ForgeFlux/host-meta-test
2
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity

chore(deps): update dependency urllib3 to v2.6.2 #23

Open
renovate-bot wants to merge 1 commit from renovate/urllib3-2.x into master
pull from: renovate/urllib3-2.x
merge into: ForgeFlux:master
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2024-12-23 18:12:00 +05:30
Member
Copy link

This PR contains the following updates:

Package Change Age Confidence
urllib3 (changelog) ==2.2.3 -> ==2.6.2 age confidence

Release Notes

urllib3/urllib3 (urllib3)

v2.6.2

Compare Source

==================

  • Fixed HTTPResponse.read_chunked() to properly handle leftover data in
    the decoder's buffer when reading compressed chunked responses.
    (#&#8203;3734 <https://github.com/urllib3/urllib3/issues/3734>__)

v2.6.1

Compare Source

==================

  • Restore previously removed HTTPResponse.getheaders() and
    HTTPResponse.getheader() methods.
    (#&#8203;3731 <https://github.com/urllib3/urllib3/issues/3731>__)

v2.6.0

Compare Source

==================

Security

  • Fixed a security issue where streaming API could improperly handle highly
    compressed HTTP content ("decompression bombs") leading to excessive resource
    consumption even when a small amount of data was requested. Reading small
    chunks of compressed data is safer and much more efficient now.
    (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
  • Fixed a security issue where an attacker could compose an HTTP response with
    virtually unlimited links in the Content-Encoding header, potentially
    leading to a denial of service (DoS) attack by exhausting system resources
    during decoding. The number of allowed chained encodings is now limited to 5.
    (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

  • If urllib3 is not installed with the optional urllib3[brotli] extra, but
    your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
    sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
    benefit from the security fixes and avoid warnings. Prefer using
    urllib3[brotli] to install a compatible Brotli package automatically.

  • If you use custom decompressors, please make sure to update them to
    respect the changed API of urllib3.response.ContentDecoder.

Features

  • Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. (#&#8203;3653 <https://github.com/urllib3/urllib3/issues/3653>__)
  • Added host and port information to string representations of HTTPConnection. (#&#8203;3666 <https://github.com/urllib3/urllib3/issues/3666>__)
  • Added support for Python 3.14 free-threading builds explicitly. (#&#8203;3696 <https://github.com/urllib3/urllib3/issues/3696>__)

Removals

  • Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers.
    Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). (#&#8203;3622 <https://github.com/urllib3/urllib3/issues/3622>__)

Bugfixes

  • Fixed redirect handling in urllib3.PoolManager when an integer is passed
    for the retries parameter. (#&#8203;3649 <https://github.com/urllib3/urllib3/issues/3649>__)
  • Fixed HTTPConnectionPool when used in Emscripten with no explicit port. (#&#8203;3664 <https://github.com/urllib3/urllib3/issues/3664>__)
  • Fixed handling of SSLKEYLOGFILE with expandable variables. (#&#8203;3700 <https://github.com/urllib3/urllib3/issues/3700>__)

Misc

  • Changed the zstd extra to install backports.zstd instead of zstandard on Python 3.13 and before. (#&#8203;3693 <https://github.com/urllib3/urllib3/issues/3693>__)
  • Improved the performance of content decoding by optimizing BytesQueueBuffer class. (#&#8203;3710 <https://github.com/urllib3/urllib3/issues/3710>__)
  • Allowed building the urllib3 package with newer setuptools-scm v9.x. (#&#8203;3652 <https://github.com/urllib3/urllib3/issues/3652>__)
  • Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (#&#8203;3638 <https://github.com/urllib3/urllib3/issues/3638>__)

v2.5.0

Compare Source

==================

Features

  • Added support for the compression.zstd module that is new in Python 3.14.
    See PEP 784 <https://peps.python.org/pep-0784/>_ for more information. (#&#8203;3610 <https://github.com/urllib3/urllib3/issues/3610>__)
  • Added support for version 0.5 of hatch-vcs (#&#8203;3612 <https://github.com/urllib3/urllib3/issues/3612>__)

Bugfixes

  • Fixed a security issue where restricting the maximum number of followed
    redirects at the urllib3.PoolManager level via the retries parameter
    did not work.
  • Made the Node.js runtime respect redirect parameters such as retries
    and redirects.
  • Raised exception for HTTPResponse.shutdown on a connection already released to the pool. (#&#8203;3581 <https://github.com/urllib3/urllib3/issues/3581>__)
  • Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. (#&#8203;3615 <https://github.com/urllib3/urllib3/issues/3615>__)

v2.4.0

Compare Source

==================

Features

  • Applied PEP 639 by specifying the license fields in pyproject.toml. (#&#8203;3522 <https://github.com/urllib3/urllib3/issues/3522>__)
  • Updated exceptions to save and restore more properties during the pickle/serialization process. (#&#8203;3567 <https://github.com/urllib3/urllib3/issues/3567>__)
  • Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#&#8203;3571 <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

  • Fixed a bug with partial reads of streaming data in Emscripten. (#&#8203;3555 <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

  • Switched to uv for installing development dependecies. (#&#8203;3550 <https://github.com/urllib3/urllib3/issues/3550>__)
  • Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#&#8203;3566 <https://github.com/urllib3/urllib3/issues/3566>__)

v2.3.0

Compare Source

==================

Features

  • Applied PEP 639 by specifying the license fields in pyproject.toml. (#&#8203;3522 <https://github.com/urllib3/urllib3/issues/3522>__)
  • Updated exceptions to save and restore more properties during the pickle/serialization process. (#&#8203;3567 <https://github.com/urllib3/urllib3/issues/3567>__)
  • Added verify_flags option to create_urllib3_context with a default of VERIFY_X509_PARTIAL_CHAIN and VERIFY_X509_STRICT for Python 3.13+. (#&#8203;3571 <https://github.com/urllib3/urllib3/issues/3571>__)

Bugfixes

  • Fixed a bug with partial reads of streaming data in Emscripten. (#&#8203;3555 <https://github.com/urllib3/urllib3/issues/3555>__)

Misc

  • Switched to uv for installing development dependecies. (#&#8203;3550 <https://github.com/urllib3/urllib3/issues/3550>__)
  • Removed the multiple.intoto.jsonl asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#&#8203;3566 <https://github.com/urllib3/urllib3/issues/3566>__)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [urllib3](https://github.com/urllib3/urllib3) ([changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)) | `==2.2.3` -> `==2.6.2` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/urllib3/2.6.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/urllib3/2.2.3/2.6.2?slim=true) | --- ### Release Notes <details> <summary>urllib3/urllib3 (urllib3)</summary> ### [`v2.6.2`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#262-2025-12-11) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.1...2.6.2) \================== - Fixed `HTTPResponse.read_chunked()` to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (`#&#8203;3734 <https://github.com/urllib3/urllib3/issues/3734>`\_\_) ### [`v2.6.1`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#261-2025-12-08) [Compare Source](https://github.com/urllib3/urllib3/compare/2.6.0...2.6.1) \================== - Restore previously removed `HTTPResponse.getheaders()` and `HTTPResponse.getheader()` methods. (`#&#8203;3731 <https://github.com/urllib3/urllib3/issues/3731>`\_\_) ### [`v2.6.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#260-2025-12-05) [Compare Source](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0) \================== ## Security - Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (`GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>`\_\_) - Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the `Content-Encoding` header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (`GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>`\_\_) .. caution:: - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using `urllib3[brotli]` to install a compatible Brotli package automatically. - If you use custom decompressors, please make sure to update them to respect the changed API of `urllib3.response.ContentDecoder`. ## Features - Enabled retrieval, deletion, and membership testing in `HTTPHeaderDict` using bytes keys. (`#&#8203;3653 <https://github.com/urllib3/urllib3/issues/3653>`\_\_) - Added host and port information to string representations of `HTTPConnection`. (`#&#8203;3666 <https://github.com/urllib3/urllib3/issues/3666>`\_\_) - Added support for Python 3.14 free-threading builds explicitly. (`#&#8203;3696 <https://github.com/urllib3/urllib3/issues/3696>`\_\_) ## Removals - Removed the `HTTPResponse.getheaders()` method in favor of `HTTPResponse.headers`. Removed the `HTTPResponse.getheader(name, default)` method in favor of `HTTPResponse.headers.get(name, default)`. (`#&#8203;3622 <https://github.com/urllib3/urllib3/issues/3622>`\_\_) ## Bugfixes - Fixed redirect handling in `urllib3.PoolManager` when an integer is passed for the retries parameter. (`#&#8203;3649 <https://github.com/urllib3/urllib3/issues/3649>`\_\_) - Fixed `HTTPConnectionPool` when used in Emscripten with no explicit port. (`#&#8203;3664 <https://github.com/urllib3/urllib3/issues/3664>`\_\_) - Fixed handling of `SSLKEYLOGFILE` with expandable variables. (`#&#8203;3700 <https://github.com/urllib3/urllib3/issues/3700>`\_\_) ## Misc - Changed the `zstd` extra to install `backports.zstd` instead of `zstandard` on Python 3.13 and before. (`#&#8203;3693 <https://github.com/urllib3/urllib3/issues/3693>`\_\_) - Improved the performance of content decoding by optimizing `BytesQueueBuffer` class. (`#&#8203;3710 <https://github.com/urllib3/urllib3/issues/3710>`\_\_) - Allowed building the urllib3 package with newer setuptools-scm v9.x. (`#&#8203;3652 <https://github.com/urllib3/urllib3/issues/3652>`\_\_) - Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (`#&#8203;3638 <https://github.com/urllib3/urllib3/issues/3638>`\_\_) ### [`v2.5.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#250-2025-06-18) [Compare Source](https://github.com/urllib3/urllib3/compare/2.4.0...2.5.0) \================== ## Features - Added support for the `compression.zstd` module that is new in Python 3.14. See `PEP 784 <https://peps.python.org/pep-0784/>`\_ for more information. (`#&#8203;3610 <https://github.com/urllib3/urllib3/issues/3610>`\_\_) - Added support for version 0.5 of `hatch-vcs` (`#&#8203;3612 <https://github.com/urllib3/urllib3/issues/3612>`\_\_) ## Bugfixes - Fixed a security issue where restricting the maximum number of followed redirects at the `urllib3.PoolManager` level via the `retries` parameter did not work. - Made the Node.js runtime respect redirect parameters such as `retries` and `redirects`. - Raised exception for `HTTPResponse.shutdown` on a connection already released to the pool. (`#&#8203;3581 <https://github.com/urllib3/urllib3/issues/3581>`\_\_) - Fixed incorrect `CONNECT` statement when using an IPv6 proxy with `connection_from_host`. Previously would not be wrapped in `[]`. (`#&#8203;3615 <https://github.com/urllib3/urllib3/issues/3615>`\_\_) ### [`v2.4.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#240-2025-04-10) [Compare Source](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0) \================== ## Features - Applied PEP 639 by specifying the license fields in pyproject.toml. (`#&#8203;3522 <https://github.com/urllib3/urllib3/issues/3522>`\_\_) - Updated exceptions to save and restore more properties during the pickle/serialization process. (`#&#8203;3567 <https://github.com/urllib3/urllib3/issues/3567>`\_\_) - Added `verify_flags` option to `create_urllib3_context` with a default of `VERIFY_X509_PARTIAL_CHAIN` and `VERIFY_X509_STRICT` for Python 3.13+. (`#&#8203;3571 <https://github.com/urllib3/urllib3/issues/3571>`\_\_) ## Bugfixes - Fixed a bug with partial reads of streaming data in Emscripten. (`#&#8203;3555 <https://github.com/urllib3/urllib3/issues/3555>`\_\_) ## Misc - Switched to uv for installing development dependecies. (`#&#8203;3550 <https://github.com/urllib3/urllib3/issues/3550>`\_\_) - Removed the `multiple.intoto.jsonl` asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (`#&#8203;3566 <https://github.com/urllib3/urllib3/issues/3566>`\_\_) ### [`v2.3.0`](https://github.com/urllib3/urllib3/blob/HEAD/CHANGES.rst#240-2025-04-10) [Compare Source](https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0) \================== ## Features - Applied PEP 639 by specifying the license fields in pyproject.toml. (`#&#8203;3522 <https://github.com/urllib3/urllib3/issues/3522>`\_\_) - Updated exceptions to save and restore more properties during the pickle/serialization process. (`#&#8203;3567 <https://github.com/urllib3/urllib3/issues/3567>`\_\_) - Added `verify_flags` option to `create_urllib3_context` with a default of `VERIFY_X509_PARTIAL_CHAIN` and `VERIFY_X509_STRICT` for Python 3.13+. (`#&#8203;3571 <https://github.com/urllib3/urllib3/issues/3571>`\_\_) ## Bugfixes - Fixed a bug with partial reads of streaming data in Emscripten. (`#&#8203;3555 <https://github.com/urllib3/urllib3/issues/3555>`\_\_) ## Misc - Switched to uv for installing development dependecies. (`#&#8203;3550 <https://github.com/urllib3/urllib3/issues/3550>`\_\_) - Removed the `multiple.intoto.jsonl` asset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (`#&#8203;3566 <https://github.com/urllib3/urllib3/issues/3566>`\_\_) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44Mi4yIiwidXBkYXRlZEluVmVyIjoiNDIuNTIuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJyZW5vdmF0ZS1ib3QiXX0=-->
renovate-bot force-pushed renovate/urllib3-2.x from f17c8b319a to 5173538ca2 2025-03-24 05:15:13 +05:30 Compare
renovate-bot changed title from chore(deps): update dependency urllib3 to v2.3.0 to chore(deps): update dependency urllib3 to v2.4.0 2025-04-14 05:11:04 +05:30
renovate-bot force-pushed renovate/urllib3-2.x from 5173538ca2 to 8d8359303a 2025-04-14 05:11:06 +05:30 Compare
renovate-bot changed title from chore(deps): update dependency urllib3 to v2.4.0 to chore(deps): update dependency urllib3 to v2.5.0 2025-06-23 05:09:41 +05:30
renovate-bot force-pushed renovate/urllib3-2.x from 8d8359303a to 7860ccba13
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
2025-06-23 05:09:42 +05:30 Compare
renovate-bot changed title from chore(deps): update dependency urllib3 to v2.5.0 to chore(deps): update dependency urllib3 to v2.6.0 2025-12-08 05:15:49 +05:30
renovate-bot force-pushed renovate/urllib3-2.x from 7860ccba13
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
to 1506c2ee82
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
ci/woodpecker/push/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
2025-12-08 05:15:51 +05:30 Compare
renovate-bot changed title from chore(deps): update dependency urllib3 to v2.6.0 to chore(deps): update dependency urllib3 to v2.6.2 2025-12-15 05:15:27 +05:30
renovate-bot force-pushed renovate/urllib3-2.x from 1506c2ee82
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
ci/woodpecker/push/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
to caabb44845
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
ci/woodpecker/push/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
2025-12-15 05:15:28 +05:30 Compare
Some checks are pending
ci/woodpecker/pull_request_metadata/woodpecker Pipeline is pending
Details
ci/woodpecker/push/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/urllib3-2.x:renovate/urllib3-2.x
git switch renovate/urllib3-2.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master
git merge --no-ff renovate/urllib3-2.x
git switch renovate/urllib3-2.x
git rebase master
git switch master
git merge --ff-only renovate/urllib3-2.x
git switch renovate/urllib3-2.x
git rebase master
git switch master
git merge --no-ff renovate/urllib3-2.x
git switch master
git merge --squash renovate/urllib3-2.x
git switch master
git merge --ff-only renovate/urllib3-2.x
git switch master
git merge renovate/urllib3-2.x
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
renovate-bot

   
renovate-security

   
security
No labels
renovate-bot
renovate-security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ForgeFlux/host-meta-test!23
No description provided.