Bump urllib3 from 2.0.4 to 2.0.6

[dependabot[bot]]

Bumps urllib3 from 2.0.4 to 2.0.6.

Release notes

Sourced from urllib3's releases.

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066

Changelog

Sourced from urllib3's changelog.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• 262e3e3 Release 2.0.6
• 644124e Merge pull request from GHSA-v845-jxx5-vc9f
• 740380c Bump cryptography from 41.0.3 to 41.0.4 (#3131)
• d9f85a7 Release 2.0.5
• d41f412 Undeprecate pyOpenSSL module (#3127)
• b6c04cb Fix a link to "absolute URI" definition (#3128)
• af7c78f refactor: change double conditional to one (#3118)
• 34c13c8 Refer to current internet standards in docs on proxies (#3124)
• a3e94f2 Fix a name of an attribute in docs (#3125)
• da69d4f Fix docs build (#3123)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/beaufour/flickr-download/network/alerts).

[beaufour]

@dependabot merge

On Mon, Oct 2, 2023 at 8:18 PM dependabot[bot] @.***> wrote:

This automated pull request fixes a security vulnerability https://github.com/beaufour/flickr-download/security/dependabot/5 (moderate severity).

Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.

---

Bumps urllib3 https://github.com/urllib3/urllib3 from 2.0.4 to 2.0.6. Release notes

Sourced from urllib3's releases https://github.com/urllib3/urllib3/releases.

2.0.6

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f https://github.com/advisories/GHSA-v845-jxx5-vc9f)

2.0.5

• Allowed pyOpenSSL third-party module without any deprecation warning. #3126 https://redirect.github.com/urllib3/urllib3/issues/3126
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066 https://redirect.github.com/urllib3/urllib3/issues/3066%3E

Changelog

Sourced from urllib3's changelog https://github.com/urllib3/urllib3/blob/main/CHANGES.rst.

2.0.6 (2023-10-02)

• Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

• Allowed pyOpenSSL third-party module without any deprecation warning. (#3126 < https://github.com/urllib3/urllib3/issues/3126>__)
• Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. (#3066 < https://github.com/urllib3/urllib3/issues/3066>__)

Commits

• 262e3e3 https://github.com/urllib3/urllib3/commit/262e3e332209ee93ff70e2b13502c8f20c105ac8 Release 2.0.6
• 644124e https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d Merge pull request from GHSA-v845-jxx5-vc9f https://github.com/advisories/GHSA-v845-jxx5-vc9f
• 740380c https://github.com/urllib3/urllib3/commit/740380c59ca2a7c2dceca19e5dba99f6b7060e62 Bump cryptography from 41.0.3 to 41.0.4 (#3131 https://redirect.github.com/urllib3/urllib3/issues/3131)
• d9f85a7 https://github.com/urllib3/urllib3/commit/d9f85a749488188c286cd50606d159874db94d5f Release 2.0.5
• d41f412 https://github.com/urllib3/urllib3/commit/d41f4122966f7f4f5f92001ad518e5d9dafcc886 Undeprecate pyOpenSSL module (#3127 https://redirect.github.com/urllib3/urllib3/issues/3127)
• b6c04cb https://github.com/urllib3/urllib3/commit/b6c04cb3e62ef5a0e4947d037c12fb3ca79e024a Fix a link to "absolute URI" definition (#3128 https://redirect.github.com/urllib3/urllib3/issues/3128)
• af7c78f https://github.com/urllib3/urllib3/commit/af7c78fa30f5a4e265911371d0c59b6baeddca0f refactor: change double conditional to one (#3118 https://redirect.github.com/urllib3/urllib3/issues/3118)
• 34c13c8 https://github.com/urllib3/urllib3/commit/34c13c8e68df6f89890ba08b9fc4fbf87ed21669 Refer to current internet standards in docs on proxies (#3124 https://redirect.github.com/urllib3/urllib3/issues/3124)
• a3e94f2 https://github.com/urllib3/urllib3/commit/a3e94f218cd8297db73302eadae235f0c832a809 Fix a name of an attribute in docs (#3125 https://redirect.github.com/urllib3/urllib3/issues/3125)
• da69d4f https://github.com/urllib3/urllib3/commit/da69d4f4f95bc7ef9307fc8e0499c2121f1e4791 Fix docs build (#3123 https://redirect.github.com/urllib3/urllib3/issues/3123)
• Additional commits viewable in compare view https://github.com/urllib3/urllib3/compare/2.0.4...2.0.6

[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/beaufour/flickr-download/network/alerts.

---

You can view, comment on, or merge this pull request online at:

https://github.com/beaufour/flickr-download/pull/81 Commit Summary

• 51ea070 https://github.com/beaufour/flickr-download/pull/81/commits/51ea07028e1019ed0a797888dc7def3455130892 Bump urllib3 from 2.0.4 to 2.0.6

File Changes

(1 file https://github.com/beaufour/flickr-download/pull/81/files)

• M poetry.lock https://github.com/beaufour/flickr-download/pull/81/files#diff-f53a023eedfa3fbf2925ec7dc76eecdc954ea94b7e47065393dbad519613dc89 (56)

Patch Links:

• https://github.com/beaufour/flickr-download/pull/81.patch
• https://github.com/beaufour/flickr-download/pull/81.diff

— Reply to this email directly, view it on GitHub https://github.com/beaufour/flickr-download/pull/81, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2POKKFHXPDJ4U2SD2CPDX5NKWZAVCNFSM6AAAAAA5QFMR36VHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZDGMBUGU4DEOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>