USDA-ARS-NWRC / smrf

SMRF was designed to increase the flexibility of taking measured weather data, or atmospheric models, and distributing the data across a watershed.
Other
12 stars 4 forks source link

Bump urllib3 from 1.23 to 1.24.2 #124

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps urllib3 from 1.23 to 1.24.2.

Changelog *Sourced from [urllib3's changelog](https://github.com/urllib3/urllib3/blob/master/CHANGES.rst).* > 1.24.2 (2019-04-17) > ------------------- > > * Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or > ``ssl_context`` parameters are specified. > > * Remove Authorization header regardless of case when redirecting to cross-site. (Issue [#1510](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1510)) > > * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue [#1269](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1269)) > > > 1.24.1 (2018-11-02) > ------------------- > > * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue [#1467](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1467)) > > * Restored functionality of ``ciphers`` parameter for ``create_urllib3_context()``. (Issue [#1462](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1462)) > > > 1.24 (2018-10-16) > ----------------- > > * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull [#1449](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1449)) > > * Test against Python 3.7 on AppVeyor. (Pull [#1453](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1453)) > > * Early-out ipv6 checks when running on App Engine. (Pull [#1450](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1450)) > > * Change ambiguous description of backoff_factor (Pull [#1436](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1436)) > > * Add ability to handle multiple Content-Encodings (Issue [#1441](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1441) and Pull [#1442](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1442)) > > * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue [#1405](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1405)). > > * Add a server_hostname parameter to HTTPSConnection which allows for > overriding the SNI hostname sent in the handshake. (Pull [#1397](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1397)) > > * Drop support for EOL Python 2.6 (Pull [#1429](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1429) and Pull [#1430](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1430)) > > * Fixed bug where responses with header Content-Type: message/* erroneously > raised HeaderParsingError, resulting in a warning being logged. (Pull [#1439](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1439)) > > * Move urllib3 to src/urllib3 (Pull [#1409](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1409))
Commits - [`1efadf4`](https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1) Release 1.24.2 ([#1564](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1564)) - [`a6ec68a`](https://github.com/urllib3/urllib3/commit/a6ec68a5c5c5743c59fe5c62c635c929586c429b) Merging new release version: 1.24.1 - [`0cedb3b`](https://github.com/urllib3/urllib3/commit/0cedb3b0f1e5d79c89c6db767c534b064b794cf2) Restore context.set_ciphers() to create_urllib3_context() ([#1463](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1463)) - [`0aeba3b`](https://github.com/urllib3/urllib3/commit/0aeba3be0224a930f6ffef254ed12b41303a86d7) Use bytearray to accumulate bytes from gzip ([#1468](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1468)) - [`f8d1c78`](https://github.com/urllib3/urllib3/commit/f8d1c787d9b02a70d66ddbde9c99061d9073d54a) Uninstall oclint to ensure gcc can be brew upgraded ([#1464](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1464)) - [`cd7cfa6`](https://github.com/urllib3/urllib3/commit/cd7cfa613b2678e700597d098ce9bbdc934863e6) Resolve pytest pluggy version conflict ([#1457](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1457)) - [`b548abc`](https://github.com/urllib3/urllib3/commit/b548abc9812a628d3290d0cab83e44f3c31ac6fe) Update changelog for 1.24 release - [`ef0c745`](https://github.com/urllib3/urllib3/commit/ef0c74542abe69421a86c4d3c6a86fe43cb809a4) Merging new release version: 1.24 - [`a0964d9`](https://github.com/urllib3/urllib3/commit/a0964d9947c07d2b8495726ac23ad251b5d236af) Add missing key_server_hostname variable ([#1449](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1449)) - [`34d8298`](https://github.com/urllib3/urllib3/commit/34d8298ecf93c84f9916457d89701d6d5c807780) Test against Python 3.7 on AppVeyor ([#1453](https://github-redirect.dependabot.com/urllib3/urllib3/issues/1453)) - Additional commits viewable in [compare view](https://github.com/urllib3/urllib3/compare/1.23...1.24.2)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/USDA-ARS-NWRC/smrf/network/alerts).
scotthavens commented 5 years ago

urllib3 is a dependency of coveralls but SMRF's requirements has it fixed. In PR #112 and issue #111 have addressed this, but it will not propagate to the mater branch. My recommendation is a hotfix to remove urllib3 from the requirements and let coveralls manage the dependency.

micahjohnson150 commented 5 years ago

Closing in favor of merging PR #112 which requires a dockerfile version change for IPW which requires a merging of IPW's PR #4.

dependabot[bot] commented 5 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.