dependabot-preview[bot]
commented
4 years ago Superseded by #152.
Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago Superseded by #152.
Bumps urllib3 from 1.25.3 to 1.25.5.
Release notes
*Sourced from [urllib3's releases](https://github.com/urllib3/urllib3/releases).* > ## 1.25.5 > Release: 1.25.5 > > ## 1.25.4 > Release: 1.25.4Changelog
*Sourced from [urllib3's changelog](https://github.com/urllib3/urllib3/blob/master/CHANGES.rst).* > 1.25.5 (2019-09-19) > =================== > > - Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using `cert_reqs=CERT_NONE`. (Issue [#1682](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1682)) > > 1.25.4 (2019-09-19) > =================== > > - Propagate Retry-After header settings to subsequent retries. (Pull [#1607](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1607)) > - Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull [#1607](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1607)) > - Remove dependency on `rfc3986` for URL parsing. > - Fix issue where URLs containing invalid characters within `Url.auth` would raise an exception instead of percent-encoding those characters. > - Add support for `HTTPResponse.auto_close = False` which makes HTTP responses work well with BufferedReaders and other `io` module features. (Pull [#1652](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1652)) > - Percent-encode invalid characters in URL for `HTTPConnectionPool.request()` (Pull [#1673](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1673))Commits
- [`edc3ddb`](https://github.com/urllib3/urllib3/commit/edc3ddb3d1cbc5871df4a17a53ca53be7b37facc) Release 1.25.5 ([#1685](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1685)) - [`7e856c0`](https://github.com/urllib3/urllib3/commit/7e856c04723036934fe314c63701466e4f42d2ee) Release 1.25.4 ([#1681](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1681)) - [`0a2950d`](https://github.com/urllib3/urllib3/commit/0a2950defa48cbf7776145ff63569e795ac5e63c) Fix CI for TLSv1.3 ([#1671](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1671)) - [`26cfb9a`](https://github.com/urllib3/urllib3/commit/26cfb9a401078aa9afed871243b30581f59d0e1b) Percent-encode targets and URLs in ConnectionPool ([#1673](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1673)) - [`67715fd`](https://github.com/urllib3/urllib3/commit/67715fd1e1e45d2d1b3d49d8519a1b98e0ac307c) Update URL python/black → psf/black ([#1661](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1661)) - [`17e5fbd`](https://github.com/urllib3/urllib3/commit/17e5fbd4ad280ab47243e4d008ca4a4687111cef) Remove tox from dev-requirements ([#1666](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1666)) - [`ae7f8bb`](https://github.com/urllib3/urllib3/commit/ae7f8bbb57e74ffdb327c5e510963a886fa4ed8b) Fix for Python 4 ([#1669](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1669)) - [`6a626be`](https://github.com/urllib3/urllib3/commit/6a626be4ff623c25270e20db9002705bf4504e4e) Enable TLS 1.3 post-handshake authentication ([#1635](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1635)) - [`f0d9ebc`](https://github.com/urllib3/urllib3/commit/f0d9ebc41e51c4c4c9990b1eed02d297fd1b20d8) Add optional auto_close parameter to HTTPResponse ([#1652](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1652)) - [`deb21bc`](https://github.com/urllib3/urllib3/commit/deb21bc858bb45a7052b2ebb0be16aab704b6291) Change log level of CertificateError within match_hostname ([#1657](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1657)) - Additional commits viewable in [compare view](https://github.com/urllib3/urllib3/compare/1.25.3...1.25.5)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.