ghc-automation-staging-parallel-3 / 3457499_84

0 stars 0 forks source link

Update dependency requests to v2.25.0 #17

Open staging-whitesource-for-github-com[bot] opened 4 hours ago

staging-whitesource-for-github-com[bot] commented 4 hours ago

This PR contains the following updates:

Package Update Change
requests (source, changelog) minor ==2.19.1 -> ==2.25.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2018-18074 #5
High 7.5 CVE-2019-11324 #8
High 7.5 CVE-2021-33503 #11
Medium 6.5 CVE-2020-26137 #3
Medium 6.1 CVE-2019-11236 #9
Medium 6.1 CVE-2019-9740 #4

Release Notes

psf/requests (requests) ### [`v2.25.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2250-2020-11-11) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.24.0...v2.25.0) **Improvements** - Added support for NETRC environment variable. ([#​5643](https://redirect.github.com/psf/requests/issues/5643)) **Dependencies** - Requests now supports urllib3 v1.26. **Deprecations** - Requests v2.25.x will be the last release series with support for Python 3.5. - The `requests[security]` extra is officially deprecated and will be removed in Requests v2.26.0. ### [`v2.24.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2240-2020-06-17) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.23.0...v2.24.0) **Improvements** - pyOpenSSL TLS implementation is now only used if Python either doesn't have an `ssl` module or doesn't support SNI. Previously pyOpenSSL was unconditionally used if available. This applies even if pyOpenSSL is installed via the `requests[security]` extra ([#​5443](https://redirect.github.com/psf/requests/issues/5443)) - Redirect resolution should now only occur when `allow_redirects` is True. ([#​5492](https://redirect.github.com/psf/requests/issues/5492)) - No longer perform unnecessary Content-Length calculation for requests that won't use it. ([#​5496](https://redirect.github.com/psf/requests/issues/5496)) ### [`v2.23.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2230-2020-02-19) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.22.0...v2.23.0) **Improvements** - Remove defunct reference to `prefetch` in Session `__attrs__` ([#​5110](https://redirect.github.com/psf/requests/issues/5110)) **Bugfixes** - Requests no longer outputs password in basic auth usage warning. ([#​5099](https://redirect.github.com/psf/requests/issues/5099)) **Dependencies** - Pinning for `chardet` and `idna` now uses major version instead of minor. This hopefully reduces the need for releases every time a dependency is updated. ### [`v2.22.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2220-2019-05-15) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.21.0...v2.22.0) **Dependencies** - Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible) **Deprecations** - Requests has officially stopped support for Python 3.4. ### [`v2.21.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2210-2018-12-10) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.20.1...v2.21.0) **Dependencies** - Requests now supports idna v2.8. ### [`v2.20.1`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2201-2018-11-08) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.20.0...v2.20.1) **Bugfixes** - Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). ### [`v2.20.0`](https://redirect.github.com/psf/requests/blob/HEAD/HISTORY.md#2200-2018-10-18) [Compare Source](https://redirect.github.com/psf/requests/compare/v2.19.1...v2.20.0) **Bugfixes** - Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). - Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. - Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) - `should_bypass_proxies` now handles URIs without hostnames (e.g. files). **Dependencies** - Requests now supports urllib3 v1.24. **Deprecations** - Requests has officially stopped support for Python 2.6.