Gusto / it-cpe-opensource

Tools used by the CPE team at Gusto to manage our endpoints and software deployment systems.
Other
59 stars 29 forks source link

Bump urllib3 from 1.26.15 to 2.0.1 #106

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps urllib3 from 1.26.15 to 2.0.1.

Release notes

Sourced from urllib3's releases.

2.0.1

  • Fixed a socket leak when fingerprint or hostname verifications fail. (#2991)
  • Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. (#2998)

2.0.0

Read the v2.0 migration guide for help upgrading to the latest version of urllib3.

Removed

  • Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
  • Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True (#2113).
  • Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168).
  • Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised (#2168).
  • Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
  • Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment (#2044).
  • Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST (#2086).
  • Removed urllib3.HTTPResponse.from_httplib (#2648).
  • Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used (#1897).
  • Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module (#2269).
  • Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library (#2233).
  • Removed the deprecated urllib3.contrib.ntlmpool module (#2339).
  • Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ (#2168).
  • Removed urllib3.exceptions.SNIMissingWarning (#2168).
  • Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool (#1985).
  • Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() (#1985).

Deprecated

  • Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). (#1543, #2814).
  • Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 (#2691).
  • Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 (#2692).
  • Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 (#2110).
  • Deprecated the strict parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267)
  • Deprecated the NewConnectionError.pool attribute which will be removed in urllib3 v2.1.0 (#2271).
  • Deprecated format_header_param_html5 and format_header_param in favor of format_multipart_header_param (#2257).
  • Deprecated RequestField.header_formatter parameter which will be removed in urllib3 v2.1.0 (#2257).
  • Deprecated HTTPSConnection.set_cert() method. Instead pass parameters to the HTTPSConnection constructor (#1985).
  • Deprecated HTTPConnection.request_chunked() method which will be removed in urllib3 v2.1.0. Instead pass chunked=True to HTTPConnection.request() (#1985).

Added

  • Added top-level urllib3.request function which uses a preconfigured module-global PoolManager instance (#2150).
  • Added the json parameter to urllib3.request(), PoolManager.request(), and ConnectionPool.request() methods to send JSON bodies in requests. Using this parameter will set the header Content-Type: application/json if Content-Type isn't already defined. Added support for parsing JSON response bodies with HTTPResponse.json() method (#2243).
  • Added type hints to the urllib3 module (#1897).
  • Added ssl_minimum_version and ssl_maximum_version options which set SSLContext.minimum_version and SSLContext.maximum_version (#2110).
  • Added support for Zstandard (RFC 8878) when zstandard 1.18.0 or later is installed. Added the zstd extra which installs the zstandard package (#1992).
  • Added urllib3.response.BaseHTTPResponse class. All future response classes will be subclasses of BaseHTTPResponse (#2083).
  • Added FullPoolError which is raised when PoolManager(block=True) and a connection is returned to a full pool (#2197).
  • Added HTTPHeaderDict to the top-level urllib3 namespace (#2216).
  • Added support for configuring header merging behavior with HTTPHeaderDict When using a HTTPHeaderDict to provide headers for a request, by default duplicate header values will be repeated. But if combine=True is passed into a call to HTTPHeaderDict.add, then the added header value will be merged in with an existing value into a comma-separated list (X-My-Header: foo, bar) (#2242).

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.0.1 (2023-04-30)

Fixes

  • Fixed a socket leak when fingerprint or hostname verifications fail. ([#2991](https://github.com/urllib3/urllib3/issues/2991) <https://github.com/urllib3/urllib3/issues/2991>__)
  • Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. ([#2998](https://github.com/urllib3/urllib3/issues/2998) <https://github.com/urllib3/urllib3/issues/2998>__)

2.0.0 (2023-04-26)

Read the v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removed

  • Removed support for Python 2.7, 3.5, and 3.6 ([#883](https://github.com/urllib3/urllib3/issues/883) <https://github.com/urllib3/urllib3/issues/883>, [#2336](https://github.com/urllib3/urllib3/issues/2336) <https://github.com/urllib3/urllib3/issues/2336>).
  • Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True ([#2113](https://github.com/urllib3/urllib3/issues/2113) <https://github.com/urllib3/urllib3/issues/2113>__).
  • Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([#2082](https://github.com/urllib3/urllib3/issues/2082) <https://github.com/urllib3/urllib3/issues/2082>__).
  • Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment ([#2044](https://github.com/urllib3/urllib3/issues/2044) <https://github.com/urllib3/urllib3/issues/2044>__).
  • Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST ([#2086](https://github.com/urllib3/urllib3/issues/2086) <https://github.com/urllib3/urllib3/issues/2086>__).
  • Removed urllib3.HTTPResponse.from_httplib ([#2648](https://github.com/urllib3/urllib3/issues/2648) <https://github.com/urllib3/urllib3/issues/2648>__).
  • Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used ([#1897](https://github.com/urllib3/urllib3/issues/1897) <https://github.com/urllib3/urllib3/issues/1897>__).
  • Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module ([#2269](https://github.com/urllib3/urllib3/issues/2269) <https://github.com/urllib3/urllib3/issues/2269>__).
  • Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library ([#2233](https://github.com/urllib3/urllib3/issues/2233) <https://github.com/urllib3/urllib3/issues/2233>__).
  • Removed the deprecated urllib3.contrib.ntlmpool module ([#2339](https://github.com/urllib3/urllib3/issues/2339) <https://github.com/urllib3/urllib3/issues/2339>__).
  • Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed urllib3.exceptions.SNIMissingWarning ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
  • Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool ([#1985](https://github.com/urllib3/urllib3/issues/1985) <https://github.com/urllib3/urllib3/issues/1985>__).
  • Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() ([#1985](https://github.com/urllib3/urllib3/issues/1985) <https://github.com/urllib3/urllib3/issues/1985>__).

Deprecated

  • Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). ([#1543](https://github.com/urllib3/urllib3/issues/1543) <https://github.com/urllib3/urllib3/issues/1543>, [#2814](https://github.com/urllib3/urllib3/issues/2814) <https://github.com/urllib3/urllib3/issues/2814>).
  • Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 ([#2691](https://github.com/urllib3/urllib3/issues/2691) <https://github.com/urllib3/urllib3/issues/2691>__).
  • Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 ([#2692](https://github.com/urllib3/urllib3/issues/2692) <https://github.com/urllib3/urllib3/issues/2692>__).
  • Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 ([#2110](https://github.com/urllib3/urllib3/issues/2110) <https://github.com/urllib3/urllib3/issues/2110>__).
  • Deprecated the strict parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 ([#2267](https://github.com/urllib3/urllib3/issues/2267) <https://github.com/urllib3/urllib3/issues/2267>__)

... (truncated)

Commits
  • b85e93d Release 2.0.1
  • 09b36c6 Improve assert_fingerprint changelog and tests
  • 02ae65a Fix HTTPResponse.read(0) when underlying buffer is empty (#2998)
  • 4fb8da2 Ensure SSLSocket is closed after failure verifying cert hostname or fingerprint
  • 7052b83 Delete 0002-Stop-relying-on-removed-DEFAULT_CIPHERS.patch (#2996)
  • 6446fef Release 2.0.0
  • 9204103 Remove outdated sponsorship tiers
  • c479b73 Release 2.0.0a4
  • e5a5dfc Bump actions/setup-python from 4.5.0 to 4.6.0
  • 3007816 Bump github/codeql-action from 2.2.9 to 2.3.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #111.