New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop Python 2 support #883
Comments
Hey @haikuginger So I'm 100% on board with killing off Python 2 today, but we can't. We will likely have to continue supporting it until 2020 or past that date. urllib3 and requests are both (what is frequently called) "core infrastructure". This is because of pip's dependency on both. What this means to me is that until pip can stop supporting Python 2, we can not drop that support. I don't think we can make a plan now, three years out, because there's three years of data to be collected around usage and that absolutely should factor into our decision making then. If we want to make a plan to make a decision, that's fine by me. Deciding what our deprecation path now is imprudent. I don't think we'll be able to make a decision without that data. |
Chatted with @sigmavirus24 and folks IRL today, and it seems like a reasonable ambition to drop support for a Python in urllib3 v2.0 (added to the wishlist) which will be a big backwards-compat breaking set of changes. Not sure when that will happen, though. Hopefully sometime before 2020. |
Sounds good - so we'll basically plan to release a 2.0 version with a brand-new codebase that drops Python 2.x support, but provide extended maintenance support for 1.x as long as pip needs it? Just making sure I understand the situation; wish I could have made it out to PyCon, but there you are. |
For some definition of extended maintenance, yes. :P |
@sigmavirus24 @Lukasa, it looks like pip has dropped support for Python 2.6. How does the Requests team feel about doing so as well in coordination with urllib3? |
@haikuginger the current decision was to drop Python 2.6 with Requests 3.0 and we have a PR doing so merged into that branch. I think some of the changes slated for Requests 3.0 were dependent on urllib3 2.0 though. I'm not sure what the decision is for the future of the urllib3 2.0 branch, but once that's figured out, we can probably start to roadmap out related Requests 3.0 changes. If urllib3 2.0 is still far off, and we have a substantial reason to drop 2.6, we could consider dropping it earlier. However, we'd probably want at least a full release cycle for deprecation before doing that. P.S. Congrats on lead maintainer 🎉 |
By the way, here's the pip installs for urllib3 from PyPI for April 2018:
Source: |
I see Requests 2.19 (2018-06-12) has now officially dropped support for Python 2.6 (psf/requests#4672) (and will remove the 2.6 code in Requests 3.0). Any thoughts on dropping 2.6 in urllib3, before the full Python 2 removal? Here's urllib3's July numbers:
|
Yes, the maintainers would be happy to remove Python 2.6 now that pip dropped support. Is this something you'd like to work on? |
Yes, I can make a PR for it. |
I'm +1 to dropping 2.6 support. Our last release included features specifically for pip 9.x with the intent of dropping 2.6 after pip had done so. |
Please see PR #1429. |
The general plan in 2016 was, hopefully sometime before 2020, for urllib3 v2.0 to drop Python 2 (along with a big backwards-compat breaking set of changes), and provide extended maintenance support for 1.x as long as pip needs it. Is this still the plan? Nine months out from Python 2's EOL (2020-01-01), is now a good time to make firmer plans? PS pip is now warning (pypa/pip#6148):
|
I think the general approach has been to wait until pip doesn't need it anymore. There's an active discussion going on here: https://discuss.python.org/t/packaging-and-python-2/662/95 |
According to https://pypistats.org/packages/urllib3 Python 2 still has 50%+ of downloads. |
@and-semakin There are no plans to drop Python 2 currently. |
pip 20.3 (October 2020) will be the last version to support Python 2, and pip 21.0 (Jan 2021) will be the first version to drop support for Python 2. |
I discussed with Seth, the current plan is:
|
Looking at PyPI downloads for the most recent version 1.25.9 we're still a ways off from the "trigger point" with Python 2.7 at ~40%:
cc @nateprewitt |
@sethmlarson I'd strongly recommend looking at downloads of the latest version (maybe ones released in the past month) instead of all versions. IMO it doesn't make sense to include folks who aren't upgrading to newer versions, when considering what to support in next versions. For pip, the skew was 35-45% (all) vs 18%-20% (latest), and I wouldn't be surprised if it is similar for urllib3. |
Those numbers are from the most recent release (1.25.9). Totally agree that it doesn't make sense to count users who don't upgrade. |
Oh, I did a whooopsie and did not read carefully enough. Sorry for the noise! :) I really hope a whole bunch of those Py2 PyPI downloads are from someone's cluster that will switch over to Py3 sometime soon. |
What tool/query did you both use to get numbers for only the latest version? |
For others here's the query I'm using for PyPI's dataset on June 10th (Wednesday):
This query results in the following:
Running with only the major version:
So the calculated percentage of Python 2.x is ~29.5% |
2.0.0 (2023-04-26) ================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3. Removed ------- * Removed support for Python 2.7, 3.5, and 3.6 (`#883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`#2113 <https://github.com/urllib3/urllib3/issues/2113>`__). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#2082 <https://github.com/urllib3/urllib3/issues/2082>`__). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`#2044 <https://github.com/urllib3/urllib3/issues/2044>`__). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`#2086 <https://github.com/urllib3/urllib3/issues/2086>`__). * Removed ``urllib3.HTTPResponse.from_httplib`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module (`#2269 <https://github.com/urllib3/urllib3/issues/2269>`__). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`#2233 <https://github.com/urllib3/urllib3/issues/2233>`__). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`#2339 <https://github.com/urllib3/urllib3/issues/2339>`__). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed ``urllib3.exceptions.SNIMissingWarning`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Deprecated ---------- * Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`#1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__). * Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`#2691 <https://github.com/urllib3/urllib3/issues/2691>`__). * Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`#2692 <https://github.com/urllib3/urllib3/issues/2692>`__). * Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Deprecated the ``strict`` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#2267 <https://github.com/urllib3/urllib3/issues/2267>`__) * Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`#2271 <https://github.com/urllib3/urllib3/issues/2271>`__). * Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Added ----- * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`#2150 <https://github.com/urllib3/urllib3/issues/2150>`__). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`#2243 <https://github.com/urllib3/urllib3/issues/2243>`__). * Added type hints to the ``urllib3`` module (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package (`#1992 <https://github.com/urllib3/urllib3/issues/1992>`__). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`#2083 <https://github.com/urllib3/urllib3/issues/2083>`__). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`#2197 <https://github.com/urllib3/urllib3/issues/2197>`__). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`#2216 <https://github.com/urllib3/urllib3/issues/2216>`__). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) (`#2242 <https://github.com/urllib3/urllib3/issues/2242>`__). * Added ``NameResolutionError`` exception when a DNS error occurs (`#2305 <https://github.com/urllib3/urllib3/issues/2305>`__). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`#2409 <https://github.com/urllib3/urllib3/issues/2409>`__). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`#2494 <https://github.com/urllib3/urllib3/issues/2494>`__). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`#2520 <https://github.com/urllib3/urllib3/issues/2520>`__). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added optional ``backoff_jitter`` parameter to ``Retry``. (`#2952 <https://github.com/urllib3/urllib3/issues/2952>`__) Changed ------- * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`#2128 <https://github.com/urllib3/urllib3/issues/2128>`__). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`#2373 <https://github.com/urllib3/urllib3/issues/2373>`__). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#2482 <https://github.com/urllib3/urllib3/pull/2482>`__). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`#2589 <https://github.com/urllib3/urllib3/issues/2589>`__). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`#2515 <https://github.com/urllib3/urllib3/issues/2515>`__). * Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`#2514 <https://github.com/urllib3/urllib3/issues/2514>`__). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`#2080 <https://github.com/urllib3/urllib3/issues/2080>`__). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`#2628 <https://github.com/urllib3/urllib3/issues/2628>`__). * Changed usage of the deprecated ``socket.error`` to ``OSError`` (`#2120 <https://github.com/urllib3/urllib3/issues/2120>`__). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``. * Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`#2452 <https://github.com/urllib3/urllib3/pull/2452>`__). * Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`#2537 <https://github.com/urllib3/urllib3/pull/2537>`__). * Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`#2348 <https://github.com/urllib3/urllib3/pull/2348>`__). * Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`#2800 <https://github.com/urllib3/urllib3/issues/2800>`__). Fixed ----- * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`#1252 <https://github.com/urllib3/urllib3/issues/1252>`__). * Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`#2645 <https://github.com/urllib3/urllib3/issues/2645>`__). * Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`#2118 <https://github.com/urllib3/urllib3/issues/2118>`__). * Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`#2213 <https://github.com/urllib3/urllib3/issues/2213>`__). * Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`#2272 <https://github.com/urllib3/urllib3/issues/2272>`__). * Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`#2277 <https://github.com/urllib3/urllib3/issues/2277>`__). * Fixed a socket leak if ``HTTPConnection.connect()`` fails (`#2571 <https://github.com/urllib3/urllib3/pull/2571>`__). * Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`#2970 <https://github.com/urllib3/urllib3/issues/2970>`__)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 2.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/92196a0f08b2c2139117546ccfbdd3429eb72469"><code>92196a0</code></a> Release 2.0.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/52d2eb1d19cc23b14043591b7d7904c6e5311fa5"><code>52d2eb1</code></a> Fix assert_hostname=False (<a href="https://redirect.github.com/urllib3/urllib3/issues/3055">#3055</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/bfbd47e3da75702f14d124b64ce877a0e0cd331a"><code>bfbd47e</code></a> Fix Python 3.12 CI</li> <li><a href="https://github.com/urllib3/urllib3/commit/b63cc4c4868dadf1545ad9c5c189096532148a7d"><code>b63cc4c</code></a> Correct docstring for Retry backoff factor (<a href="https://redirect.github.com/urllib3/urllib3/issues/3037">#3037</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/7e3884d973c56267c32e0dacf19804afd8a00175"><code>7e3884d</code></a> Allow non-OpenSSL TLS libaries with a warning</li> <li><a href="https://github.com/urllib3/urllib3/commit/e67f13c44fa4aada1954df96eb8cccbb5f2dbd2a"><code>e67f13c</code></a> Add 1.26.16 release to CHANGES.rst on main</li> <li><a href="https://github.com/urllib3/urllib3/commit/ffa2b634392a389da7033834fa485fd648d37e42"><code>ffa2b63</code></a> Deprecate URLs without an explicit scheme</li> <li><a href="https://github.com/urllib3/urllib3/commit/4e9060bfa03af9d6057423b3a54f67e0cd2e7892"><code>4e9060b</code></a> Added OpenGraph information to the documentation</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e94754f85c59d826ac0604d0dd2a0b41874bb36"><code>8e94754</code></a> Remove outdated reference in LICENSE.txt</li> <li><a href="https://github.com/urllib3/urllib3/commit/5dbc8e23488862aadab0706128d387af2f406b51"><code>5dbc8e2</code></a> Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.14...2.0.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.14&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.13 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.4</h2> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2254">#2254</a>)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3078">#3078</a>)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<a href="https://redirect.github.com/urllib3/urllib3/issues/2757">#2757</a>)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<a href="https://redirect.github.com/urllib3/urllib3/issues/3087">#3087</a>)</li> </ul> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.4 (2023-07-19)</h1> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<code>[#2254](urllib3/urllib3#2254) <https://github.com/urllib3/urllib3/issues/2254></code>__)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<code>[#3078](urllib3/urllib3#3078) <https://github.com/urllib3/urllib3/issues/3078></code>__)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<code>[#2757](urllib3/urllib3#2757) <https://github.com/urllib3/urllib3/issues/2757></code>__)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<code>[#3087](urllib3/urllib3#3087) <https://github.com/urllib3/urllib3/issues/3087></code>__)</li> </ul> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/c9fa144545eedb5dc4a2cc3f255e95602a1d7db0"><code>c9fa144</code></a> Release version 2.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3084">#3084</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/d40d146765a7f7a899427c8add54de67b4b6599a"><code>d40d146</code></a> Add Illia to CODEOWNERS</li> <li><a href="https://github.com/urllib3/urllib3/commit/0a375d19243efb08c9d8a0f3356701ca11ef9791"><code>0a375d1</code></a> Raise <code>http.client.connect</code> audit events in <code>HTTPConnection</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2859">#2859</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c056eb3df6aae4d1dff0365baded46235d413520"><code>c056eb3</code></a> Bump actions/setup-python from 4.6.0 to 4.7.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/a1c184b298823f13dd34c783d56ea538848282f1"><code>a1c184b</code></a> Remove warnings filters fixed in pytest 7.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3086">#3086</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/609c5464cc9d2673549b651b713e07424517fa85"><code>609c546</code></a> Add support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2943">#2943</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/05b21ca5d29764aae60c72e4e3bfceead0f70f95"><code>05b21ca</code></a> Bump cryptography from 41.0.0 to 41.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/9aa0d4f6cb0d4b34e20fafed4481ac7d785d4969"><code>9aa0d4f</code></a> Bump cryptography from 39.0.1 to 41.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3057">#3057</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/326c4238cbabe85007aa7b1f2e80b880fd01d903"><code>326c423</code></a> Rely on the standard library for checking hostnames in supported PyPy releases</li> <li><a href="https://github.com/urllib3/urllib3/commit/d0ac08d58511c4121138bd46436076409d21acbf"><code>d0ac08d</code></a> Bump gh-action-pypi-publish to v1.8.8</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.13...2.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.13&new-version=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the all group in /docker-compose/monitor with 4 updates: [deprecated](https://github.com/tantale/deprecated), [typing-extensions](https://github.com/python/typing_extensions), [urllib3](https://github.com/urllib3/urllib3) and [wrapt](https://github.com/GrahamDumpleton/wrapt). Updates `deprecated` from 1.2.13 to 1.2.14 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tantale/deprecated/releases">deprecated's releases</a>.</em></p> <blockquote> <h2>v1.2.14</h2> <h2>Fix</h2> <ul> <li>Fix <a href="https://redirect.github.com/tantale/deprecated/issues/60">#60</a>: return a correctly dedented docstring when long docstring are using the D212 or D213 format.</li> </ul> <h2>Other</h2> <ul> <li>Add support for Python 3.11.</li> <li>Drop support for Python older than 3.7 in build systems like pytest and tox, while ensuring the library remains production-compatible.</li> <li>Update GitHub workflow to run in recent Python versions.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hugovk"><code>@hugovk</code></a> made their first contribution in <a href="https://redirect.github.com/tantale/deprecated/pull/52">tantale/deprecated#52</a></li> <li><a href="https://github.com/12rambau"><code>@12rambau</code></a> made their first contribution in <a href="https://redirect.github.com/tantale/deprecated/pull/61">tantale/deprecated#61</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/tantale/deprecated/compare/v1.2.13...v1.2.14">https://github.com/tantale/deprecated/compare/v1.2.13...v1.2.14</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst">deprecated's changelog</a>.</em></p> <blockquote> <h1>v1.2.14 (2023-05-27)</h1> <p>Bug fix release</p> <h2>Fix</h2> <ul> <li>Fix <a href="https://redirect.github.com/tantale/deprecated/issues/60">#60</a>: return a correctly dedented docstring when long docstring are using the D212 or D213 format.</li> </ul> <h2>Other</h2> <ul> <li> <p>Add support for Python 3.11.</p> </li> <li> <p>Drop support for Python older than 3.7 in build systems like pytest and tox, while ensuring the library remains production-compatible.</p> </li> <li> <p>Update GitHub workflow to run in recent Python versions.</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tantale/deprecated/commit/378636d8a1e3d62d5894329c57f44ba0030c2dbd"><code>378636d</code></a> Drops seemingly unused importlib-metadata dev dep</li> <li><a href="https://github.com/tantale/deprecated/commit/325b764f528c36c419b187ead4d537ac3cfc3d6a"><code>325b764</code></a> Fixes comment on which version is development branch</li> <li><a href="https://github.com/tantale/deprecated/commit/291b34a000001a29c1aecd5f702a283776daa43f"><code>291b34a</code></a> Adds Pythons dropped notice to changelog</li> <li><a href="https://github.com/tantale/deprecated/commit/204eccd311e95b7d1ce1cfef0aec9349dc2ca7cd"><code>204eccd</code></a> Drops limitation on tox < 4 since bug was fixed</li> <li><a href="https://github.com/tantale/deprecated/commit/2660239db51b2a157d505537f287ef1de3461fd8"><code>2660239</code></a> Adds srpm_build_deps to Packit config</li> <li><a href="https://github.com/tantale/deprecated/commit/54a53d7d5822009193d3057cde88665cdb233169"><code>54a53d7</code></a> Try explicitly setting AppVeyor image to VS2022</li> <li><a href="https://github.com/tantale/deprecated/commit/2b79e57c4ab5f52d124c01c3da7041d3f3f63755"><code>2b79e57</code></a> Exclude pypy3 on ppc64le on Travis builds</li> <li><a href="https://github.com/tantale/deprecated/commit/bf33f948b70b04cf3e8f598575bb23206abe2813"><code>bf33f94</code></a> Drops old Pythons and adds newer ones for Appveyor build</li> <li><a href="https://github.com/tantale/deprecated/commit/682989d8d7fcd3b2cff7a42a58d966791aef9a52"><code>682989d</code></a> Drop the .9 from pypy3 in tox.ini</li> <li><a href="https://github.com/tantale/deprecated/commit/3919edf1f1ca89a67c929704d80a604b995690b3"><code>3919edf</code></a> Use specifically pypy3.9 v7.3.9</li> <li>Additional commits viewable in <a href="https://github.com/tantale/deprecated/compare/v1.2.13...v1.2.14">compare view</a></li> </ul> </details> <br /> Updates `typing-extensions` from 4.4.0 to 4.7.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.7.1</h2> <ul> <li>Fix support for <code>TypedDict</code>, <code>NamedTuple</code> and <code>is_protocol</code> on PyPy-3.7 and PyPy-3.8. Patch by Alex Waygood. Note that PyPy-3.7 and PyPy-3.8 are unsupported by the PyPy project. The next feature release of typing-extensions will drop support for PyPy-3.7 and may also drop support for PyPy-3.8.</li> </ul> <h2>4.7.0</h2> <p>This is a feature release. Major changes include:</p> <ul> <li>All non-deprecated names from <code>typing</code> are now re-exported by <code>typing_extensions</code> for convenience</li> <li>Add <code>typing_extensions.get_protocol_members</code> and <code>typing_extensions.is_protocol</code></li> <li>Declare support for Python 3.12</li> <li>This will be the last feature release to support Python 3.7, which recently reached its end-of-life</li> </ul> <p>Full changelog of versions 4.7.0 and 4.7.0rc1:</p> <h1>Release 4.7.0 (June 28, 2023)</h1> <ul> <li>This is expected to be the last feature release supporting Python 3.7, which reaches its end of life on June 27, 2023. Version 4.8.0 will support only Python 3.8.0 and up.</li> <li>Fix bug where a <code>typing_extensions.Protocol</code> class that had one or more non-callable members would raise <code>TypeError</code> when <code>issubclass()</code> was called against it, even if it defined a custom <code>__subclasshook__</code> method. The correct behaviour -- which has now been restored -- is not to raise <code>TypeError</code> in these situations if a custom <code>__subclasshook__</code> method is defined. Patch by Alex Waygood (backporting <a href="https://redirect.github.com/python/cpython/pull/105976">python/cpython#105976</a>).</li> </ul> <h1>Release 4.7.0rc1 (June 21, 2023)</h1> <ul> <li>Add <code>typing_extensions.get_protocol_members</code> and <code>typing_extensions.is_protocol</code> (backport of CPython PR <a href="https://redirect.github.com/python/typing_extensions/issues/104878">#104878</a>). Patch by Jelle Zijlstra.</li> <li><code>typing_extensions</code> now re-exports all names in the standard library's <code>typing</code> module, except the deprecated <code>ByteString</code>. Patch by Jelle Zijlstra.</li> <li>Due to changes in the implementation of <code>typing_extensions.Protocol</code>, <code>typing.runtime_checkable</code> can now be used on <code>typing_extensions.Protocol</code> (previously, users had to use <code>typing_extensions.runtime_checkable</code> if they were using <code>typing_extensions.Protocol</code>).</li> <li>Align the implementation of <code>TypedDict</code> with the implementation in the standard library on Python 3.9 and higher. <code>typing_extensions.TypedDict</code> is now a function instead of a class. The private functions <code>_check_fails</code>, <code>_dict_new</code>, and <code>_typeddict_new</code> have been removed. <code>is_typeddict</code> now returns <code>False</code> when called with <code>TypedDict</code> itself as the argument. Patch by Jelle Zijlstra.</li> <li>Declare support for Python 3.12. Patch by Jelle Zijlstra.</li> <li>Fix tests on Python 3.13, which removes support for creating <code>TypedDict</code> classes through the keyword-argument syntax. Patch by</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.7.1 (July 2, 2023)</h1> <ul> <li>Fix support for <code>TypedDict</code>, <code>NamedTuple</code> and <code>is_protocol</code> on PyPy-3.7 and PyPy-3.8. Patch by Alex Waygood. Note that PyPy-3.7 and PyPy-3.8 are unsupported by the PyPy project. The next feature release of typing-extensions will drop support for PyPy-3.7 and may also drop support for PyPy-3.8.</li> </ul> <h1>Release 4.7.0 (June 28, 2023)</h1> <ul> <li>This is expected to be the last feature release supporting Python 3.7, which reaches its end of life on June 27, 2023. Version 4.8.0 will support only Python 3.8.0 and up.</li> <li>Fix bug where a <code>typing_extensions.Protocol</code> class that had one or more non-callable members would raise <code>TypeError</code> when <code>issubclass()</code> was called against it, even if it defined a custom <code>__subclasshook__</code> method. The correct behaviour -- which has now been restored -- is not to raise <code>TypeError</code> in these situations if a custom <code>__subclasshook__</code> method is defined. Patch by Alex Waygood (backporting <a href="https://redirect.github.com/python/cpython/pull/105976">python/cpython#105976</a>).</li> </ul> <h1>Release 4.7.0rc1 (June 21, 2023)</h1> <ul> <li>Add <code>typing_extensions.get_protocol_members</code> and <code>typing_extensions.is_protocol</code> (backport of CPython PR <a href="https://redirect.github.com/python/typing_extensions/issues/104878">#104878</a>). Patch by Jelle Zijlstra.</li> <li><code>typing_extensions</code> now re-exports all names in the standard library's <code>typing</code> module, except the deprecated <code>ByteString</code>. Patch by Jelle Zijlstra.</li> <li>Due to changes in the implementation of <code>typing_extensions.Protocol</code>, <code>typing.runtime_checkable</code> can now be used on <code>typing_extensions.Protocol</code> (previously, users had to use <code>typing_extensions.runtime_checkable</code> if they were using <code>typing_extensions.Protocol</code>).</li> <li>Align the implementation of <code>TypedDict</code> with the implementation in the standard library on Python 3.9 and higher. <code>typing_extensions.TypedDict</code> is now a function instead of a class. The private functions <code>_check_fails</code>, <code>_dict_new</code>, and <code>_typeddict_new</code> have been removed. <code>is_typeddict</code> now returns <code>False</code> when called with <code>TypedDict</code> itself as the argument. Patch by Jelle Zijlstra.</li> <li>Declare support for Python 3.12. Patch by Jelle Zijlstra.</li> <li>Fix tests on Python 3.13, which removes support for creating <code>TypedDict</code> classes through the keyword-argument syntax. Patch by Jelle Zijlstra.</li> <li>Fix a regression introduced in v4.6.3 that meant that <code>issubclass(object, typing_extensions.Protocol)</code> would erroneously raise <code>TypeError</code>. Patch by Alex Waygood (backporting the CPython PR <a href="https://redirect.github.com/python/cpython/pull/105239">python/cpython#105239</a>).</li> <li>Allow <code>Protocol</code> classes to inherit from <code>typing_extensions.Buffer</code> or <code>collections.abc.Buffer</code>. Patch by Alex Waygood (backporting <a href="https://redirect.github.com/python/cpython/pull/104827">python/cpython#104827</a>, by Jelle Zijlstra).</li> <li>Allow classes to inherit from both <code>typing.Protocol</code> and <code>typing_extensions.Protocol</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/b518f6a64400fd5a25e5b72668370b9792ef9ae6"><code>b518f6a</code></a> Prepare release 4.7.1 (<a href="https://redirect.github.com/python/typing_extensions/issues/264">#264</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/dcdc53f62ecbea8a0fc9a42f66746f970ab101bb"><code>dcdc53f</code></a> Restore compatibility with PyPy <3.9 (<a href="https://redirect.github.com/python/typing_extensions/issues/262">#262</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/bc9bc065f1837955fca2fff57b9e5fa04a2713cb"><code>bc9bc06</code></a> Run some mypyc tests in the third-party workflow (<a href="https://redirect.github.com/python/typing_extensions/issues/260">#260</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/fc5243bc14071dbf65c92202a5239d66c35abcb2"><code>fc5243b</code></a> Run tests on more pypy versions in CI (<a href="https://redirect.github.com/python/typing_extensions/issues/259">#259</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/b3ddcb6a94e7935166b3786ed0c1c54f1fc541b3"><code>b3ddcb6</code></a> Stop running third-party tests on 3.7 (<a href="https://redirect.github.com/python/typing_extensions/issues/257">#257</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/633d2e2942372848d8d7859cf71a569259dba9ee"><code>633d2e2</code></a> 4.7.0 final (<a href="https://redirect.github.com/python/typing_extensions/issues/255">#255</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/3193f90d18e50a19725ed47bb8fe586c234b9449"><code>3193f90</code></a> CHANGELOG: Mention expected end of 3.7 support (<a href="https://redirect.github.com/python/typing_extensions/issues/253">#253</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/e65b036661eb472a3682eca1ceb78eb57b21d200"><code>e65b036</code></a> Backport CPython PR 105976 (<a href="https://redirect.github.com/python/typing_extensions/issues/252">#252</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/e703629a339a670b44a3612f87bfa90a49c794f0"><code>e703629</code></a> README improvements (<a href="https://redirect.github.com/python/typing_extensions/issues/250">#250</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/a65658fcbc0a86e529e1c46a4eaa5fee4f150607"><code>a65658f</code></a> Update CONTRIBUTING.md (<a href="https://redirect.github.com/python/typing_extensions/issues/249">#249</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/typing_extensions/compare/4.4.0...4.7.1">compare view</a></li> </ul> </details> <br /> Updates `urllib3` from 1.26.12 to 2.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.4</h2> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2254">#2254</a>)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3078">#3078</a>)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<a href="https://redirect.github.com/urllib3/urllib3/issues/2757">#2757</a>)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<a href="https://redirect.github.com/urllib3/urllib3/issues/3087">#3087</a>)</li> </ul> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.4 (2023-07-19)</h1> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<code>[#2254](urllib3/urllib3#2254) <https://github.com/urllib3/urllib3/issues/2254></code>__)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<code>[#3078](urllib3/urllib3#3078) <https://github.com/urllib3/urllib3/issues/3078></code>__)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<code>[#2757](urllib3/urllib3#2757) <https://github.com/urllib3/urllib3/issues/2757></code>__)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<code>[#3087](urllib3/urllib3#3087) <https://github.com/urllib3/urllib3/issues/3087></code>__)</li> </ul> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/c9fa144545eedb5dc4a2cc3f255e95602a1d7db0"><code>c9fa144</code></a> Release version 2.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3084">#3084</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/d40d146765a7f7a899427c8add54de67b4b6599a"><code>d40d146</code></a> Add Illia to CODEOWNERS</li> <li><a href="https://github.com/urllib3/urllib3/commit/0a375d19243efb08c9d8a0f3356701ca11ef9791"><code>0a375d1</code></a> Raise <code>http.client.connect</code> audit events in <code>HTTPConnection</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2859">#2859</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c056eb3df6aae4d1dff0365baded46235d413520"><code>c056eb3</code></a> Bump actions/setup-python from 4.6.0 to 4.7.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/a1c184b298823f13dd34c783d56ea538848282f1"><code>a1c184b</code></a> Remove warnings filters fixed in pytest 7.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3086">#3086</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/609c5464cc9d2673549b651b713e07424517fa85"><code>609c546</code></a> Add support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2943">#2943</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/05b21ca5d29764aae60c72e4e3bfceead0f70f95"><code>05b21ca</code></a> Bump cryptography from 41.0.0 to 41.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/9aa0d4f6cb0d4b34e20fafed4481ac7d785d4969"><code>9aa0d4f</code></a> Bump cryptography from 39.0.1 to 41.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3057">#3057</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/326c4238cbabe85007aa7b1f2e80b880fd01d903"><code>326c423</code></a> Rely on the standard library for checking hostnames in supported PyPy releases</li> <li><a href="https://github.com/urllib3/urllib3/commit/d0ac08d58511c4121138bd46436076409d21acbf"><code>d0ac08d</code></a> Bump gh-action-pypi-publish to v1.8.8</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.12...2.0.4">compare view</a></li> </ul> </details> <br /> Updates `wrapt` from 1.14.1 to 1.15.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst">wrapt's changelog</a>.</em></p> <blockquote> <h2>Version 1.15.0</h2> <p><strong>Bugs Fixed</strong></p> <ul> <li> <p>When the C extension for wrapt was being used, and a property was used on an object proxy wrapping another object to intercept access to an attribute of the same name on the wrapped object, if the function implementing the property raised an exception, then the exception was ignored and not propagated back to the caller. What happened instead was that the original value of the attribute from the wrapped object was returned, thus silently suppressing that an exception had occurred in the wrapper. This behaviour was not happening when the pure Python version of wrapt was being used, with it raising the exception. The pure Python and C extension implementations thus did not behave the same.</p> <p>Note that in the specific case that the exception raised is AttributeError it still wouldn't be raised. This is the case for both Python and C extension implementations. If a wrapper for an attribute internally raises an AttributeError for some reason, the wrapper should if necessary catch the exception and deal with it, or propagate it as a different exception type if it is important that an exception still be passed back.</p> </li> <li> <p>Address issue where the post import hook mechanism of wrapt wasn't transparent and left the <code>__loader__</code> and <code>__spec__.loader</code> attributes of a module as the wrapt import hook loader and not the original loader. That the original loader wasn't preserved could interfere with code which needed access to the original loader.</p> </li> <li> <p>Address issues where a thread deadlock could occur within the wrapt module import handler, when code executed from a post import hook created a new thread and code executed in the context of the new thread itself tried to register a post import hook, or imported a new module.</p> </li> <li> <p>When using <code>CallableObjectProxy</code> as a wrapper for a type or function and calling the wrapped object, it was not possible to pass a keyword argument named <code>self</code>. This only occurred when using the pure Python version of wrapt and did not occur when using the C extension based implementation.</p> </li> <li> <p>When using <code>PartialCallableObjectProxy</code> as a wrapper for a type or function, when constructing the partial object and when calling the partial object, it was not possible to pass a keyword argument named <code>self</code>. This only occurred when using the pure Python version of wrapt and did not occur when using the C extension based implementation.</p> </li> <li> <p>When using <code>FunctionWrapper</code> as a wrapper for a type or function and calling the wrapped object, it was not possible to pass a keyword argument named <code>self</code>. Because <code>FunctionWrapper</code> is also used by decorators, this also affected decorators on functions and class types. A similar issue also arose when these were applied to class and instance methods where binding occurred</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/0634a79c934e4bbf11b4081d3f1610588d7ae4a6"><code>0634a79</code></a> Merge branch 'release/1.15.0'</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/ba845c6793eab868cad957b2763fa121333fdfc1"><code>ba845c6</code></a> Update version to 1.15.0 for release.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/d446a4f340b93fed41dfe884aa0311195b301f16"><code>d446a4f</code></a> Remove egg info directory.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/c11181dc7b891c9e59391a24379f89a8cdac9092"><code>c11181d</code></a> Set version to 1.15.0rc1 for release.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/3a6a771877c934a740e4de538fbbddb4498ffd24"><code>3a6a771</code></a> Need to install wheel package for bdist_wheel.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/bb8d37af60eea5204fdf32f76c9f00b971a381bb"><code>bb8d37a</code></a> Attempt to build a pure Python source wheel.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/511a8cec1d19486ed12c5f18ee74f52f6c0e7e06"><code>511a8ce</code></a> Remove .tox directory when doing clean.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/32a07205a41020019add7a9e4e9bbf2def1d5aaf"><code>32a0720</code></a> Fix issues when using keyword argument named self with weak function proxy.</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/4e09f7ac1d8e936a707ad33f84edb55c248a144c"><code>4e09f7a</code></a> Fix issues when using keyword argument named self with function wrappers and ...</li> <li><a href="https://github.com/GrahamDumpleton/wrapt/commit/ee6bab6989fdcf1eeedf1601f8f23fcff3e95730"><code>ee6bab6</code></a> On Python 2 the format of exception differs to Python 3.</li> <li>Additional commits viewable in <a href="https://github.com/GrahamDumpleton/wrapt/compare/1.14.1...1.15.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [urllib3](https://togithub.com/urllib3/urllib3) ([changelog](https://togithub.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==1.26.16` -> `==2.0.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the logs for more information. --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4) \================== - Added support for union operators to `HTTPHeaderDict` (`#​2254 <https://github.com/urllib3/urllib3/issues/2254>`\__) - Added `BaseHTTPResponse` to `urllib3.__all__` (`#​3078 <https://github.com/urllib3/urllib3/issues/3078>`\__) - Fixed `urllib3.connection.HTTPConnection` to raise the `http.client.connect` audit event to have the same behavior as the standard library HTTP client (`#​2757 <https://github.com/urllib3/urllib3/issues/2757>`\__) - Relied on the standard library for checking hostnames in supported PyPy releases (`#​3087 <https://github.com/urllib3/urllib3/issues/3087>`\__) ### [`v2.0.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#203-2023-06-07) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.2...2.0.3) \================== - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`#​3020 <https://github.com/urllib3/urllib3/issues/3020>`\__) - Deprecated URLs which don't have an explicit scheme (`#​2950 <https://github.com/urllib3/urllib3/pull/2950>`\_) - Fixed response decoding with Zstandard when compressed data is made of several frames. (`#​3008 <https://github.com/urllib3/urllib3/issues/3008>`\__) - Fixed `assert_hostname=False` to correctly skip hostname check. (`#​3051 <https://github.com/urllib3/urllib3/issues/3051>`\__) ### [`v2.0.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#202-2023-05-03) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.1...2.0.2) \================== - Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (`#​3009 <https://github.com/urllib3/urllib3/issues/3009>`\__) ### [`v2.0.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#201-2023-04-30) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.0...2.0.1) \================== - Fixed a socket leak when fingerprint or hostname verifications fail. (`#​2991 <https://github.com/urllib3/urllib3/issues/2991>`\__) - Fixed an error when `HTTPResponse.read(0)` was the first `read` call or when the internal response body buffer was otherwise empty. (`#​2998 <https://github.com/urllib3/urllib3/issues/2998>`\__) ### [`v2.0.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#200-2023-04-26) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.16...2.0.0) \================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`\__ for help upgrading to the latest version of urllib3. ## Removed - Removed support for Python 2.7, 3.5, and 3.6 (`#​883 <https://github.com/urllib3/urllib3/issues/883>`**, `#​2336 <https://github.com/urllib3/urllib3/issues/2336>`**). - Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` (`#​2113 <https://github.com/urllib3/urllib3/issues/2113>`\__). - Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#​2082 <https://github.com/urllib3/urllib3/issues/2082>`\__). - Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment (`#​2044 <https://github.com/urllib3/urllib3/issues/2044>`\__). - Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` (`#​2086 <https://github.com/urllib3/urllib3/issues/2086>`\__). - Removed `urllib3.HTTPResponse.from_httplib` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module (`#​2269 <https://github.com/urllib3/urllib3/issues/2269>`\__). - Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library (`#​2233 <https://github.com/urllib3/urllib3/issues/2233>`\__). - Removed the deprecated `urllib3.contrib.ntlmpool` module (`#​2339 <https://github.com/urllib3/urllib3/issues/2339>`\__). - Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed `urllib3.exceptions.SNIMissingWarning` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed the `strict` parameter/attribute from `HTTPConnection`, `HTTPSConnection`, `HTTPConnectionPool`, `HTTPSConnectionPool`, and `HTTPResponse` (`#​2064 <https://github.com/urllib3/urllib3/issues/2064>`\__). ## Deprecated - Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. (`#​1543 <https://github.com/urllib3/urllib3/issues/1543>`**, `#​2814 <https://github.com/urllib3/urllib3/issues/2814>`**). - Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 (`#​2691 <https://github.com/urllib3/urllib3/issues/2691>`\__). - Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 (`#​2692 <https://github.com/urllib3/urllib3/issues/2692>`\__). - Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Deprecated the `strict` parameter of `PoolManager.connection_from_context()` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#​2267 <https://github.com/urllib3/urllib3/issues/2267>`\__) - Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 (`#​2271 <https://github.com/urllib3/urllib3/issues/2271>`\__). - Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). ## Added - Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance (`#​2150 <https://github.com/urllib3/urllib3/issues/2150>`\__). - Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method (`#​2243 <https://github.com/urllib3/urllib3/issues/2243>`\__). - Added type hints to the `urllib3` module (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package (`#​1992 <https://github.com/urllib3/urllib3/issues/1992>`\__). - Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` (`#​2083 <https://github.com/urllib3/urllib3/issues/2083>`\__). - Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool (`#​2197 <https://github.com/urllib3/urllib3/issues/2197>`\__). - Added `HTTPHeaderDict` to the top-level `urllib3` namespace (`#​2216 <https://github.com/urllib3/urllib3/issues/2216>`\__). - Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) (`#​2242 <https://github.com/urllib3/urllib3/issues/2242>`\__). - Added `NameResolutionError` exception when a DNS error occurs (`#​2305 <https://github.com/urllib3/urllib3/issues/2305>`\__). - Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` (`#​2409 <https://github.com/urllib3/urllib3/issues/2409>`\__). - Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` (`#​2494 <https://github.com/urllib3/urllib3/issues/2494>`\__). - Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI (`#​2520 <https://github.com/urllib3/urllib3/issues/2520>`\__). - Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added optional `backoff_jitter` parameter to `Retry`. (`#​2952 <https://github.com/urllib3/urllib3/issues/2952>`\__) ## Changed - Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method: - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). - Never returns more bytes than requested. - Can issue any number of system calls: zero, one or multiple. If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` (`#​2128 <https://github.com/urllib3/urllib3/issues/2128>`\__). - Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 (`#​2373 <https://github.com/urllib3/urllib3/issues/2373>`\__). - Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#​2482 <https://github.com/urllib3/urllib3/pull/2482>`\__). - Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` (`#​2589 <https://github.com/urllib3/urllib3/issues/2589>`\__). - Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` (`#​2515 <https://github.com/urllib3/urllib3/issues/2515>`\__). - Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses (`#​2514 <https://github.com/urllib3/urllib3/issues/2514>`\__). - Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance (`#​2080 <https://github.com/urllib3/urllib3/issues/2080>`\__). - Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` (`#​2628 <https://github.com/urllib3/urllib3/issues/2628>`\__). - Changed usage of the deprecated `socket.error` to `OSError` (`#​2120 <https://github.com/urllib3/urllib3/issues/2120>`\__). - Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`. - Changed TLS handshakes to use `SSLContext.check_hostname` when possible (`#​2452 <https://github.com/urllib3/urllib3/pull/2452>`\__). - Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` (`#​2537 <https://github.com/urllib3/urllib3/pull/2537>`\__). - Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts (`#​2348 <https://github.com/urllib3/urllib3/pull/2348>`\__). - Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (`#​2800 <https://github.com/urllib3/urllib3/issues/2800>`\__). ## Fixed - Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (`#​1252 <https://github.com/urllib3/urllib3/issues/1252>`\__). - Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used (`#​2645 <https://github.com/urllib3/urllib3/issues/2645>`\__). - Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` (`#​2118 <https://github.com/urllib3/urllib3/issues/2118>`\__). - Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` (`#​2213 <https://github.com/urllib3/urllib3/issues/2213>`\__). - Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature (`#​2272 <https://github.com/urllib3/urllib3/issues/2272>`\__). - Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` (`#​2277 <https://github.com/urllib3/urllib3/issues/2277>`\__). - Fixed a socket leak if `HTTPConnection.connect()` fails (`#​2571 <https://github.com/urllib3/urllib3/pull/2571>`\__). - Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods (`#​2970 <https://github.com/urllib3/urllib3/issues/2970>`\__) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/owntracks/android). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi41Ni4wIiwidXBkYXRlZEluVmVyIjoiMzYuNjQuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.16 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.4</h2> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2254">#2254</a>)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/3078">#3078</a>)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<a href="https://redirect.github.com/urllib3/urllib3/issues/2757">#2757</a>)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<a href="https://redirect.github.com/urllib3/urllib3/issues/3087">#3087</a>)</li> </ul> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.4 (2023-07-19)</h1> <ul> <li>Added support for union operators to <code>HTTPHeaderDict</code> (<code>[#2254](urllib3/urllib3#2254) <https://github.com/urllib3/urllib3/issues/2254></code>__)</li> <li>Added <code>BaseHTTPResponse</code> to <code>urllib3.__all__</code> (<code>[#3078](urllib3/urllib3#3078) <https://github.com/urllib3/urllib3/issues/3078></code>__)</li> <li>Fixed <code>urllib3.connection.HTTPConnection</code> to raise the <code>http.client.connect</code> audit event to have the same behavior as the standard library HTTP client (<code>[#2757](urllib3/urllib3#2757) <https://github.com/urllib3/urllib3/issues/2757></code>__)</li> <li>Relied on the standard library for checking hostnames in supported PyPy releases (<code>[#3087](urllib3/urllib3#3087) <https://github.com/urllib3/urllib3/issues/3087></code>__)</li> </ul> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/c9fa144545eedb5dc4a2cc3f255e95602a1d7db0"><code>c9fa144</code></a> Release version 2.0.4 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3084">#3084</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/d40d146765a7f7a899427c8add54de67b4b6599a"><code>d40d146</code></a> Add Illia to CODEOWNERS</li> <li><a href="https://github.com/urllib3/urllib3/commit/0a375d19243efb08c9d8a0f3356701ca11ef9791"><code>0a375d1</code></a> Raise <code>http.client.connect</code> audit events in <code>HTTPConnection</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2859">#2859</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/c056eb3df6aae4d1dff0365baded46235d413520"><code>c056eb3</code></a> Bump actions/setup-python from 4.6.0 to 4.7.0</li> <li><a href="https://github.com/urllib3/urllib3/commit/a1c184b298823f13dd34c783d56ea538848282f1"><code>a1c184b</code></a> Remove warnings filters fixed in pytest 7.4.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3086">#3086</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/609c5464cc9d2673549b651b713e07424517fa85"><code>609c546</code></a> Add support for union operators to <code>HTTPHeaderDict</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2943">#2943</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/05b21ca5d29764aae60c72e4e3bfceead0f70f95"><code>05b21ca</code></a> Bump cryptography from 41.0.0 to 41.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/9aa0d4f6cb0d4b34e20fafed4481ac7d785d4969"><code>9aa0d4f</code></a> Bump cryptography from 39.0.1 to 41.0.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/3057">#3057</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/326c4238cbabe85007aa7b1f2e80b880fd01d903"><code>326c423</code></a> Rely on the standard library for checking hostnames in supported PyPy releases</li> <li><a href="https://github.com/urllib3/urllib3/commit/d0ac08d58511c4121138bd46436076409d21acbf"><code>d0ac08d</code></a> Bump gh-action-pypi-publish to v1.8.8</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.16...2.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.16&new-version=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
I'm wondering whether we should start a conversation with our biggest partners (pip, Requests, et. al.) around what the long-term plan for Python 2 ought to be.
The platform itself is planned to have no further support after 2020, so we should probably have a transition plan laid out well in advance so that we can start providing notification and documentation to our users.
Obviously, what that plan ought to be, or even whether we should start considering it yet, is up for discussion.
The text was updated successfully, but these errors were encountered: