New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use default configured ciphers instead of maintaining our own cipher list #2082
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2082 +/- ##
===========================================
+ Coverage 99.90% 100.00% +0.09%
===========================================
Files 25 25
Lines 2215 2216 +1
===========================================
+ Hits 2213 2216 +3
+ Misses 2 0 -2
Continue to review full report at Codecov.
|
Our cipher suite is pretty different from what @hynek recommends in https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/. Green lines with a +ECDHE+AESGCM
+ECDHE+CHACHA20
+DHE+AESGCM
+DHE+CHACHA20
ECDH+AESGCM
-ECDH+CHACHA20
DH+AESGCM
-ECDH+AES256
-DH+AES256
-ECDH+AES128
+ECDH+AES
DH+AES
-RSA+AESGCM
-RSA+AES
!aNULL
+!eNULL
!MD5
!DSS
-!AESCCM; I know we discussed this in #1496 (comment), but this pull request is the occasion to see if the assumptions we made then still hold. |
However:
So it could be a compatibility problem to ask for ECDHE, but I can't tell you how big of one. I just did a quick test with Docker, and Ubuntu 12.04 LTS (not supported anymore) with openssl 1.0.1f returns no ciphers if you ask for ECDHE:
Ubuntu 16.04 LTS comes with 1.0.2g and it works:
So the change happened somewhere between January 2014 and March 2016. :) It depends really how compatible you want to be and AFAIK has no security implications. I'll add an explanation to the blog post. |
(oh and I don't think |
I have a more radical opinion: Don't touch the default cipher suites at all and just use the default settings. Any platform with OpenSSL 1.1.1 should have a reasonable secure default settings for ciphers suites. In case the defaults are not secure, the issue should be solved on a platform level. Any override conflicts with system-wide settings, too. An admin may disable or enable ciphers in a system-wide config file. You could disable a required algorithm or enable an algorithm should be blocked. Secure cipher suites settings were necessary with OpenSSL 0.9.8 and 1.0.1. Nowadays it's more or less cargo cult. |
@tiran I like this idea, and I see that you're helpfully tracking ciphers in your distro-truststore repository. Is there a way that we can detect if OpenSSL has been configured with specific ciphers? I'd like to still use our list if OpenSSL is unconfigured to avoid issues like a cipher without encryption getting selected (or is this not a worry?) Maybe we can also make this decision based on OpenSSL version? |
Any OpenSSL 1.1.1 version is fine. Older versions are potentially problematic because they are no longer maintained by upstream. The default cipher suites in OpenSSL 1.1.1 are ok. The list contains some unnecessary PSK and SRP ciphers. Since urllib3 does not support pre-shared key and secure remote password login, you can safely ignore the extra ciphers. Here is a list of ciphers with from a self-compiled OpenSSL 1.1.1h build without
|
@tiran Okay so we should detect OpenSSL 1.1.1 or later, if detected and no manual |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, I like the new commit!
It's now much less important, but should we still try harder to match Hynek's list? Especially given we know it can only be used with versions earliers than 1.1.1
439c9be
to
4323bd3
Compare
@@ -188,6 +186,7 @@ def inject_into_urllib3(): | |||
util.ssl_.HAS_SNI = HAS_SNI | |||
util.IS_SECURETRANSPORT = True | |||
util.ssl_.IS_SECURETRANSPORT = True | |||
util.ssl_.USE_SYSTEM_SSL_CIPHERS = False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now we always want to set_ciphers() on SecureTransport pending investigation in #2091
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in #2091 we decided that SecureTransport ciphers were fine, so we can remove a lot of code now!
|
||
context.load_default_certs.assert_not_called() | ||
|
||
class TestSSL: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to run all these tests on pyOpenSSL as well so we want to make this importable.
@pquentin This PR now aligns the pyOpenSSL SSLContext behavior to be the same as the stdlib SSLContext. I also fix up the SecureTransport cipher list to remove RSA and add one missing TLS 1.3 cipher (unsure if it'll really have an effect because SecureTransport doesn't support TLS 1.3 currently but oh well?) |
Shouldn't the PR title clarify that this is dropping non-forward-secrecy cipher suites instead? There are plenty of cipher suites in the list that still include RSA, just not for KEX. |
380d1f9
to
0d5030c
Compare
Okay, so I ran
Debian appears to be configured with then ran urllib3's cipher list (including RSA which I have put back) and received:
The only difference being that urllib3 includes |
That sounds great! |
2.0.0 (2023-04-26) ================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`__ for help upgrading to the latest version of urllib3. Removed ------- * Removed support for Python 2.7, 3.5, and 3.6 (`#883 <https://github.com/urllib3/urllib3/issues/883>`__, `#2336 <https://github.com/urllib3/urllib3/issues/2336>`__). * Removed fallback on certificate ``commonName`` in ``match_hostname()`` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only ``subjectAltName`` is used to verify the hostname by default. To enable verifying the hostname against ``commonName`` use ``SSLContext.hostname_checks_common_name = True`` (`#2113 <https://github.com/urllib3/urllib3/issues/2113>`__). * Removed support for Python with an ``ssl`` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ``ImportError`` is raised (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#2082 <https://github.com/urllib3/urllib3/issues/2082>`__). * Removed ``urllib3.contrib.appengine.AppEngineManager`` and support for Google App Engine Standard Environment (`#2044 <https://github.com/urllib3/urllib3/issues/2044>`__). * Removed deprecated ``Retry`` options ``method_whitelist``, ``DEFAULT_REDIRECT_HEADERS_BLACKLIST`` (`#2086 <https://github.com/urllib3/urllib3/issues/2086>`__). * Removed ``urllib3.HTTPResponse.from_httplib`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Removed default value of ``None`` for the ``request_context`` parameter of ``urllib3.PoolManager.connection_from_pool_key``. This change should have no effect on users as the default value of ``None`` was an invalid option and was never used (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Removed the ``urllib3.request`` module. ``urllib3.request.RequestMethods`` has been made a private API. This change was made to ensure that ``from urllib3 import request`` imported the top-level ``request()`` function instead of the ``urllib3.request`` module (`#2269 <https://github.com/urllib3/urllib3/issues/2269>`__). * Removed support for SSLv3.0 from the ``urllib3.contrib.pyopenssl`` even when support is available from the compiled OpenSSL library (`#2233 <https://github.com/urllib3/urllib3/issues/2233>`__). * Removed the deprecated ``urllib3.contrib.ntlmpool`` module (`#2339 <https://github.com/urllib3/urllib3/issues/2339>`__). * Removed ``DEFAULT_CIPHERS``, ``HAS_SNI``, ``USE_DEFAULT_SSLCONTEXT_CIPHERS``, from the private module ``urllib3.util.ssl_`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed ``urllib3.exceptions.SNIMissingWarning`` (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Removed the ``_prepare_conn`` method from ``HTTPConnectionPool``. Previously this was only used to call ``HTTPSConnection.set_cert()`` by ``HTTPSConnectionPool`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Removed ``tls_in_tls_required`` property from ``HTTPSConnection``. This is now determined from the ``scheme`` parameter in ``HTTPConnection.set_tunnel()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Deprecated ---------- * Deprecated ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` which will be removed in urllib3 v2.1.0. Instead use ``HTTPResponse.headers`` and ``HTTPResponse.headers.get(name, default)``. (`#1543 <https://github.com/urllib3/urllib3/issues/1543>`__, `#2814 <https://github.com/urllib3/urllib3/issues/2814>`__). * Deprecated ``urllib3.contrib.pyopenssl`` module which will be removed in urllib3 v2.1.0 (`#2691 <https://github.com/urllib3/urllib3/issues/2691>`__). * Deprecated ``urllib3.contrib.securetransport`` module which will be removed in urllib3 v2.1.0 (`#2692 <https://github.com/urllib3/urllib3/issues/2692>`__). * Deprecated ``ssl_version`` option in favor of ``ssl_minimum_version``. ``ssl_version`` will be removed in urllib3 v2.1.0 (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Deprecated the ``strict`` parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#2267 <https://github.com/urllib3/urllib3/issues/2267>`__) * Deprecated the ``NewConnectionError.pool`` attribute which will be removed in urllib3 v2.1.0 (`#2271 <https://github.com/urllib3/urllib3/issues/2271>`__). * Deprecated ``format_header_param_html5`` and ``format_header_param`` in favor of ``format_multipart_header_param`` (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``RequestField.header_formatter`` parameter which will be removed in urllib3 v2.1.0 (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Deprecated ``HTTPSConnection.set_cert()`` method. Instead pass parameters to the ``HTTPSConnection`` constructor (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Deprecated ``HTTPConnection.request_chunked()`` method which will be removed in urllib3 v2.1.0. Instead pass ``chunked=True`` to ``HTTPConnection.request()`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). Added ----- * Added top-level ``urllib3.request`` function which uses a preconfigured module-global ``PoolManager`` instance (`#2150 <https://github.com/urllib3/urllib3/issues/2150>`__). * Added the ``json`` parameter to ``urllib3.request()``, ``PoolManager.request()``, and ``ConnectionPool.request()`` methods to send JSON bodies in requests. Using this parameter will set the header ``Content-Type: application/json`` if ``Content-Type`` isn't already defined. Added support for parsing JSON response bodies with ``HTTPResponse.json()`` method (`#2243 <https://github.com/urllib3/urllib3/issues/2243>`__). * Added type hints to the ``urllib3`` module (`#1897 <https://github.com/urllib3/urllib3/issues/1897>`__). * Added ``ssl_minimum_version`` and ``ssl_maximum_version`` options which set ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Added support for Zstandard (RFC 8878) when ``zstandard`` 1.18.0 or later is installed. Added the ``zstd`` extra which installs the ``zstandard`` package (`#1992 <https://github.com/urllib3/urllib3/issues/1992>`__). * Added ``urllib3.response.BaseHTTPResponse`` class. All future response classes will be subclasses of ``BaseHTTPResponse`` (`#2083 <https://github.com/urllib3/urllib3/issues/2083>`__). * Added ``FullPoolError`` which is raised when ``PoolManager(block=True)`` and a connection is returned to a full pool (`#2197 <https://github.com/urllib3/urllib3/issues/2197>`__). * Added ``HTTPHeaderDict`` to the top-level ``urllib3`` namespace (`#2216 <https://github.com/urllib3/urllib3/issues/2216>`__). * Added support for configuring header merging behavior with HTTPHeaderDict When using a ``HTTPHeaderDict`` to provide headers for a request, by default duplicate header values will be repeated. But if ``combine=True`` is passed into a call to ``HTTPHeaderDict.add``, then the added header value will be merged in with an existing value into a comma-separated list (``X-My-Header: foo, bar``) (`#2242 <https://github.com/urllib3/urllib3/issues/2242>`__). * Added ``NameResolutionError`` exception when a DNS error occurs (`#2305 <https://github.com/urllib3/urllib3/issues/2305>`__). * Added ``proxy_assert_hostname`` and ``proxy_assert_fingerprint`` kwargs to ``ProxyManager`` (`#2409 <https://github.com/urllib3/urllib3/issues/2409>`__). * Added a configurable ``backoff_max`` parameter to the ``Retry`` class. If a custom ``backoff_max`` is provided to the ``Retry`` class, it will replace the ``Retry.DEFAULT_BACKOFF_MAX`` (`#2494 <https://github.com/urllib3/urllib3/issues/2494>`__). * Added the ``authority`` property to the Url class as per RFC 3986 3.2. This property should be used in place of ``netloc`` for users who want to include the userinfo (auth) component of the URI (`#2520 <https://github.com/urllib3/urllib3/issues/2520>`__). * Added the ``scheme`` parameter to ``HTTPConnection.set_tunnel`` to configure the scheme of the origin being tunnelled to (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added the ``is_closed``, ``is_connected`` and ``has_connected_to_proxy`` properties to ``HTTPConnection`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Added optional ``backoff_jitter`` parameter to ``Retry``. (`#2952 <https://github.com/urllib3/urllib3/issues/2952>`__) Changed ------- * Changed ``urllib3.response.HTTPResponse.read`` to respect the semantics of ``io.BufferedIOBase`` regardless of compression. Specifically, this method: * Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). * Never returns more bytes than requested. * Can issue any number of system calls: zero, one or multiple. If you want each ``urllib3.response.HTTPResponse.read`` call to issue a single system call, you need to disable decompression by setting ``decode_content=False`` (`#2128 <https://github.com/urllib3/urllib3/issues/2128>`__). * Changed ``urllib3.HTTPConnection.getresponse`` to return an instance of ``urllib3.HTTPResponse`` instead of ``http.client.HTTPResponse`` (`#2648 <https://github.com/urllib3/urllib3/issues/2648>`__). * Changed ``ssl_version`` to instead set the corresponding ``SSLContext.minimum_version`` and ``SSLContext.maximum_version`` values. Regardless of ``ssl_version`` passed ``SSLContext`` objects are now constructed using ``ssl.PROTOCOL_TLS_CLIENT`` (`#2110 <https://github.com/urllib3/urllib3/issues/2110>`__). * Changed default ``SSLContext.minimum_version`` to be ``TLSVersion.TLSv1_2`` in line with Python 3.10 (`#2373 <https://github.com/urllib3/urllib3/issues/2373>`__). * Changed ``ProxyError`` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#2482 <https://github.com/urllib3/urllib3/pull/2482>`__). * Changed ``urllib3.util.create_urllib3_context`` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#2168 <https://github.com/urllib3/urllib3/issues/2168>`__). * Changed ``multipart/form-data`` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#2257 <https://github.com/urllib3/urllib3/issues/2257>`__). * Changed the error raised when connecting via HTTPS when the ``ssl`` module isn't available from ``SSLError`` to ``ImportError`` (`#2589 <https://github.com/urllib3/urllib3/issues/2589>`__). * Changed ``HTTPConnection.request()`` to always use lowercase chunk boundaries when sending requests with ``Transfer-Encoding: chunked`` (`#2515 <https://github.com/urllib3/urllib3/issues/2515>`__). * Changed ``enforce_content_length`` default to True, preventing silent data loss when reading streamed responses (`#2514 <https://github.com/urllib3/urllib3/issues/2514>`__). * Changed internal implementation of ``HTTPHeaderDict`` to use ``dict`` instead of ``collections.OrderedDict`` for better performance (`#2080 <https://github.com/urllib3/urllib3/issues/2080>`__). * Changed the ``urllib3.contrib.pyopenssl`` module to wrap ``OpenSSL.SSL.Error`` with ``ssl.SSLError`` in ``PyOpenSSLContext.load_cert_chain`` (`#2628 <https://github.com/urllib3/urllib3/issues/2628>`__). * Changed usage of the deprecated ``socket.error`` to ``OSError`` (`#2120 <https://github.com/urllib3/urllib3/issues/2120>`__). * Changed all parameters in the ``HTTPConnection`` and ``HTTPSConnection`` constructors to be keyword-only except ``host`` and ``port`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed ``HTTPConnection.getresponse()`` to set the socket timeout from ``HTTPConnection.timeout`` value before reading data from the socket. This previously was done manually by the ``HTTPConnectionPool`` calling ``HTTPConnection.sock.settimeout(...)`` (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed the ``_proxy_host`` property to ``_tunnel_host`` in ``HTTPConnectionPool`` to more closely match how the property is used (value in ``HTTPConnection.set_tunnel()``) (`#1985 <https://github.com/urllib3/urllib3/issues/1985>`__). * Changed name of ``Retry.BACK0FF_MAX`` to be ``Retry.DEFAULT_BACKOFF_MAX``. * Changed TLS handshakes to use ``SSLContext.check_hostname`` when possible (`#2452 <https://github.com/urllib3/urllib3/pull/2452>`__). * Changed ``server_hostname`` to behave like other parameters only used by ``HTTPSConnectionPool`` (`#2537 <https://github.com/urllib3/urllib3/pull/2537>`__). * Changed the default ``blocksize`` to 16KB to match OpenSSL's default read amounts (`#2348 <https://github.com/urllib3/urllib3/pull/2348>`__). * Changed ``HTTPResponse.read()`` to raise an error when calling with ``decode_content=False`` after using ``decode_content=True`` to prevent data loss (`#2800 <https://github.com/urllib3/urllib3/issues/2800>`__). Fixed ----- * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress (`#1252 <https://github.com/urllib3/urllib3/issues/1252>`__). * Fixed an issue where an ``HTTPConnection`` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if ``HTTPConnection.timeout`` is updated before sending the next request the new timeout value will be used (`#2645 <https://github.com/urllib3/urllib3/issues/2645>`__). * Fixed ``socket.error.errno`` when raised from pyOpenSSL's ``OpenSSL.SSL.SysCallError`` (`#2118 <https://github.com/urllib3/urllib3/issues/2118>`__). * Fixed the default value of ``HTTPSConnection.socket_options`` to match ``HTTPConnection`` (`#2213 <https://github.com/urllib3/urllib3/issues/2213>`__). * Fixed a bug where ``headers`` would be modified by the ``remove_headers_on_redirect`` feature (`#2272 <https://github.com/urllib3/urllib3/issues/2272>`__). * Fixed a reference cycle bug in ``urllib3.util.connection.create_connection()`` (`#2277 <https://github.com/urllib3/urllib3/issues/2277>`__). * Fixed a socket leak if ``HTTPConnection.connect()`` fails (`#2571 <https://github.com/urllib3/urllib3/pull/2571>`__). * Fixed ``urllib3.contrib.pyopenssl.WrappedSocket`` and ``urllib3.contrib.securetransport.WrappedSocket`` close methods (`#2970 <https://github.com/urllib3/urllib3/issues/2970>`__)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.15 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <ul> <li>Added top-level <code>urllib3.request</code> function which uses a preconfigured module-global <code>PoolManager</code> instance (<a href="https://redirect.github.com/urllib3/urllib3/issues/2150">#2150</a>).</li> <li>Added the <code>json</code> parameter to <code>urllib3.request()</code>, <code>PoolManager.request()</code>, and <code>ConnectionPool.request()</code> methods to send JSON bodies in requests. Using this parameter will set the header <code>Content-Type: application/json</code> if <code>Content-Type</code> isn't already defined. Added support for parsing JSON response bodies with <code>HTTPResponse.json()</code> method (<a href="https://redirect.github.com/urllib3/urllib3/issues/2243">#2243</a>).</li> <li>Added type hints to the <code>urllib3</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Added <code>ssl_minimum_version</code> and <code>ssl_maximum_version</code> options which set <code>SSLContext.minimum_version</code> and <code>SSLContext.maximum_version</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Added support for Zstandard (RFC 8878) when <code>zstandard</code> 1.18.0 or later is installed. Added the <code>zstd</code> extra which installs the <code>zstandard</code> package (<a href="https://redirect.github.com/urllib3/urllib3/issues/1992">#1992</a>).</li> <li>Added <code>urllib3.response.BaseHTTPResponse</code> class. All future response classes will be subclasses of <code>BaseHTTPResponse</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2083">#2083</a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<code>[#2339](urllib3/urllib3#2339) <https://github.com/urllib3/urllib3/issues/2339></code>__).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<code>[#1985](urllib3/urllib3#1985) <https://github.com/urllib3/urllib3/issues/1985></code>__).</li> <li>Removed the <code>strict</code> parameter/attribute from <code>HTTPConnection</code>, <code>HTTPSConnection</code>, <code>HTTPConnectionPool</code>, <code>HTTPSConnectionPool</code>, and <code>HTTPResponse</code> (<code>[#2064](urllib3/urllib3#2064) <https://github.com/urllib3/urllib3/issues/2064></code>__).</li> </ul> <h2>Deprecated</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/b234aaf7ccbcb64012d8b33d21eb8bc9f768935d"><code>b234aaf</code></a> Release 2.0.2</li> <li><a href="https://github.com/urllib3/urllib3/commit/d8dcdd7c236430af15f6ccd47fb3d00c408bb1c0"><code>d8dcdd7</code></a> Reflect removal of <code>strict</code> in the 2.0.0 changelog</li> <li><a href="https://github.com/urllib3/urllib3/commit/4714836a667eb4837d005eb89d34fae60b9dc6cc"><code>4714836</code></a> Continue reading the response stream if there is buffered decompressed data</li> <li><a href="https://github.com/urllib3/urllib3/commit/6351614959b6599fe53312223c972daba75a671f"><code>6351614</code></a> Show urllib3.request() in README (<a href="https://redirect.github.com/urllib3/urllib3/issues/3006">#3006</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/08237ad0729f4ec2e0bd093cf08e518025d2001d"><code>08237ad</code></a> Fix flaky test_ssl_failure_midway_through_conn</li> <li><a href="https://github.com/urllib3/urllib3/commit/b85e93d619a323b92c2954da852857e0119d71b8"><code>b85e93d</code></a> Release 2.0.1</li> <li><a href="https://github.com/urllib3/urllib3/commit/09b36c693ca7d9d92d77b434648832d919543dcb"><code>09b36c6</code></a> Improve assert_fingerprint changelog and tests</li> <li><a href="https://github.com/urllib3/urllib3/commit/02ae65a45654bb3ced12b9ad22278c11e214aaf8"><code>02ae65a</code></a> Fix HTTPResponse.read(0) when underlying buffer is empty (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/4fb8da2d4e7b7488b432118efe1007d00c81bb53"><code>4fb8da2</code></a> Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint</li> <li><a href="https://github.com/urllib3/urllib3/commit/7052b83d543d9554e542ff04688cf473b1fbaa53"><code>7052b83</code></a> Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (<a href="https://redirect.github.com/urllib3/urllib3/issues/2996">#2996</a>)</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.15...2.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.15&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 2.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.0.3</h2> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. <a href="https://redirect.github.com/urllib3/urllib3/issues/3020">#3020</a></li> <li>Deprecated URLs which don't have an explicit scheme <a href="https://redirect.github.com/urllib3/urllib3/pull/2950">#2950</a></li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. <a href="https://redirect.github.com/urllib3/urllib3/issues/3008">#3008</a></li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. <a href="https://redirect.github.com/urllib3/urllib3/issues/3051">#3051</a></li> </ul> <h2>2.0.2</h2> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3009">urllib3/urllib3#3009</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2991">#2991</a>)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<a href="https://redirect.github.com/urllib3/urllib3/issues/2998">#2998</a>)</li> </ul> <h2>2.0.0</h2> <p>Read the <a href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">v2.0 migration guide</a> for help upgrading to the latest version of urllib3.</p> <h1>Removed</h1> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<a href="https://redirect.github.com/urllib3/urllib3/issues/883">#883</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2336">#2336</a>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2113">#2113</a>).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<a href="https://redirect.github.com/urllib3/urllib3/issues/2082">#2082</a>).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<a href="https://redirect.github.com/urllib3/urllib3/issues/2044">#2044</a>).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2086">#2086</a>).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2648">#2648</a>).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<a href="https://redirect.github.com/urllib3/urllib3/issues/1897">#1897</a>).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2269">#2269</a>).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<a href="https://redirect.github.com/urllib3/urllib3/issues/2233">#2233</a>).</li> <li>Removed the deprecated <code>urllib3.contrib.ntlmpool</code> module (<a href="https://redirect.github.com/urllib3/urllib3/issues/2339">#2339</a>).</li> <li>Removed <code>DEFAULT_CIPHERS</code>, <code>HAS_SNI</code>, <code>USE_DEFAULT_SSLCONTEXT_CIPHERS</code>, from the private module <code>urllib3.util.ssl_</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed <code>urllib3.exceptions.SNIMissingWarning</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2168">#2168</a>).</li> <li>Removed the <code>_prepare_conn</code> method from <code>HTTPConnectionPool</code>. Previously this was only used to call <code>HTTPSConnection.set_cert()</code> by <code>HTTPSConnectionPool</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Removed <code>tls_in_tls_required</code> property from <code>HTTPSConnection</code>. This is now determined from the <code>scheme</code> parameter in <code>HTTPConnection.set_tunnel()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Deprecated</h1> <ul> <li>Deprecated <code>HTTPResponse.getheaders()</code> and <code>HTTPResponse.getheader()</code> which will be removed in urllib3 v2.1.0. Instead use <code>HTTPResponse.headers</code> and <code>HTTPResponse.headers.get(name, default)</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/1543">#1543</a>, <a href="https://redirect.github.com/urllib3/urllib3/issues/2814">#2814</a>).</li> <li>Deprecated <code>urllib3.contrib.pyopenssl</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2691">#2691</a>).</li> <li>Deprecated <code>urllib3.contrib.securetransport</code> module which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2692">#2692</a>).</li> <li>Deprecated <code>ssl_version</code> option in favor of <code>ssl_minimum_version</code>. <code>ssl_version</code> will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2110">#2110</a>).</li> <li>Deprecated the <code>strict</code> parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2267">#2267</a>)</li> <li>Deprecated the <code>NewConnectionError.pool</code> attribute which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2271">#2271</a>).</li> <li>Deprecated <code>format_header_param_html5</code> and <code>format_header_param</code> in favor of <code>format_multipart_header_param</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>RequestField.header_formatter</code> parameter which will be removed in urllib3 v2.1.0 (<a href="https://redirect.github.com/urllib3/urllib3/issues/2257">#2257</a>).</li> <li>Deprecated <code>HTTPSConnection.set_cert()</code> method. Instead pass parameters to the <code>HTTPSConnection</code> constructor (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> <li>Deprecated <code>HTTPConnection.request_chunked()</code> method which will be removed in urllib3 v2.1.0. Instead pass <code>chunked=True</code> to <code>HTTPConnection.request()</code> (<a href="https://redirect.github.com/urllib3/urllib3/issues/1985">#1985</a>).</li> </ul> <h1>Added</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.0.3 (2023-06-07)</h1> <ul> <li>Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (<code>[#3020](urllib3/urllib3#3020) <https://github.com/urllib3/urllib3/issues/3020></code>__)</li> <li>Deprecated URLs which don't have an explicit scheme (<code>[#2950](urllib3/urllib3#2950) <https://github.com/urllib3/urllib3/pull/2950></code>_)</li> <li>Fixed response decoding with Zstandard when compressed data is made of several frames. (<code>[#3008](urllib3/urllib3#3008) <https://github.com/urllib3/urllib3/issues/3008></code>__)</li> <li>Fixed <code>assert_hostname=False</code> to correctly skip hostname check. (<code>[#3051](urllib3/urllib3#3051) <https://github.com/urllib3/urllib3/issues/3051></code>__)</li> </ul> <h1>2.0.2 (2023-05-03)</h1> <ul> <li>Fixed <code>HTTPResponse.stream()</code> to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (<code>[#3009](urllib3/urllib3#3009) <https://github.com/urllib3/urllib3/issues/3009></code>__)</li> </ul> <h1>2.0.1 (2023-04-30)</h1> <ul> <li>Fixed a socket leak when fingerprint or hostname verifications fail. (<code>[#2991](urllib3/urllib3#2991) <https://github.com/urllib3/urllib3/issues/2991></code>__)</li> <li>Fixed an error when <code>HTTPResponse.read(0)</code> was the first <code>read</code> call or when the internal response body buffer was otherwise empty. (<code>[#2998](urllib3/urllib3#2998) <https://github.com/urllib3/urllib3/issues/2998></code>__)</li> </ul> <h1>2.0.0 (2023-04-26)</h1> <p>Read the <code>v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html></code>__ for help upgrading to the latest version of urllib3.</p> <h2>Removed</h2> <ul> <li>Removed support for Python 2.7, 3.5, and 3.6 (<code>[#883](urllib3/urllib3#883) <https://github.com/urllib3/urllib3/issues/883></code><strong>, <code>[#2336](urllib3/urllib3#2336) <https://github.com/urllib3/urllib3/issues/2336></code></strong>).</li> <li>Removed fallback on certificate <code>commonName</code> in <code>match_hostname()</code> function. This behavior was deprecated in May 2000 in RFC 2818. Instead only <code>subjectAltName</code> is used to verify the hostname by default. To enable verifying the hostname against <code>commonName</code> use <code>SSLContext.hostname_checks_common_name = True</code> (<code>[#2113](urllib3/urllib3#2113) <https://github.com/urllib3/urllib3/issues/2113></code>__).</li> <li>Removed support for Python with an <code>ssl</code> module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an <code>ImportError</code> is raised (<code>[#2168](urllib3/urllib3#2168) <https://github.com/urllib3/urllib3/issues/2168></code>__).</li> <li>Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (<code>[#2082](urllib3/urllib3#2082) <https://github.com/urllib3/urllib3/issues/2082></code>__).</li> <li>Removed <code>urllib3.contrib.appengine.AppEngineManager</code> and support for Google App Engine Standard Environment (<code>[#2044](urllib3/urllib3#2044) <https://github.com/urllib3/urllib3/issues/2044></code>__).</li> <li>Removed deprecated <code>Retry</code> options <code>method_whitelist</code>, <code>DEFAULT_REDIRECT_HEADERS_BLACKLIST</code> (<code>[#2086](urllib3/urllib3#2086) <https://github.com/urllib3/urllib3/issues/2086></code>__).</li> <li>Removed <code>urllib3.HTTPResponse.from_httplib</code> (<code>[#2648](urllib3/urllib3#2648) <https://github.com/urllib3/urllib3/issues/2648></code>__).</li> <li>Removed default value of <code>None</code> for the <code>request_context</code> parameter of <code>urllib3.PoolManager.connection_from_pool_key</code>. This change should have no effect on users as the default value of <code>None</code> was an invalid option and was never used (<code>[#1897](urllib3/urllib3#1897) <https://github.com/urllib3/urllib3/issues/1897></code>__).</li> <li>Removed the <code>urllib3.request</code> module. <code>urllib3.request.RequestMethods</code> has been made a private API. This change was made to ensure that <code>from urllib3 import request</code> imported the top-level <code>request()</code> function instead of the <code>urllib3.request</code> module (<code>[#2269](urllib3/urllib3#2269) <https://github.com/urllib3/urllib3/issues/2269></code>__).</li> <li>Removed support for SSLv3.0 from the <code>urllib3.contrib.pyopenssl</code> even when support is available from the compiled OpenSSL library (<code>[#2233](urllib3/urllib3#2233) <https://github.com/urllib3/urllib3/issues/2233></code>__).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/urllib3/urllib3/commit/92196a0f08b2c2139117546ccfbdd3429eb72469"><code>92196a0</code></a> Release 2.0.3</li> <li><a href="https://github.com/urllib3/urllib3/commit/52d2eb1d19cc23b14043591b7d7904c6e5311fa5"><code>52d2eb1</code></a> Fix assert_hostname=False (<a href="https://redirect.github.com/urllib3/urllib3/issues/3055">#3055</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/bfbd47e3da75702f14d124b64ce877a0e0cd331a"><code>bfbd47e</code></a> Fix Python 3.12 CI</li> <li><a href="https://github.com/urllib3/urllib3/commit/b63cc4c4868dadf1545ad9c5c189096532148a7d"><code>b63cc4c</code></a> Correct docstring for Retry backoff factor (<a href="https://redirect.github.com/urllib3/urllib3/issues/3037">#3037</a>)</li> <li><a href="https://github.com/urllib3/urllib3/commit/7e3884d973c56267c32e0dacf19804afd8a00175"><code>7e3884d</code></a> Allow non-OpenSSL TLS libaries with a warning</li> <li><a href="https://github.com/urllib3/urllib3/commit/e67f13c44fa4aada1954df96eb8cccbb5f2dbd2a"><code>e67f13c</code></a> Add 1.26.16 release to CHANGES.rst on main</li> <li><a href="https://github.com/urllib3/urllib3/commit/ffa2b634392a389da7033834fa485fd648d37e42"><code>ffa2b63</code></a> Deprecate URLs without an explicit scheme</li> <li><a href="https://github.com/urllib3/urllib3/commit/4e9060bfa03af9d6057423b3a54f67e0cd2e7892"><code>4e9060b</code></a> Added OpenGraph information to the documentation</li> <li><a href="https://github.com/urllib3/urllib3/commit/8e94754f85c59d826ac0604d0dd2a0b41874bb36"><code>8e94754</code></a> Remove outdated reference in LICENSE.txt</li> <li><a href="https://github.com/urllib3/urllib3/commit/5dbc8e23488862aadab0706128d387af2f406b51"><code>5dbc8e2</code></a> Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0</li> <li>Additional commits viewable in <a href="https://github.com/urllib3/urllib3/compare/1.26.14...2.0.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=urllib3&package-manager=pip&previous-version=1.26.14&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [urllib3](https://togithub.com/urllib3/urllib3) ([changelog](https://togithub.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==1.26.16` -> `==2.0.4` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/urllib3/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/1.26.16/2.0.4?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the logs for more information. --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.0.4`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#204-2023-07-19) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.3...2.0.4) \================== - Added support for union operators to `HTTPHeaderDict` (`#​2254 <https://github.com/urllib3/urllib3/issues/2254>`\__) - Added `BaseHTTPResponse` to `urllib3.__all__` (`#​3078 <https://github.com/urllib3/urllib3/issues/3078>`\__) - Fixed `urllib3.connection.HTTPConnection` to raise the `http.client.connect` audit event to have the same behavior as the standard library HTTP client (`#​2757 <https://github.com/urllib3/urllib3/issues/2757>`\__) - Relied on the standard library for checking hostnames in supported PyPy releases (`#​3087 <https://github.com/urllib3/urllib3/issues/3087>`\__) ### [`v2.0.3`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#203-2023-06-07) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.2...2.0.3) \================== - Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. (`#​3020 <https://github.com/urllib3/urllib3/issues/3020>`\__) - Deprecated URLs which don't have an explicit scheme (`#​2950 <https://github.com/urllib3/urllib3/pull/2950>`\_) - Fixed response decoding with Zstandard when compressed data is made of several frames. (`#​3008 <https://github.com/urllib3/urllib3/issues/3008>`\__) - Fixed `assert_hostname=False` to correctly skip hostname check. (`#​3051 <https://github.com/urllib3/urllib3/issues/3051>`\__) ### [`v2.0.2`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#202-2023-05-03) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.1...2.0.2) \================== - Fixed `HTTPResponse.stream()` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (`#​3009 <https://github.com/urllib3/urllib3/issues/3009>`\__) ### [`v2.0.1`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#201-2023-04-30) [Compare Source](https://togithub.com/urllib3/urllib3/compare/2.0.0...2.0.1) \================== - Fixed a socket leak when fingerprint or hostname verifications fail. (`#​2991 <https://github.com/urllib3/urllib3/issues/2991>`\__) - Fixed an error when `HTTPResponse.read(0)` was the first `read` call or when the internal response body buffer was otherwise empty. (`#​2998 <https://github.com/urllib3/urllib3/issues/2998>`\__) ### [`v2.0.0`](https://togithub.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#200-2023-04-26) [Compare Source](https://togithub.com/urllib3/urllib3/compare/1.26.16...2.0.0) \================== Read the `v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>`\__ for help upgrading to the latest version of urllib3. ## Removed - Removed support for Python 2.7, 3.5, and 3.6 (`#​883 <https://github.com/urllib3/urllib3/issues/883>`**, `#​2336 <https://github.com/urllib3/urllib3/issues/2336>`**). - Removed fallback on certificate `commonName` in `match_hostname()` function. This behavior was deprecated in May 2000 in RFC 2818. Instead only `subjectAltName` is used to verify the hostname by default. To enable verifying the hostname against `commonName` use `SSLContext.hostname_checks_common_name = True` (`#​2113 <https://github.com/urllib3/urllib3/issues/2113>`\__). - Removed support for Python with an `ssl` module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an `ImportError` is raised (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (`#​2082 <https://github.com/urllib3/urllib3/issues/2082>`\__). - Removed `urllib3.contrib.appengine.AppEngineManager` and support for Google App Engine Standard Environment (`#​2044 <https://github.com/urllib3/urllib3/issues/2044>`\__). - Removed deprecated `Retry` options `method_whitelist`, `DEFAULT_REDIRECT_HEADERS_BLACKLIST` (`#​2086 <https://github.com/urllib3/urllib3/issues/2086>`\__). - Removed `urllib3.HTTPResponse.from_httplib` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Removed default value of `None` for the `request_context` parameter of `urllib3.PoolManager.connection_from_pool_key`. This change should have no effect on users as the default value of `None` was an invalid option and was never used (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Removed the `urllib3.request` module. `urllib3.request.RequestMethods` has been made a private API. This change was made to ensure that `from urllib3 import request` imported the top-level `request()` function instead of the `urllib3.request` module (`#​2269 <https://github.com/urllib3/urllib3/issues/2269>`\__). - Removed support for SSLv3.0 from the `urllib3.contrib.pyopenssl` even when support is available from the compiled OpenSSL library (`#​2233 <https://github.com/urllib3/urllib3/issues/2233>`\__). - Removed the deprecated `urllib3.contrib.ntlmpool` module (`#​2339 <https://github.com/urllib3/urllib3/issues/2339>`\__). - Removed `DEFAULT_CIPHERS`, `HAS_SNI`, `USE_DEFAULT_SSLCONTEXT_CIPHERS`, from the private module `urllib3.util.ssl_` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed `urllib3.exceptions.SNIMissingWarning` (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Removed the `_prepare_conn` method from `HTTPConnectionPool`. Previously this was only used to call `HTTPSConnection.set_cert()` by `HTTPSConnectionPool` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed `tls_in_tls_required` property from `HTTPSConnection`. This is now determined from the `scheme` parameter in `HTTPConnection.set_tunnel()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Removed the `strict` parameter/attribute from `HTTPConnection`, `HTTPSConnection`, `HTTPConnectionPool`, `HTTPSConnectionPool`, and `HTTPResponse` (`#​2064 <https://github.com/urllib3/urllib3/issues/2064>`\__). ## Deprecated - Deprecated `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` which will be removed in urllib3 v2.1.0. Instead use `HTTPResponse.headers` and `HTTPResponse.headers.get(name, default)`. (`#​1543 <https://github.com/urllib3/urllib3/issues/1543>`**, `#​2814 <https://github.com/urllib3/urllib3/issues/2814>`**). - Deprecated `urllib3.contrib.pyopenssl` module which will be removed in urllib3 v2.1.0 (`#​2691 <https://github.com/urllib3/urllib3/issues/2691>`\__). - Deprecated `urllib3.contrib.securetransport` module which will be removed in urllib3 v2.1.0 (`#​2692 <https://github.com/urllib3/urllib3/issues/2692>`\__). - Deprecated `ssl_version` option in favor of `ssl_minimum_version`. `ssl_version` will be removed in urllib3 v2.1.0 (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Deprecated the `strict` parameter of `PoolManager.connection_from_context()` as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (`#​2267 <https://github.com/urllib3/urllib3/issues/2267>`\__) - Deprecated the `NewConnectionError.pool` attribute which will be removed in urllib3 v2.1.0 (`#​2271 <https://github.com/urllib3/urllib3/issues/2271>`\__). - Deprecated `format_header_param_html5` and `format_header_param` in favor of `format_multipart_header_param` (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `RequestField.header_formatter` parameter which will be removed in urllib3 v2.1.0 (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Deprecated `HTTPSConnection.set_cert()` method. Instead pass parameters to the `HTTPSConnection` constructor (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Deprecated `HTTPConnection.request_chunked()` method which will be removed in urllib3 v2.1.0. Instead pass `chunked=True` to `HTTPConnection.request()` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). ## Added - Added top-level `urllib3.request` function which uses a preconfigured module-global `PoolManager` instance (`#​2150 <https://github.com/urllib3/urllib3/issues/2150>`\__). - Added the `json` parameter to `urllib3.request()`, `PoolManager.request()`, and `ConnectionPool.request()` methods to send JSON bodies in requests. Using this parameter will set the header `Content-Type: application/json` if `Content-Type` isn't already defined. Added support for parsing JSON response bodies with `HTTPResponse.json()` method (`#​2243 <https://github.com/urllib3/urllib3/issues/2243>`\__). - Added type hints to the `urllib3` module (`#​1897 <https://github.com/urllib3/urllib3/issues/1897>`\__). - Added `ssl_minimum_version` and `ssl_maximum_version` options which set `SSLContext.minimum_version` and `SSLContext.maximum_version` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Added support for Zstandard (RFC 8878) when `zstandard` 1.18.0 or later is installed. Added the `zstd` extra which installs the `zstandard` package (`#​1992 <https://github.com/urllib3/urllib3/issues/1992>`\__). - Added `urllib3.response.BaseHTTPResponse` class. All future response classes will be subclasses of `BaseHTTPResponse` (`#​2083 <https://github.com/urllib3/urllib3/issues/2083>`\__). - Added `FullPoolError` which is raised when `PoolManager(block=True)` and a connection is returned to a full pool (`#​2197 <https://github.com/urllib3/urllib3/issues/2197>`\__). - Added `HTTPHeaderDict` to the top-level `urllib3` namespace (`#​2216 <https://github.com/urllib3/urllib3/issues/2216>`\__). - Added support for configuring header merging behavior with HTTPHeaderDict When using a `HTTPHeaderDict` to provide headers for a request, by default duplicate header values will be repeated. But if `combine=True` is passed into a call to `HTTPHeaderDict.add`, then the added header value will be merged in with an existing value into a comma-separated list (`X-My-Header: foo, bar`) (`#​2242 <https://github.com/urllib3/urllib3/issues/2242>`\__). - Added `NameResolutionError` exception when a DNS error occurs (`#​2305 <https://github.com/urllib3/urllib3/issues/2305>`\__). - Added `proxy_assert_hostname` and `proxy_assert_fingerprint` kwargs to `ProxyManager` (`#​2409 <https://github.com/urllib3/urllib3/issues/2409>`\__). - Added a configurable `backoff_max` parameter to the `Retry` class. If a custom `backoff_max` is provided to the `Retry` class, it will replace the `Retry.DEFAULT_BACKOFF_MAX` (`#​2494 <https://github.com/urllib3/urllib3/issues/2494>`\__). - Added the `authority` property to the Url class as per RFC 3986 3.2. This property should be used in place of `netloc` for users who want to include the userinfo (auth) component of the URI (`#​2520 <https://github.com/urllib3/urllib3/issues/2520>`\__). - Added the `scheme` parameter to `HTTPConnection.set_tunnel` to configure the scheme of the origin being tunnelled to (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added the `is_closed`, `is_connected` and `has_connected_to_proxy` properties to `HTTPConnection` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Added optional `backoff_jitter` parameter to `Retry`. (`#​2952 <https://github.com/urllib3/urllib3/issues/2952>`\__) ## Changed - Changed `urllib3.response.HTTPResponse.read` to respect the semantics of `io.BufferedIOBase` regardless of compression. Specifically, this method: - Only returns an empty bytes object to indicate EOF (that is, the response has been fully consumed). - Never returns more bytes than requested. - Can issue any number of system calls: zero, one or multiple. If you want each `urllib3.response.HTTPResponse.read` call to issue a single system call, you need to disable decompression by setting `decode_content=False` (`#​2128 <https://github.com/urllib3/urllib3/issues/2128>`\__). - Changed `urllib3.HTTPConnection.getresponse` to return an instance of `urllib3.HTTPResponse` instead of `http.client.HTTPResponse` (`#​2648 <https://github.com/urllib3/urllib3/issues/2648>`\__). - Changed `ssl_version` to instead set the corresponding `SSLContext.minimum_version` and `SSLContext.maximum_version` values. Regardless of `ssl_version` passed `SSLContext` objects are now constructed using `ssl.PROTOCOL_TLS_CLIENT` (`#​2110 <https://github.com/urllib3/urllib3/issues/2110>`\__). - Changed default `SSLContext.minimum_version` to be `TLSVersion.TLSv1_2` in line with Python 3.10 (`#​2373 <https://github.com/urllib3/urllib3/issues/2373>`\__). - Changed `ProxyError` to wrap any connection error (timeout, TLS, DNS) that occurs when connecting to the proxy (`#​2482 <https://github.com/urllib3/urllib3/pull/2482>`\__). - Changed `urllib3.util.create_urllib3_context` to not override the system cipher suites with a default value. The new default will be cipher suites configured by the operating system (`#​2168 <https://github.com/urllib3/urllib3/issues/2168>`\__). - Changed `multipart/form-data` header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. Control characters in filenames are no longer percent encoded (`#​2257 <https://github.com/urllib3/urllib3/issues/2257>`\__). - Changed the error raised when connecting via HTTPS when the `ssl` module isn't available from `SSLError` to `ImportError` (`#​2589 <https://github.com/urllib3/urllib3/issues/2589>`\__). - Changed `HTTPConnection.request()` to always use lowercase chunk boundaries when sending requests with `Transfer-Encoding: chunked` (`#​2515 <https://github.com/urllib3/urllib3/issues/2515>`\__). - Changed `enforce_content_length` default to True, preventing silent data loss when reading streamed responses (`#​2514 <https://github.com/urllib3/urllib3/issues/2514>`\__). - Changed internal implementation of `HTTPHeaderDict` to use `dict` instead of `collections.OrderedDict` for better performance (`#​2080 <https://github.com/urllib3/urllib3/issues/2080>`\__). - Changed the `urllib3.contrib.pyopenssl` module to wrap `OpenSSL.SSL.Error` with `ssl.SSLError` in `PyOpenSSLContext.load_cert_chain` (`#​2628 <https://github.com/urllib3/urllib3/issues/2628>`\__). - Changed usage of the deprecated `socket.error` to `OSError` (`#​2120 <https://github.com/urllib3/urllib3/issues/2120>`\__). - Changed all parameters in the `HTTPConnection` and `HTTPSConnection` constructors to be keyword-only except `host` and `port` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed `HTTPConnection.getresponse()` to set the socket timeout from `HTTPConnection.timeout` value before reading data from the socket. This previously was done manually by the `HTTPConnectionPool` calling `HTTPConnection.sock.settimeout(...)` (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed the `_proxy_host` property to `_tunnel_host` in `HTTPConnectionPool` to more closely match how the property is used (value in `HTTPConnection.set_tunnel()`) (`#​1985 <https://github.com/urllib3/urllib3/issues/1985>`\__). - Changed name of `Retry.BACK0FF_MAX` to be `Retry.DEFAULT_BACKOFF_MAX`. - Changed TLS handshakes to use `SSLContext.check_hostname` when possible (`#​2452 <https://github.com/urllib3/urllib3/pull/2452>`\__). - Changed `server_hostname` to behave like other parameters only used by `HTTPSConnectionPool` (`#​2537 <https://github.com/urllib3/urllib3/pull/2537>`\__). - Changed the default `blocksize` to 16KB to match OpenSSL's default read amounts (`#​2348 <https://github.com/urllib3/urllib3/pull/2348>`\__). - Changed `HTTPResponse.read()` to raise an error when calling with `decode_content=False` after using `decode_content=True` to prevent data loss (`#​2800 <https://github.com/urllib3/urllib3/issues/2800>`\__). ## Fixed - Fixed thread-safety issue where accessing a `PoolManager` with many distinct origins would cause connection pools to be closed while requests are in progress (`#​1252 <https://github.com/urllib3/urllib3/issues/1252>`\__). - Fixed an issue where an `HTTPConnection` instance would erroneously reuse the socket read timeout value from reading the previous response instead of a newly configured connect timeout. Instead now if `HTTPConnection.timeout` is updated before sending the next request the new timeout value will be used (`#​2645 <https://github.com/urllib3/urllib3/issues/2645>`\__). - Fixed `socket.error.errno` when raised from pyOpenSSL's `OpenSSL.SSL.SysCallError` (`#​2118 <https://github.com/urllib3/urllib3/issues/2118>`\__). - Fixed the default value of `HTTPSConnection.socket_options` to match `HTTPConnection` (`#​2213 <https://github.com/urllib3/urllib3/issues/2213>`\__). - Fixed a bug where `headers` would be modified by the `remove_headers_on_redirect` feature (`#​2272 <https://github.com/urllib3/urllib3/issues/2272>`\__). - Fixed a reference cycle bug in `urllib3.util.connection.create_connection()` (`#​2277 <https://github.com/urllib3/urllib3/issues/2277>`\__). - Fixed a socket leak if `HTTPConnection.connect()` fails (`#​2571 <https://github.com/urllib3/urllib3/pull/2571>`\__). - Fixed `urllib3.contrib.pyopenssl.WrappedSocket` and `urllib3.contrib.securetransport.WrappedSocket` close methods (`#​2970 <https://github.com/urllib3/urllib3/issues/2970>`\__) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/owntracks/android). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi41Ni4wIiwidXBkYXRlZEluVmVyIjoiMzYuNjQuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
So originally I was planning on dropping more than just RSA for v2, however after speaking with @hynek it seems a lot of these ciphers are likely still in use and secure so we'll keep them.
However because there's less being removed here I'm wondering if we need the second part of #1989: the fallback to previous
DEFAULT_CIPHERS
if a deprecated TLS version is used.cc @tiran
Closes #1989
Closes #2090