dependabot-preview[bot]
commented
4 years ago Superseded by #163.
Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago Superseded by #163.
Bumps urllib3 from 1.25.3 to 1.25.6.
Release notes
*Sourced from [urllib3's releases](https://github.com/urllib3/urllib3/releases).* > ## 1.25.6 > Release: 1.25.6 > > ## 1.25.5 > Release: 1.25.5 > > ## 1.25.4 > Release: 1.25.4Changelog
*Sourced from [urllib3's changelog](https://github.com/urllib3/urllib3/blob/master/CHANGES.rst).* > 1.25.6 (2019-09-24) > =================== > > - Fix issue where tilde (`~`) characters were incorrectly percent-encoded in the path. (Pull [#1692](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1692)) > > 1.25.5 (2019-09-19) > =================== > > - Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using `cert_reqs=CERT_NONE`. (Issue [#1682](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1682)) > > 1.25.4 (2019-09-19) > =================== > > - Propagate Retry-After header settings to subsequent retries. (Pull [#1607](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1607)) > - Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull [#1607](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1607)) > - Remove dependency on `rfc3986` for URL parsing. > - Fix issue where URLs containing invalid characters within `Url.auth` would raise an exception instead of percent-encoding those characters. > - Add support for `HTTPResponse.auto_close = False` which makes HTTP responses work well with BufferedReaders and other `io` module features. (Pull [#1652](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1652)) > - Percent-encode invalid characters in URL for `HTTPConnectionPool.request()` (Pull [#1673](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1673))Commits
- [`6b4ac9b`](https://github.com/urllib3/urllib3/commit/6b4ac9b6b973c405d3e58aaa4ef1ad86252208c0) Release 1.25.6 ([#1693](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1693)) - [`9167b58`](https://github.com/urllib3/urllib3/commit/9167b58128dbfe3ddcbab253166697348d8d364c) Don't percent encode tilde character ([#1692](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1692)) - [`15e05b3`](https://github.com/urllib3/urllib3/commit/15e05b314d890949c5629c1d2ab565ed99517089) Upload coverage on same Python version as tests ([#1690](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1690)) - [`b9a9ec5`](https://github.com/urllib3/urllib3/commit/b9a9ec5bc207c568379494b8563c3ecfd676c0ea) Install MacPython only once on Travis ([#1689](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1689)) - [`ab2adec`](https://github.com/urllib3/urllib3/commit/ab2adec26456dc84bd4cc4f120852db96aa8d1da) travis: bump MacPython version ([#1688](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1688)) - [`7d5972f`](https://github.com/urllib3/urllib3/commit/7d5972fc1f032560de2704944aabf5cf2f1425f8) Add changelog entry for Python 3.4 removal ([#1687](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1687)) - [`5892e63`](https://github.com/urllib3/urllib3/commit/5892e63695319e6c89fed3b435b0dafad17742e4) Drop support for Python 3.4 ([#1686](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1686)) - [`edc3ddb`](https://github.com/urllib3/urllib3/commit/edc3ddb3d1cbc5871df4a17a53ca53be7b37facc) Release 1.25.5 ([#1685](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1685)) - [`7e856c0`](https://github.com/urllib3/urllib3/commit/7e856c04723036934fe314c63701466e4f42d2ee) Release 1.25.4 ([#1681](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1681)) - [`0a2950d`](https://github.com/urllib3/urllib3/commit/0a2950defa48cbf7776145ff63569e795ac5e63c) Fix CI for TLSv1.3 ([#1671](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1671)) - Additional commits viewable in [compare view](https://github.com/urllib3/urllib3/compare/1.25.3...1.25.6)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.