chore(deps): update dependency urllib3 to v2.6.2 #105
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
konflux-internal-p02
bot
requested review from
leseb and
terrytangyuan
as code owners
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
deleted the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
restored the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
deleted the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
restored the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
deleted the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
6b0e4aa to
e2df1b4
Compare
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
restored the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
deleted the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
restored the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
048cfc2 to
e2df1b4
Compare
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
c0785d1 to
e2df1b4
Compare
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
d8eedb6 to
e2df1b4
Compare
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
0dae456 to
e2df1b4
Compare
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
changed the title
konflux-internal-p02
bot
force-pushed
the
konflux/mintmaker/rhoai-2.24/urllib3-2.x
branch
from
0ed0819 to
e2df1b4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.3.0->==2.6.2Release Notes
urllib3/urllib3 (urllib3)
v2.6.2Compare Source
==================
HTTPResponse.read_chunked()to properly handle leftover data inthe decoder's buffer when reading compressed chunked responses.
(
#​3734 <https://github.com/urllib3/urllib3/issues/3734>__)v2.6.1Compare Source
==================
HTTPResponse.getheaders()andHTTPResponse.getheader()methods.(
#​3731 <https://github.com/urllib3/urllib3/issues/3731>__)v2.6.0Compare Source
==================
Security
compressed HTTP content ("decompression bombs") leading to excessive resource
consumption even when a small amount of data was requested. Reading small
chunks of compressed data is safer and much more efficient now.
(
GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)virtually unlimited links in the
Content-Encodingheader, potentiallyleading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to 5.
(
GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__).. caution::
If urllib3 is not installed with the optional
urllib3[brotli]extra, butyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make
sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
benefit from the security fixes and avoid warnings. Prefer using
urllib3[brotli]to install a compatible Brotli package automatically.If you use custom decompressors, please make sure to update them to
respect the changed API of
urllib3.response.ContentDecoder.Features
HTTPHeaderDictusing bytes keys. (#​3653 <https://github.com/urllib3/urllib3/issues/3653>__)HTTPConnection. (#​3666 <https://github.com/urllib3/urllib3/issues/3666>__)#​3696 <https://github.com/urllib3/urllib3/issues/3696>__)Removals
HTTPResponse.getheaders()method in favor ofHTTPResponse.headers.Removed the
HTTPResponse.getheader(name, default)method in favor ofHTTPResponse.headers.get(name, default). (#​3622 <https://github.com/urllib3/urllib3/issues/3622>__)Bugfixes
urllib3.PoolManagerwhen an integer is passedfor the retries parameter. (
#​3649 <https://github.com/urllib3/urllib3/issues/3649>__)HTTPConnectionPoolwhen used in Emscripten with no explicit port. (#​3664 <https://github.com/urllib3/urllib3/issues/3664>__)SSLKEYLOGFILEwith expandable variables. (#​3700 <https://github.com/urllib3/urllib3/issues/3700>__)Misc
zstdextra to installbackports.zstdinstead ofzstandardon Python 3.13 and before. (#​3693 <https://github.com/urllib3/urllib3/issues/3693>__)BytesQueueBufferclass. (#​3710 <https://github.com/urllib3/urllib3/issues/3710>__)#​3652 <https://github.com/urllib3/urllib3/issues/3652>__)#​3638 <https://github.com/urllib3/urllib3/issues/3638>__)v2.5.0Compare Source
==================
Features
compression.zstdmodule that is new in Python 3.14.See
PEP 784 <https://peps.python.org/pep-0784/>_ for more information. (#​3610 <https://github.com/urllib3/urllib3/issues/3610>__)hatch-vcs(#​3612 <https://github.com/urllib3/urllib3/issues/3612>__)Bugfixes
redirects at the
urllib3.PoolManagerlevel via theretriesparameterdid not work.
retriesand
redirects.HTTPResponse.shutdownon a connection already released to the pool. (#​3581 <https://github.com/urllib3/urllib3/issues/3581>__)CONNECTstatement when using an IPv6 proxy withconnection_from_host. Previously would not be wrapped in[]. (#​3615 <https://github.com/urllib3/urllib3/issues/3615>__)v2.4.0Compare Source
==================
Features
#​3522 <https://github.com/urllib3/urllib3/issues/3522>__)#​3567 <https://github.com/urllib3/urllib3/issues/3567>__)verify_flagsoption tocreate_urllib3_contextwith a default ofVERIFY_X509_PARTIAL_CHAINandVERIFY_X509_STRICTfor Python 3.13+. (#​3571 <https://github.com/urllib3/urllib3/issues/3571>__)Bugfixes
#​3555 <https://github.com/urllib3/urllib3/issues/3555>__)Misc
#​3550 <https://github.com/urllib3/urllib3/issues/3550>__)multiple.intoto.jsonlasset from GitHub releases. Attestation of release files since v2.3.0 can be found on PyPI. (#​3566 <https://github.com/urllib3/urllib3/issues/3566>__)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.