dec07462"><code>69be299</code></a>
Release 2.1.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/77f71d3fbc6b747849e0205929d0e519ba77457b"><code>77f71d3</code></a>
Mention myself in README</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e601a0e8826fc734712f298e92c1a87cee1a08a7"><code>e601a0e</code></a>
Check _has_route <em>within</em> the test function (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3187">#3187</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f7cd7f3f632cf5224f627536f02c2abf7e4146d1"><code>f7cd7f3</code></a>
Stop naming urllib3/requests tests &quot;integration&quot; (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3182">#3182</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6fc4260934b4a780c01a685f3f7982055e1c73e2"><code>6fc4260</code></a>
Use more precise type checks</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fa8ea621579edf4eb94addc9fb1bc5873256381"><code>5fa8ea6</code></a>
Fix lint on Python 3.12</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/872768312273d67ca9b9481028c11acaf213da86"><code>8727683</code></a>
Remove Sphinx version pin</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fc48e711b33c08eea1c1ea8209870f45e8baf05"><code>5fc48e7</code></a>
Treat x-gzip content encoding as gzip</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/ff764a01499203a7c6fbe2e6c0a5a670cf26745c"><code>ff764a0</code></a>
Allow loading CA certificates from memory for proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3150">#3150</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b99cc396b2b760362469796d086fae118aec7fb7"><code>b99cc39</code></a>
Replace deprecated set-output in GitHub Actions</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
apereocas-bot pushed a commit to apereo/cas that referenced this issue Nov 13, 2023
@renovate
renovatebot(deps): update dependency urllib3 to v2.1.0
1140dee 
[![Mend Renovate logo banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [urllib3](https://togithub.com/urllib3/urllib3) ([changelog](https://togithub.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==2.0.7` -> `==2.1.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/urllib3/2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/urllib3/2.0.7/2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/2.0.7/2.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>urllib3/urllib3 (urllib3)</summary>

### [`v2.1.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#210-2023-11-13)

[Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.7...2.1.0)

\==================

Read the `v2 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`\__ for help upgrading to the latest version of urllib3.

## Removals

-   Removed support for the deprecated urllib3\[secure] extra. (`#&#8203;2680 <https://github.com/urllib3/urllib3/issues/2680>`\__)
-   Removed support for the deprecated SecureTransport TLS implementation. (`#&#8203;2681 <https://github.com/urllib3/urllib3/issues/2681>`\__)
-   Removed support for the end-of-life Python 3.7. (`#&#8203;3143 <https://github.com/urllib3/urllib3/issues/3143>`\__)

## Bugfixes

-   Allowed loading CA certificates from memory for proxies. (`#&#8203;3065 <https://github.com/urllib3/urllib3/issues/3065>`\__)
-   Fixed decoding Gzip-encoded responses which specified `x-gzip` content-encoding. (`#&#8203;3174 <https://github.com/urllib3/urllib3/issues/3174>`\__)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm every weekday,before 6am every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apereo/cas).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
VadVergasov pushed a commit to VadVergasov/HometaskBot that referenced this issue Nov 18, 2023
@dependabot
Bump urllib3 from 2.0.7 to 2.1.0 (#461)
9315dc8 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.0 (2023-11-13)</h1>
<p>Read the <code>v2 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/69be2992f8a25a1f27e49f339e4d5b98dec07462"><code>69be299</code></a>
Release 2.1.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/77f71d3fbc6b747849e0205929d0e519ba77457b"><code>77f71d3</code></a>
Mention myself in README</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e601a0e8826fc734712f298e92c1a87cee1a08a7"><code>e601a0e</code></a>
Check _has_route <em>within</em> the test function (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3187">#3187</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f7cd7f3f632cf5224f627536f02c2abf7e4146d1"><code>f7cd7f3</code></a>
Stop naming urllib3/requests tests &quot;integration&quot; (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3182">#3182</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6fc4260934b4a780c01a685f3f7982055e1c73e2"><code>6fc4260</code></a>
Use more precise type checks</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fa8ea621579edf4eb94addc9fb1bc5873256381"><code>5fa8ea6</code></a>
Fix lint on Python 3.12</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/872768312273d67ca9b9481028c11acaf213da86"><code>8727683</code></a>
Remove Sphinx version pin</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fc48e711b33c08eea1c1ea8209870f45e8baf05"><code>5fc48e7</code></a>
Treat x-gzip content encoding as gzip</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/ff764a01499203a7c6fbe2e6c0a5a670cf26745c"><code>ff764a0</code></a>
Allow loading CA certificates from memory for proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3150">#3150</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b99cc396b2b760362469796d086fae118aec7fb7"><code>b99cc39</code></a>
Replace deprecated set-output in GitHub Actions</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
VadVergasov pushed a commit to VadVergasov/MailRedirector that referenced this issue Nov 18, 2023
@dependabot
Bump urllib3 from 2.0.7 to 2.1.0 (#268)
9e56dfd 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.0 (2023-11-13)</h1>
<p>Read the <code>v2 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/69be2992f8a25a1f27e49f339e4d5b98dec07462"><code>69be299</code></a>
Release 2.1.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/77f71d3fbc6b747849e0205929d0e519ba77457b"><code>77f71d3</code></a>
Mention myself in README</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e601a0e8826fc734712f298e92c1a87cee1a08a7"><code>e601a0e</code></a>
Check _has_route <em>within</em> the test function (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3187">#3187</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f7cd7f3f632cf5224f627536f02c2abf7e4146d1"><code>f7cd7f3</code></a>
Stop naming urllib3/requests tests &quot;integration&quot; (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3182">#3182</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6fc4260934b4a780c01a685f3f7982055e1c73e2"><code>6fc4260</code></a>
Use more precise type checks</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fa8ea621579edf4eb94addc9fb1bc5873256381"><code>5fa8ea6</code></a>
Fix lint on Python 3.12</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/872768312273d67ca9b9481028c11acaf213da86"><code>8727683</code></a>
Remove Sphinx version pin</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fc48e711b33c08eea1c1ea8209870f45e8baf05"><code>5fc48e7</code></a>
Treat x-gzip content encoding as gzip</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/ff764a01499203a7c6fbe2e6c0a5a670cf26745c"><code>ff764a0</code></a>
Allow loading CA certificates from memory for proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3150">#3150</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b99cc396b2b760362469796d086fae118aec7fb7"><code>b99cc39</code></a>
Replace deprecated set-output in GitHub Actions</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@cbouss cbouss mentioned this issue Nov 22, 2023
Merged
kai687 pushed a commit to kai687/sphinxawesome-theme that referenced this issue Nov 27, 2023
@dependabot
chore(deps): Bump urllib3 from 2.0.7 to 2.1.0 (#1593)
8665e91 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.0 (2023-11-13)</h1>
<p>Read the <code>v2 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/69be2992f8a25a1f27e49f339e4d5b98dec07462"><code>69be299</code></a>
Release 2.1.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/77f71d3fbc6b747849e0205929d0e519ba77457b"><code>77f71d3</code></a>
Mention myself in README</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e601a0e8826fc734712f298e92c1a87cee1a08a7"><code>e601a0e</code></a>
Check _has_route <em>within</em> the test function (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3187">#3187</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f7cd7f3f632cf5224f627536f02c2abf7e4146d1"><code>f7cd7f3</code></a>
Stop naming urllib3/requests tests &quot;integration&quot; (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3182">#3182</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6fc4260934b4a780c01a685f3f7982055e1c73e2"><code>6fc4260</code></a>
Use more precise type checks</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fa8ea621579edf4eb94addc9fb1bc5873256381"><code>5fa8ea6</code></a>
Fix lint on Python 3.12</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/872768312273d67ca9b9481028c11acaf213da86"><code>8727683</code></a>
Remove Sphinx version pin</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fc48e711b33c08eea1c1ea8209870f45e8baf05"><code>5fc48e7</code></a>
Treat x-gzip content encoding as gzip</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/ff764a01499203a7c6fbe2e6c0a5a670cf26745c"><code>ff764a0</code></a>
Allow loading CA certificates from memory for proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3150">#3150</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b99cc396b2b760362469796d086fae118aec7fb7"><code>b99cc39</code></a>
Replace deprecated set-output in GitHub Actions</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@GSVarsha GSVarsha mentioned this issue Dec 7, 2023
Merged
Teqed added a commit to Teqed/FediFetcher that referenced this issue Dec 11, 2023
@Teqed
chore(deps): bump urllib3 from 2.0.7 to 2.1.0 (#93)
6fd51d7 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.0 (2023-11-13)</h1>
<p>Read the <code>v2 migration guide
&lt;https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html&gt;</code>__
for help upgrading to the latest version of urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/69be2992f8a25a1f27e49f339e4d5b98dec07462"><code>69be299</code></a>
Release 2.1.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/77f71d3fbc6b747849e0205929d0e519ba77457b"><code>77f71d3</code></a>
Mention myself in README</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e601a0e8826fc734712f298e92c1a87cee1a08a7"><code>e601a0e</code></a>
Check _has_route <em>within</em> the test function (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3187">#3187</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/f7cd7f3f632cf5224f627536f02c2abf7e4146d1"><code>f7cd7f3</code></a>
Stop naming urllib3/requests tests &quot;integration&quot; (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3182">#3182</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6fc4260934b4a780c01a685f3f7982055e1c73e2"><code>6fc4260</code></a>
Use more precise type checks</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fa8ea621579edf4eb94addc9fb1bc5873256381"><code>5fa8ea6</code></a>
Fix lint on Python 3.12</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/872768312273d67ca9b9481028c11acaf213da86"><code>8727683</code></a>
Remove Sphinx version pin</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/5fc48e711b33c08eea1c1ea8209870f45e8baf05"><code>5fc48e7</code></a>
Treat x-gzip content encoding as gzip</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/ff764a01499203a7c6fbe2e6c0a5a670cf26745c"><code>ff764a0</code></a>
Allow loading CA certificates from memory for proxies (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3150">#3150</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b99cc396b2b760362469796d086fae118aec7fb7"><code>b99cc39</code></a>
Replace deprecated set-output in GitHub Actions</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
CrisTofani added a commit to pagopa/io-app that referenced this issue Dec 14, 2023
@dependabot @CrisTofani
chore(deps): bump urllib3 from 1.26.6 to 1.26.18 in /scripts/check_ur…
05f033b 
…ls (#5133)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.6 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.6...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.6&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/pagopa/io-app/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Cristiano Tofani <cri.tofani@gmail.com>
CrisTofani pushed a commit to pagopa/io-app that referenced this issue Dec 14, 2023
@dependabot
chore(deps): bump urllib3 from 1.26.6 to 1.26.18 in /scripts/check_ci…
ee48c2e 
…e_button_exists (#5132)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.6 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.6...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.6&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/pagopa/io-app/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
copybara-service bot pushed a commit to grpc/grpc that referenced this issue Jan 10, 2024
@dependabot
[Python Dependency] Bump urllib3 from 1.26.5 to 1.26.18 (#34714)
850912a 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to 1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to GET after HTTP 303 &quot;See Other&quot; redirect responses. (GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code> with many distinct origins would cause connection pools to be closed while requests are in progress (<a href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in IPv6 Zone ID parsing (<a href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in <code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code> packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the <code>urllib3.contrib.pyopenssl</code> module. Both will be removed in v2.x. See this <a href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to HTTPResponse.read would raise an OverflowError on Python 3.9 and earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python 2</strong>: <a href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed with Sigstore!</strong> You can verify the distributables using the <code>.sig</code> and <code>.crt</code> files included on this release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider supporting us via <a href="https://github.com/sponsors/urllib3">GitHub Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via <code>Retry.remove_headers_on_redirect</code>. (<code>[#3139](urllib3/urllib3#3139) &lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code> with many distinct origins
would cause connection pools to be closed while requests are in progress (<code>[#2954](urllib3/urllib3#2954) &lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused (<code>[#2645](urllib3/urllib3#2645) &lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899) &lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte (<code>[#2901](urllib3/urllib3#2901) &lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0. (<code>[#2850](urllib3/urllib3#2850) &lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the type hint of <code>PoolKey.key_retries</code> by adding <code>bool</code> to the union. (<code>[#2865](urllib3/urllib3#2865) &lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code> packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the <code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue &lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to <code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a> Release 1.26.18 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a> Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a> [1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a> Release 1.26.17</li>
<li><a href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a> Backport GHSA-v845-jxx5-vc9f (<a href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a> Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a> [1.26] Configure OS for RTD to fix building docs</li>
<li><a href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a> [1.26] Improve error message when calling urllib3.request() (<a href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a> [1.26] Run coverage even with failed jobs</li>
<li><a href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a> Release 1.26.16</li>
<li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grpc/grpc/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Closes #34714

COPYBARA_INTEGRATE_REVIEW=#34714 from grpc:dependabot/pip/urllib3-1.26.18 3281b12
PiperOrigin-RevId: 597334547
github-actions bot added a commit to MaRDI4NFDI/open-interfaces that referenced this issue Feb 5, 2024
@github-actions
⬆️ Bump urllib3 from 2.0.7 to 2.2.0 (#620)
1ea215b 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.2.0</h2>
<h2>🖥️ urllib3 now works in the browser</h2>
<p>:tada: <strong>This release adds experimental support for <a
href="https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html">using
urllib3 in the browser with Pyodide</a>!</strong> 🎉</p>
<p>Thanks to Joe Marshall (<a
href="https://github.com/joemarshall"><code>@​joemarshall</code></a>)
for contributing this feature. This change was possible thanks to work
done in urllib3 v2.0 to detach our API from <code>http.client</code>.
Please report all bugs to the <a
href="https://github.com/urllib3/urllib3/issues">urllib3 issue
tracker</a>.</p>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support for 2023. If your company or organization uses
Python and would benefit from HTTP/2 support in Requests, pip, cloud
SDKs, and thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Changes</h2>
<ul>
<li>Added support for <a
href="https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html">Emscripten
and Pyodide</a>, including streaming support in cross-origin isolated
browser environments where threading is enabled. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2951">#2951</a>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3186">#3186</a>)</li>
<li>Added rudimentary support for HTTP/2. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3284">#3284</a>)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2244">#2244</a>)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code> to be always set to a
boolean after connecting to a proxy. It could be <code>None</code> in
some cases previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3130">#3130</a>)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3203">#3203</a>)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting from a HTTPS proxy to an HTTP target.
It was set to <code>True</code> previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3267">#3267</a>)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3268">#3268</a>)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3325">#3325</a>)</li>
</ul>
<p>Note for downstream distributors: To run integration tests, you now
need to run the tests a second time with the <code>--integration</code>
pytest flag. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3181">#3181</a>)</p>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>Allowed loading CA certificates from memory for proxies. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3065">#3065</a>)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3174">#3174</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.0 (2024-01-30)</h1>
<ul>
<li>Added support for <code>Emscripten and Pyodide
&lt;https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html&gt;</code><strong>,
including streaming support in cross-origin isolated browser
environments where threading is enabled.
(<code>[#2951](urllib3/urllib3#2951)
&lt;https://github.com/urllib3/urllib3/issues/2951&gt;</code></strong>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method.
(<code>[#3186](urllib3/urllib3#3186)
&lt;https://github.com/urllib3/urllib3/issues/3186&gt;</code>__)</li>
<li>Added rudimentary support for HTTP/2.
(<code>[#3284](urllib3/urllib3#3284)
&lt;https://github.com/urllib3/urllib3/issues/3284&gt;</code>__)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy.
(<code>[#2244](urllib3/urllib3#2244)
&lt;https://github.com/urllib3/urllib3/issues/2244&gt;</code>__)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code>
to be always set to a boolean after connecting to a proxy. It could be
<code>None</code> in some cases previously.
(<code>[#3130](urllib3/urllib3#3130)
&lt;https://github.com/urllib3/urllib3/issues/3130&gt;</code>__)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated
(<code>[#3203](urllib3/urllib3#3203)
&lt;https://github.com/urllib3/urllib3/issues/3203&gt;</code>__)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting
from a HTTPS proxy to an HTTP target. It was set to <code>True</code>
previously.
(<code>[#3267](urllib3/urllib3#3267)
&lt;https://github.com/urllib3/urllib3/issues/3267&gt;</code>__)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS
(<code>[#3268](urllib3/urllib3#3268)
&lt;https://github.com/urllib3/urllib3/issues/3268&gt;</code>__)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled
(<code>[#3325](urllib3/urllib3#3325)
&lt;https://github.com/urllib3/urllib3/issues/3325&gt;</code>__)</li>
<li>Note for downstream distributors: To run integration tests, you now
need to run the tests a second
time with the <code>--integration</code> pytest flag.
(<code>[#3181](urllib3/urllib3#3181)
&lt;https://github.com/urllib3/urllib3/issues/3181&gt;</code>__)</li>
</ul>
<h1>2.1.0 (2023-11-13)</h1>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/04df048cf4b1c3790c56e26c659db764aad62d6f"><code>04df048</code></a>
Release 2.2.0</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2aec09f6a1727dd54f65b9069ef8f168ef40a885"><code>2aec09f</code></a>
Add documentation for Emscripten support</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/6d2f0f63b066ce6064b16ba97dc5cf3f70d5d44a"><code>6d2f0f6</code></a>
Annotate response attribute <code>length_remaining</code> in
BaseHTTPResponse (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3317">#3317</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d7bb83b48c23d8dd429c20a43ac3da74ea6e9df0"><code>d7bb83b</code></a>
Fix TLS 1.3 post-handshake auth</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/8c8e26dab401121e9fccc8e8e8958609ccb045f5"><code>8c8e26d</code></a>
Hide H2Connection inside _LockedObject (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3318">#3318</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/26a07dbd3267b174439f1fca0ab473dc79f473dc"><code>26a07db</code></a>
Make BaseHTTPResponse a base class of HTTP2Response (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3311">#3311</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/71e7c35662a4b2ba8543194cc132616065dfc56a"><code>71e7c35</code></a>
Allow testing HTTP/1.1 and HTTP/2 in the same test (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3310">#3310</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/89ed0d6a65138f6d641e92ae4e0da0cdc7d66870"><code>89ed0d6</code></a>
Add test-pypy 3.8 3.9 3.10 nox sessions (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3304">#3304</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/fb6cf2dba92bba8bdd734deb4d6fde44c19849b9"><code>fb6cf2d</code></a>
Pin to pypy-3.9-v7.3.13 to not timeout CI</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/03f7b65a47d87036674a7909ca6c57d4b5cf1a81"><code>03f7b65</code></a>
Skip memray on pypy (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3286">#3286</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
github-merge-queue bot pushed a commit to Aiven-Open/kio that referenced this issue Mar 1, 2024
@dependabot
chore(deps): bump urllib3 from 2.0.7 to 2.2.1 (#148)
55379c7 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.7 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.2.1</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support for 2023. If your company or organization uses
Python and would benefit from HTTP/2 support in Requests, pip, cloud
SDKs, and thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Changes</h2>
<ul>
<li>Fixed issue where <code>InsecureRequestWarning</code> was emitted
for HTTPS connections when using Emscripten. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3331">#3331</a>)</li>
<li>Fixed <code>HTTPConnectionPool.urlopen</code> to stop automatically
casting non-proxy headers to <code>HTTPHeaderDict</code>. This change
was premature as it did not apply to proxy headers and
<code>HTTPHeaderDict</code> does not handle byte header values correctly
yet. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3343">#3343</a>)</li>
<li>Changed <code>ProtocolError</code> to
<code>InvalidChunkLength</code> when response terminates before the
chunk length is sent. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2860">#2860</a>)</li>
<li>Changed <code>ProtocolError</code> to be more verbose on incomplete
reads with excess content. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3261">#3261</a>)</li>
</ul>
<h2>2.2.0</h2>
<h2>🖥️ urllib3 now works in the browser</h2>
<p>:tada: <strong>This release adds experimental support for <a
href="https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html">using
urllib3 in the browser with Pyodide</a>!</strong> 🎉</p>
<p>Thanks to Joe Marshall (<a
href="https://github.com/joemarshall"><code>@​joemarshall</code></a>)
for contributing this feature. This change was possible thanks to work
done in urllib3 v2.0 to detach our API from <code>http.client</code>.
Please report all bugs to the <a
href="https://github.com/urllib3/urllib3/issues">urllib3 issue
tracker</a>.</p>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support for 2023. If your company or organization uses
Python and would benefit from HTTP/2 support in Requests, pip, cloud
SDKs, and thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Changes</h2>
<ul>
<li>Added support for <a
href="https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html">Emscripten
and Pyodide</a>, including streaming support in cross-origin isolated
browser environments where threading is enabled. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2951">#2951</a>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3186">#3186</a>)</li>
<li>Added rudimentary support for HTTP/2. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3284">#3284</a>)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2244">#2244</a>)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code> to be always set to a
boolean after connecting to a proxy. It could be <code>None</code> in
some cases previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3130">#3130</a>)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3203">#3203</a>)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting from a HTTPS proxy to an HTTP target.
It was set to <code>True</code> previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3267">#3267</a>)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3268">#3268</a>)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3325">#3325</a>)</li>
</ul>
<p>Note for downstream distributors: To run integration tests, you now
need to run the tests a second time with the <code>--integration</code>
pytest flag. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3181">#3181</a>)</p>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.1 (2024-02-16)</h1>
<ul>
<li>Fixed issue where <code>InsecureRequestWarning</code> was emitted
for HTTPS connections when using Emscripten.
(<code>[#3331](urllib3/urllib3#3331)
&lt;https://github.com/urllib3/urllib3/issues/3331&gt;</code>__)</li>
<li>Fixed <code>HTTPConnectionPool.urlopen</code> to stop automatically
casting non-proxy headers to <code>HTTPHeaderDict</code>. This change
was premature as it did not apply to proxy headers and
<code>HTTPHeaderDict</code> does not handle byte header values correctly
yet. (<code>[#3343](urllib3/urllib3#3343)
&lt;https://github.com/urllib3/urllib3/issues/3343&gt;</code>__)</li>
<li>Changed <code>InvalidChunkLength</code> to
<code>ProtocolError</code> when response terminates before the chunk
length is sent.
(<code>[#2860](urllib3/urllib3#2860)
&lt;https://github.com/urllib3/urllib3/issues/2860&gt;</code>__)</li>
<li>Changed <code>ProtocolError</code> to be more verbose on incomplete
reads with excess content.
(<code>[#3261](urllib3/urllib3#3261)
&lt;https://github.com/urllib3/urllib3/issues/3261&gt;</code>__)</li>
</ul>
<h1>2.2.0 (2024-01-30)</h1>
<ul>
<li>Added support for <code>Emscripten and Pyodide
&lt;https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html&gt;</code><strong>,
including streaming support in cross-origin isolated browser
environments where threading is enabled.
(<code>[#2951](urllib3/urllib3#2951)
&lt;https://github.com/urllib3/urllib3/issues/2951&gt;</code></strong>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method.
(<code>[#3186](urllib3/urllib3#3186)
&lt;https://github.com/urllib3/urllib3/issues/3186&gt;</code>__)</li>
<li>Added rudimentary support for HTTP/2.
(<code>[#3284](urllib3/urllib3#3284)
&lt;https://github.com/urllib3/urllib3/issues/3284&gt;</code>__)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy.
(<code>[#2244](urllib3/urllib3#2244)
&lt;https://github.com/urllib3/urllib3/issues/2244&gt;</code>__)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code>
to be always set to a boolean after connecting to a proxy. It could be
<code>None</code> in some cases previously.
(<code>[#3130](urllib3/urllib3#3130)
&lt;https://github.com/urllib3/urllib3/issues/3130&gt;</code>__)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated
(<code>[#3203](urllib3/urllib3#3203)
&lt;https://github.com/urllib3/urllib3/issues/3203&gt;</code>__)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting
from a HTTPS proxy to an HTTP target. It was set to <code>True</code>
previously.
(<code>[#3267](urllib3/urllib3#3267)
&lt;https://github.com/urllib3/urllib3/issues/3267&gt;</code>__)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS
(<code>[#3268](urllib3/urllib3#3268)
&lt;https://github.com/urllib3/urllib3/issues/3268&gt;</code>__)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled
(<code>[#3325](urllib3/urllib3#3325)
&lt;https://github.com/urllib3/urllib3/issues/3325&gt;</code>__)</li>
<li>Note for downstream distributors: To run integration tests, you now
need to run the tests a second
time with the <code>--integration</code> pytest flag.
(<code>[#3181](urllib3/urllib3#3181)
&lt;https://github.com/urllib3/urllib3/issues/3181&gt;</code>__)</li>
</ul>
<h1>2.1.0 (2023-11-13)</h1>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/54d6edf2a671510a5c029d3b76ffe71a5b07147a"><code>54d6edf</code></a>
Release 2.2.1</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/49b2ddaf07ec9ef65ef12d0218117f20e739ee6e"><code>49b2dda</code></a>
Stop casting request headers to HTTPHeaderDict (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3344">#3344</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e22f651079ae65d06efbb28222c27000256ce7a5"><code>e22f651</code></a>
Fix docstring of retries parameter</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/fa541793ad42f2f49846de0a9808ee0a484c53cf"><code>fa54179</code></a>
Distinguish between truncated and excess content in response (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3273">#3273</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/cfe52f96fb65fe2269981d6bba4f22c2bce00b2d"><code>cfe52f9</code></a>
Fix InsecureRequestWarning for HTTPS Emscripten requests (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3333">#3333</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25155d7d3b7d91ef8400bc3cb7600b9253b765a3"><code>25155d7</code></a>
Ensure no remote connections during testing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3328">#3328</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/12f923325a1794bab26c82dbfef2c47d44f054f8"><code>12f9233</code></a>
Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3340">#3340</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/9929d3c4e03b71ba485148a8390cd9411981f40f"><code>9929d3c</code></a>
Add nox session to start local Pyodide console</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/aa8d3dd2535cc125e123e5c2bca38738d6864b2a"><code>aa8d3dd</code></a>
Fix ssl_version tests for upcoming migration to pytest 8</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/23f2287eb526d9384dddeedb6f6345e263bb9b86"><code>23f2287</code></a>
Remove TODO about informational responses (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3319">#3319</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/2.0.7...2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=2.0.7&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
yairsimantov20 pushed a commit to port-labs/ocean that referenced this issue Apr 24, 2024
@dependabot
Bump urllib3 from 1.26.18 to 2.2.1 (#552)
746a3ec 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to
2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>2.2.1</h2>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support for 2023. If your company or organization uses
Python and would benefit from HTTP/2 support in Requests, pip, cloud
SDKs, and thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Changes</h2>
<ul>
<li>Fixed issue where <code>InsecureRequestWarning</code> was emitted
for HTTPS connections when using Emscripten. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3331">#3331</a>)</li>
<li>Fixed <code>HTTPConnectionPool.urlopen</code> to stop automatically
casting non-proxy headers to <code>HTTPHeaderDict</code>. This change
was premature as it did not apply to proxy headers and
<code>HTTPHeaderDict</code> does not handle byte header values correctly
yet. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3343">#3343</a>)</li>
<li>Changed <code>ProtocolError</code> to
<code>InvalidChunkLength</code> when response terminates before the
chunk length is sent. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2860">#2860</a>)</li>
<li>Changed <code>ProtocolError</code> to be more verbose on incomplete
reads with excess content. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3261">#3261</a>)</li>
</ul>
<h2>2.2.0</h2>
<h2>🖥️ urllib3 now works in the browser</h2>
<p>:tada: <strong>This release adds experimental support for <a
href="https://urllib3.readthedocs.io/en/stable/reference/contrib/emscripten.html">using
urllib3 in the browser with Pyodide</a>!</strong> 🎉</p>
<p>Thanks to Joe Marshall (<a
href="https://github.com/joemarshall"><code>@​joemarshall</code></a>)
for contributing this feature. This change was possible thanks to work
done in urllib3 v2.0 to detach our API from <code>http.client</code>.
Please report all bugs to the <a
href="https://github.com/urllib3/urllib3/issues">urllib3 issue
tracker</a>.</p>
<h2>🚀 urllib3 is fundraising for HTTP/2 support</h2>
<p><a
href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3
is raising ~$40,000 USD</a> to release HTTP/2 support and ensure
long-term sustainable maintenance of the project after a sharp decline
in financial support for 2023. If your company or organization uses
Python and would benefit from HTTP/2 support in Requests, pip, cloud
SDKs, and thousands of other projects <a
href="https://opencollective.com/urllib3">please consider contributing
financially</a> to ensure HTTP/2 support is developed sustainably and
maintained for the long-haul.</p>
<p>Thank you for your support.</p>
<h2>Changes</h2>
<ul>
<li>Added support for <a
href="https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html">Emscripten
and Pyodide</a>, including streaming support in cross-origin isolated
browser environments where threading is enabled. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2951">#2951</a>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3186">#3186</a>)</li>
<li>Added rudimentary support for HTTP/2. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3284">#3284</a>)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2244">#2244</a>)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code> to be always set to a
boolean after connecting to a proxy. It could be <code>None</code> in
some cases previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3130">#3130</a>)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3203">#3203</a>)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting from a HTTPS proxy to an HTTP target.
It was set to <code>True</code> previously. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3267">#3267</a>)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3268">#3268</a>)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3325">#3325</a>)</li>
</ul>
<p>Note for downstream distributors: To run integration tests, you now
need to run the tests a second time with the <code>--integration</code>
pytest flag. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3181">#3181</a>)</p>
<h2>2.1.0</h2>
<p>Read the <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2
migration guide</a> for help upgrading to the latest version of
urllib3.</p>
<h2>Removals</h2>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">#2680</a>)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2681">#2681</a>)</li>
<li>Removed support for the end-of-life Python 3.7. (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3143">#3143</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.1 (2024-02-16)</h1>
<ul>
<li>Fixed issue where <code>InsecureRequestWarning</code> was emitted
for HTTPS connections when using Emscripten.
(<code>[#3331](urllib3/urllib3#3331)
&lt;https://github.com/urllib3/urllib3/issues/3331&gt;</code>__)</li>
<li>Fixed <code>HTTPConnectionPool.urlopen</code> to stop automatically
casting non-proxy headers to <code>HTTPHeaderDict</code>. This change
was premature as it did not apply to proxy headers and
<code>HTTPHeaderDict</code> does not handle byte header values correctly
yet. (<code>[#3343](urllib3/urllib3#3343)
&lt;https://github.com/urllib3/urllib3/issues/3343&gt;</code>__)</li>
<li>Changed <code>InvalidChunkLength</code> to
<code>ProtocolError</code> when response terminates before the chunk
length is sent.
(<code>[#2860](urllib3/urllib3#2860)
&lt;https://github.com/urllib3/urllib3/issues/2860&gt;</code>__)</li>
<li>Changed <code>ProtocolError</code> to be more verbose on incomplete
reads with excess content.
(<code>[#3261](urllib3/urllib3#3261)
&lt;https://github.com/urllib3/urllib3/issues/3261&gt;</code>__)</li>
</ul>
<h1>2.2.0 (2024-01-30)</h1>
<ul>
<li>Added support for <code>Emscripten and Pyodide
&lt;https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html&gt;</code><strong>,
including streaming support in cross-origin isolated browser
environments where threading is enabled.
(<code>[#2951](urllib3/urllib3#2951)
&lt;https://github.com/urllib3/urllib3/issues/2951&gt;</code></strong>)</li>
<li>Added support for <code>HTTPResponse.read1()</code> method.
(<code>[#3186](urllib3/urllib3#3186)
&lt;https://github.com/urllib3/urllib3/issues/3186&gt;</code>__)</li>
<li>Added rudimentary support for HTTP/2.
(<code>[#3284](urllib3/urllib3#3284)
&lt;https://github.com/urllib3/urllib3/issues/3284&gt;</code>__)</li>
<li>Fixed issue where requests against urls with trailing dots were
failing due to SSL errors
when using proxy.
(<code>[#2244](urllib3/urllib3#2244)
&lt;https://github.com/urllib3/urllib3/issues/2244&gt;</code>__)</li>
<li>Fixed <code>HTTPConnection.proxy_is_verified</code> and
<code>HTTPSConnection.proxy_is_verified</code>
to be always set to a boolean after connecting to a proxy. It could be
<code>None</code> in some cases previously.
(<code>[#3130](urllib3/urllib3#3130)
&lt;https://github.com/urllib3/urllib3/issues/3130&gt;</code>__)</li>
<li>Fixed an issue where <code>headers</code> passed in a request with
<code>json=</code> would be mutated
(<code>[#3203](urllib3/urllib3#3203)
&lt;https://github.com/urllib3/urllib3/issues/3203&gt;</code>__)</li>
<li>Fixed <code>HTTPSConnection.is_verified</code> to be set to
<code>False</code> when connecting
from a HTTPS proxy to an HTTP target. It was set to <code>True</code>
previously.
(<code>[#3267](urllib3/urllib3#3267)
&lt;https://github.com/urllib3/urllib3/issues/3267&gt;</code>__)</li>
<li>Fixed handling of new error message from OpenSSL 3.2.0 when
configuring an HTTP proxy as HTTPS
(<code>[#3268](urllib3/urllib3#3268)
&lt;https://github.com/urllib3/urllib3/issues/3268&gt;</code>__)</li>
<li>Fixed TLS 1.3 post-handshake auth when the server certificate
validation is disabled
(<code>[#3325](urllib3/urllib3#3325)
&lt;https://github.com/urllib3/urllib3/issues/3325&gt;</code>__)</li>
<li>Note for downstream distributors: To run integration tests, you now
need to run the tests a second
time with the <code>--integration</code> pytest flag.
(<code>[#3181](urllib3/urllib3#3181)
&lt;https://github.com/urllib3/urllib3/issues/3181&gt;</code>__)</li>
</ul>
<h1>2.1.0 (2023-11-13)</h1>
<ul>
<li>Removed support for the deprecated urllib3[secure] extra.
(<code>[#2680](urllib3/urllib3#2680)
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>__)</li>
<li>Removed support for the deprecated SecureTransport TLS
implementation.
(<code>[#2681](urllib3/urllib3#2681)
&lt;https://github.com/urllib3/urllib3/issues/2681&gt;</code>__)</li>
<li>Removed support for the end-of-life Python 3.7.
(<code>[#3143](urllib3/urllib3#3143)
&lt;https://github.com/urllib3/urllib3/issues/3143&gt;</code>__)</li>
<li>Allowed loading CA certificates from memory for proxies.
(<code>[#3065](urllib3/urllib3#3065)
&lt;https://github.com/urllib3/urllib3/issues/3065&gt;</code>__)</li>
<li>Fixed decoding Gzip-encoded responses which specified
<code>x-gzip</code> content-encoding.
(<code>[#3174](urllib3/urllib3#3174)
&lt;https://github.com/urllib3/urllib3/issues/3174&gt;</code>__)</li>
</ul>
<h1>2.0.7 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>2.0.6 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via
<code>Retry.remove_headers_on_redirect</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/54d6edf2a671510a5c029d3b76ffe71a5b07147a"><code>54d6edf</code></a>
Release 2.2.1</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/49b2ddaf07ec9ef65ef12d0218117f20e739ee6e"><code>49b2dda</code></a>
Stop casting request headers to HTTPHeaderDict (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3344">#3344</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e22f651079ae65d06efbb28222c27000256ce7a5"><code>e22f651</code></a>
Fix docstring of retries parameter</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/fa541793ad42f2f49846de0a9808ee0a484c53cf"><code>fa54179</code></a>
Distinguish between truncated and excess content in response (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3273">#3273</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/cfe52f96fb65fe2269981d6bba4f22c2bce00b2d"><code>cfe52f9</code></a>
Fix InsecureRequestWarning for HTTPS Emscripten requests (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3333">#3333</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/25155d7d3b7d91ef8400bc3cb7600b9253b765a3"><code>25155d7</code></a>
Ensure no remote connections during testing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3328">#3328</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/12f923325a1794bab26c82dbfef2c47d44f054f8"><code>12f9233</code></a>
Bump cryptography to 42.0.2 and PyOpenSSL to 24.0.0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3340">#3340</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/9929d3c4e03b71ba485148a8390cd9411981f40f"><code>9929d3c</code></a>
Add nox session to start local Pyodide console</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/aa8d3dd2535cc125e123e5c2bca38738d6864b2a"><code>aa8d3dd</code></a>
Fix ssl_version tests for upcoming migration to pytest 8</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/23f2287eb526d9384dddeedb6f6345e263bb9b86"><code>23f2287</code></a>
Remove TODO about informational responses (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3319">#3319</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.18...2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.18&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
keinsell pushed a commit to keinsell/neuronek that referenced this issue Apr 28, 2024
@dependabot
build(deps): bump urllib3 from 1.26.5 to 1.26.18 in /packages/datasou…
7148775 
…rces/psychonautwiki-tripsit (#405)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.5 to
1.26.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/releases">urllib3's
releases</a>.</em></p>
<blockquote>
<h2>1.26.18</h2>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.
(GHSA-g4mx-q9vg-27p4)</li>
</ul>
<h2>1.26.17</h2>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(GHSA-v845-jxx5-vc9f)</li>
</ul>
<h2>1.26.16</h2>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins would cause connection pools to be closed
while requests are in progress (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2954">#2954</a>)</li>
</ul>
<h2>1.26.15</h2>
<ul>
<li>Fix socket timeout value when HTTPConnection is reused (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2645">urllib3/urllib3#2645</a>)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2899">urllib3/urllib3#2899</a>)</li>
<li>Fix IDNA handling of 'x80' byte (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2901">urllib3/urllib3#2901</a>)</li>
</ul>
<h2>1.26.14</h2>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/2850">#2850</a>)</li>
<li>Removed deprecated <code>HTTPResponse.getheaders()</code> calls in
<code>urllib3.contrib</code> module.</li>
</ul>
<h2>1.26.13</h2>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected even when the port number after removing the zeroes
was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h2>1.26.12</h2>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module. Both will be removed in
v2.x. See this <a
href="https://redirect.github.com/urllib3/urllib3/issues/2680">GitHub
issue</a> for justification and info on how to migrate.</li>
</ul>
<h2>1.26.11</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read would raise an OverflowError on Python 3.9 and
earlier.</li>
</ul>
<h2>1.26.10</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<p>:warning: <strong>urllib3 v2.0 will drop support for Python
2</strong>: <a
href="https://urllib3.readthedocs.io/en/latest/v2-roadmap.html">Read
more in the v2.0 Roadmap</a></p>
<p>:closed_lock_with_key: <strong>This is the first release to be signed
with Sigstore!</strong> You can verify the distributables using the
<code>.sig</code> and <code>.crt</code> files included on this
release.</p>
<ul>
<li>Removed support for Python 3.5</li>
<li>Fixed an issue where a <code>ProxyError</code> recommending
configuring the proxy as HTTP instead of HTTPS could appear even when an
HTTPS proxy wasn't configured.</li>
</ul>
<h2>1.26.9</h2>
<p><strong>If you or your organization rely on urllib3 consider
supporting us via <a href="https://github.com/sponsors/urllib3">GitHub
Sponsors</a>.</strong></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's
changelog</a>.</em></p>
<blockquote>
<h1>1.26.18 (2023-10-17)</h1>
<ul>
<li>Made body stripped from HTTP requests changing the request method to
GET after HTTP 303 &quot;See Other&quot; redirect responses.</li>
</ul>
<h1>1.26.17 (2023-10-02)</h1>
<ul>
<li>Added the <code>Cookie</code> header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via <code>Retry.remove_headers_on_redirect</code>.
(<code>[#3139](urllib3/urllib3#3139)
&lt;https://github.com/urllib3/urllib3/pull/3139&gt;</code>_)</li>
</ul>
<h1>1.26.16 (2023-05-23)</h1>
<ul>
<li>Fixed thread-safety issue where accessing a <code>PoolManager</code>
with many distinct origins
would cause connection pools to be closed while requests are in progress
(<code>[#2954](urllib3/urllib3#2954)
&lt;https://github.com/urllib3/urllib3/pull/2954&gt;</code>_)</li>
</ul>
<h1>1.26.15 (2023-03-10)</h1>
<ul>
<li>Fix socket timeout value when <code>HTTPConnection</code> is reused
(<code>[#2645](urllib3/urllib3#2645)
&lt;https://github.com/urllib3/urllib3/issues/2645&gt;</code>__)</li>
<li>Remove &quot;!&quot; character from the unreserved characters in
IPv6 Zone ID parsing
(<code>[#2899](urllib3/urllib3#2899)
&lt;https://github.com/urllib3/urllib3/issues/2899&gt;</code>__)</li>
<li>Fix IDNA handling of '\x80' byte
(<code>[#2901](urllib3/urllib3#2901)
&lt;https://github.com/urllib3/urllib3/issues/2901&gt;</code>__)</li>
</ul>
<h1>1.26.14 (2023-01-11)</h1>
<ul>
<li>Fixed parsing of port 0 (zero) returning None, instead of 0.
(<code>[#2850](urllib3/urllib3#2850)
&lt;https://github.com/urllib3/urllib3/issues/2850&gt;</code>__)</li>
<li>Removed deprecated getheaders() calls in contrib module. Fixed the
type hint of <code>PoolKey.key_retries</code> by adding
<code>bool</code> to the union.
(<code>[#2865](urllib3/urllib3#2865)
&lt;https://github.com/urllib3/urllib3/issues/2865&gt;</code>__)</li>
</ul>
<h1>1.26.13 (2022-11-23)</h1>
<ul>
<li>Deprecated the <code>HTTPResponse.getheaders()</code> and
<code>HTTPResponse.getheader()</code> methods.</li>
<li>Fixed an issue where parsing a URL with leading zeroes in the port
would be rejected
even when the port number after removing the zeroes was valid.</li>
<li>Fixed a deprecation warning when using cryptography v39.0.0.</li>
<li>Removed the <code>&lt;4</code> in the <code>Requires-Python</code>
packaging metadata field.</li>
</ul>
<h1>1.26.12 (2022-08-22)</h1>
<ul>
<li>Deprecated the <code>urllib3[secure]</code> extra and the
<code>urllib3.contrib.pyopenssl</code> module.
Both will be removed in v2.x. See this <code>GitHub issue
&lt;https://github.com/urllib3/urllib3/issues/2680&gt;</code>_
for justification and info on how to migrate.</li>
</ul>
<h1>1.26.11 (2022-07-25)</h1>
<ul>
<li>Fixed an issue where reading more than 2 GiB in a call to
<code>HTTPResponse.read</code> would</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/urllib3/urllib3/commit/9c2c2307dd1d6af504e09aac0326d86ee3597a0b"><code>9c2c230</code></a>
Release 1.26.18 (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3159">#3159</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"><code>b594c5c</code></a>
Merge pull request from GHSA-g4mx-q9vg-27p4</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/944f0eb134485f41bc531be52de12ba5a37bca73"><code>944f0eb</code></a>
[1.26] Use vendored six in urllib3.contrib.securetransport</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/c9016bf464751a02b7e46f8b86504f47d4238784"><code>c9016bf</code></a>
Release 1.26.17</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"><code>0122035</code></a>
Backport GHSA-v845-jxx5-vc9f (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3139">#3139</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/e63989f97d206e839ab9170c8a76e3e097cc60e8"><code>e63989f</code></a>
Fix installing <code>brotli</code> extra on Python 2.7</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/2e7a24d08713a0131f0b3c7197889466d645cc49"><code>2e7a24d</code></a>
[1.26] Configure OS for RTD to fix building docs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/57181d6ea910ac7cb2ff83345d9e5e0eb816a0d0"><code>57181d6</code></a>
[1.26] Improve error message when calling urllib3.request() (<a
href="https://redirect.github.com/urllib3/urllib3/issues/3058">#3058</a>)</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/3c0148048a523325819377b23fc67f8d46afc3aa"><code>3c01480</code></a>
[1.26] Run coverage even with failed jobs</li>
<li><a
href="https://github.com/urllib3/urllib3/commit/d94029b7e2193ff47b627906a70e06377a09aae8"><code>d94029b</code></a>
Release 1.26.16</li>
<li>Additional commits viewable in <a
href="https://github.com/urllib3/urllib3/compare/1.26.5...1.26.18">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.5&new-version=1.26.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/keinsell/neuronek/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.x
Development

Successfully merging a pull request may close this issue.

Drop support for urllib3[secure] extra pquentin/urllib3
10 participants
@pquentin @gsnedders @graingert @webknjaz @hugovk @jiasli @jaysonlarose @sethmlarson @post-j-ma @pmevzek-godaddy