Bump urllib3 from 1.26.15 to 2.0.3

[dependabot[bot]]

Bumps urllib3 from 1.26.15 to 2.0.3.

Release notes

Sourced from urllib3's releases.

2.0.3

• Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. #3020
• Deprecated URLs which don't have an explicit scheme #2950
• Fixed response decoding with Zstandard when compressed data is made of several frames. #3008
• Fixed assert_hostname=False to correctly skip hostname check. #3051

2.0.2

• Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (urllib3/urllib3#3009)

2.0.1

• Fixed a socket leak when fingerprint or hostname verifications fail. (#2991)
• Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. (#2998)

2.0.0

Read the v2.0 migration guide for help upgrading to the latest version of urllib3.

Removed

• Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
• Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True (#2113).
• Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168).
• Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised (#2168).
• Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
• Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment (#2044).
• Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST (#2086).
• Removed urllib3.HTTPResponse.from_httplib (#2648).
• Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used (#1897).
• Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module (#2269).
• Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library (#2233).
• Removed the deprecated urllib3.contrib.ntlmpool module (#2339).
• Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ (#2168).
• Removed urllib3.exceptions.SNIMissingWarning (#2168).
• Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool (#1985).
• Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() (#1985).

Deprecated

• Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). (#1543, #2814).
• Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 (#2691).
• Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 (#2692).
• Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 (#2110).
• Deprecated the strict parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267)
• Deprecated the NewConnectionError.pool attribute which will be removed in urllib3 v2.1.0 (#2271).
• Deprecated format_header_param_html5 and format_header_param in favor of format_multipart_header_param (#2257).
• Deprecated RequestField.header_formatter parameter which will be removed in urllib3 v2.1.0 (#2257).
• Deprecated HTTPSConnection.set_cert() method. Instead pass parameters to the HTTPSConnection constructor (#1985).
• Deprecated HTTPConnection.request_chunked() method which will be removed in urllib3 v2.1.0. Instead pass chunked=True to HTTPConnection.request() (#1985).

Added

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.0.3 (2023-06-07)

• Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. ([#3020](https://github.com/urllib3/urllib3/issues/3020) <https://github.com/urllib3/urllib3/issues/3020>__)
• Deprecated URLs which don't have an explicit scheme ([#2950](https://github.com/urllib3/urllib3/issues/2950) <https://github.com/urllib3/urllib3/pull/2950>_)
• Fixed response decoding with Zstandard when compressed data is made of several frames. ([#3008](https://github.com/urllib3/urllib3/issues/3008) <https://github.com/urllib3/urllib3/issues/3008>__)
• Fixed assert_hostname=False to correctly skip hostname check. ([#3051](https://github.com/urllib3/urllib3/issues/3051) <https://github.com/urllib3/urllib3/issues/3051>__)

2.0.2 (2023-05-03)

• Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. ([#3009](https://github.com/urllib3/urllib3/issues/3009) <https://github.com/urllib3/urllib3/issues/3009>__)

2.0.1 (2023-04-30)

• Fixed a socket leak when fingerprint or hostname verifications fail. ([#2991](https://github.com/urllib3/urllib3/issues/2991) <https://github.com/urllib3/urllib3/issues/2991>__)
• Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. ([#2998](https://github.com/urllib3/urllib3/issues/2998) <https://github.com/urllib3/urllib3/issues/2998>__)

2.0.0 (2023-04-26)

Read the v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removed

• Removed support for Python 2.7, 3.5, and 3.6 ([#883](https://github.com/urllib3/urllib3/issues/883) <https://github.com/urllib3/urllib3/issues/883>, [#2336](https://github.com/urllib3/urllib3/issues/2336) <https://github.com/urllib3/urllib3/issues/2336>).
• Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True ([#2113](https://github.com/urllib3/urllib3/issues/2113) <https://github.com/urllib3/urllib3/issues/2113>__).
• Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure ([#2082](https://github.com/urllib3/urllib3/issues/2082) <https://github.com/urllib3/urllib3/issues/2082>__).
• Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment ([#2044](https://github.com/urllib3/urllib3/issues/2044) <https://github.com/urllib3/urllib3/issues/2044>__).
• Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST ([#2086](https://github.com/urllib3/urllib3/issues/2086) <https://github.com/urllib3/urllib3/issues/2086>__).
• Removed urllib3.HTTPResponse.from_httplib ([#2648](https://github.com/urllib3/urllib3/issues/2648) <https://github.com/urllib3/urllib3/issues/2648>__).
• Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used ([#1897](https://github.com/urllib3/urllib3/issues/1897) <https://github.com/urllib3/urllib3/issues/1897>__).
• Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module ([#2269](https://github.com/urllib3/urllib3/issues/2269) <https://github.com/urllib3/urllib3/issues/2269>__).
• Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library ([#2233](https://github.com/urllib3/urllib3/issues/2233) <https://github.com/urllib3/urllib3/issues/2233>__).

... (truncated)

Commits

• 92196a0 Release 2.0.3
• 52d2eb1 Fix assert_hostname=False (#3055)
• bfbd47e Fix Python 3.12 CI
• b63cc4c Correct docstring for Retry backoff factor (#3037)
• 7e3884d Allow non-OpenSSL TLS libaries with a warning
• e67f13c Add 1.26.16 release to CHANGES.rst on main
• ffa2b63 Deprecate URLs without an explicit scheme
• 4e9060b Added OpenGraph information to the documentation
• 8e94754 Remove outdated reference in LICENSE.txt
• 5dbc8e2 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.