chore(deps): bump urllib3 from 1.26.15 to 2.0.4

[dependabot[bot]]

Bumps urllib3 from 1.26.15 to 2.0.4.

Release notes

Sourced from urllib3's releases.

2.0.4

• Added support for union operators to HTTPHeaderDict (#2254)
• Added BaseHTTPResponse to urllib3.__all__ (#3078)
• Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client (#2757)
• Relied on the standard library for checking hostnames in supported PyPy releases (#3087)

2.0.3

• Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. #3020
• Deprecated URLs which don't have an explicit scheme #2950
• Fixed response decoding with Zstandard when compressed data is made of several frames. #3008
• Fixed assert_hostname=False to correctly skip hostname check. #3051

2.0.2

• Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. (urllib3/urllib3#3009)

2.0.1

• Fixed a socket leak when fingerprint or hostname verifications fail. (#2991)
• Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. (#2998)

2.0.0

Read the v2.0 migration guide for help upgrading to the latest version of urllib3.

Removed

• Removed support for Python 2.7, 3.5, and 3.6 (#883, #2336).
• Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True (#2113).
• Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 (#2168).
• Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised (#2168).
• Removed the list of default ciphers for OpenSSL 1.1.1+ and SecureTransport as their own defaults are already secure (#2082).
• Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment (#2044).
• Removed deprecated Retry options method_whitelist, DEFAULT_REDIRECT_HEADERS_BLACKLIST (#2086).
• Removed urllib3.HTTPResponse.from_httplib (#2648).
• Removed default value of None for the request_context parameter of urllib3.PoolManager.connection_from_pool_key. This change should have no effect on users as the default value of None was an invalid option and was never used (#1897).
• Removed the urllib3.request module. urllib3.request.RequestMethods has been made a private API. This change was made to ensure that from urllib3 import request imported the top-level request() function instead of the urllib3.request module (#2269).
• Removed support for SSLv3.0 from the urllib3.contrib.pyopenssl even when support is available from the compiled OpenSSL library (#2233).
• Removed the deprecated urllib3.contrib.ntlmpool module (#2339).
• Removed DEFAULT_CIPHERS, HAS_SNI, USE_DEFAULT_SSLCONTEXT_CIPHERS, from the private module urllib3.util.ssl_ (#2168).
• Removed urllib3.exceptions.SNIMissingWarning (#2168).
• Removed the _prepare_conn method from HTTPConnectionPool. Previously this was only used to call HTTPSConnection.set_cert() by HTTPSConnectionPool (#1985).
• Removed tls_in_tls_required property from HTTPSConnection. This is now determined from the scheme parameter in HTTPConnection.set_tunnel() (#1985).

Deprecated

• Deprecated HTTPResponse.getheaders() and HTTPResponse.getheader() which will be removed in urllib3 v2.1.0. Instead use HTTPResponse.headers and HTTPResponse.headers.get(name, default). (#1543, #2814).
• Deprecated urllib3.contrib.pyopenssl module which will be removed in urllib3 v2.1.0 (#2691).
• Deprecated urllib3.contrib.securetransport module which will be removed in urllib3 v2.1.0 (#2692).
• Deprecated ssl_version option in favor of ssl_minimum_version. ssl_version will be removed in urllib3 v2.1.0 (#2110).
• Deprecated the strict parameter as it's not longer needed in Python 3.x. It will be removed in urllib3 v2.1.0 (#2267)
• Deprecated the NewConnectionError.pool attribute which will be removed in urllib3 v2.1.0 (#2271).
• Deprecated format_header_param_html5 and format_header_param in favor of format_multipart_header_param (#2257).

... (truncated)

Changelog

Sourced from urllib3's changelog.

2.0.4 (2023-07-19)

• Added support for union operators to HTTPHeaderDict ([#2254](https://github.com/urllib3/urllib3/issues/2254) <https://github.com/urllib3/urllib3/issues/2254>__)
• Added BaseHTTPResponse to urllib3.__all__ ([#3078](https://github.com/urllib3/urllib3/issues/3078) <https://github.com/urllib3/urllib3/issues/3078>__)
• Fixed urllib3.connection.HTTPConnection to raise the http.client.connect audit event to have the same behavior as the standard library HTTP client ([#2757](https://github.com/urllib3/urllib3/issues/2757) <https://github.com/urllib3/urllib3/issues/2757>__)
• Relied on the standard library for checking hostnames in supported PyPy releases ([#3087](https://github.com/urllib3/urllib3/issues/3087) <https://github.com/urllib3/urllib3/issues/3087>__)

2.0.3 (2023-06-07)

• Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. ([#3020](https://github.com/urllib3/urllib3/issues/3020) <https://github.com/urllib3/urllib3/issues/3020>__)
• Deprecated URLs which don't have an explicit scheme ([#2950](https://github.com/urllib3/urllib3/issues/2950) <https://github.com/urllib3/urllib3/pull/2950>_)
• Fixed response decoding with Zstandard when compressed data is made of several frames. ([#3008](https://github.com/urllib3/urllib3/issues/3008) <https://github.com/urllib3/urllib3/issues/3008>__)
• Fixed assert_hostname=False to correctly skip hostname check. ([#3051](https://github.com/urllib3/urllib3/issues/3051) <https://github.com/urllib3/urllib3/issues/3051>__)

2.0.2 (2023-05-03)

• Fixed HTTPResponse.stream() to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. ([#3009](https://github.com/urllib3/urllib3/issues/3009) <https://github.com/urllib3/urllib3/issues/3009>__)

2.0.1 (2023-04-30)

• Fixed a socket leak when fingerprint or hostname verifications fail. ([#2991](https://github.com/urllib3/urllib3/issues/2991) <https://github.com/urllib3/urllib3/issues/2991>__)
• Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. ([#2998](https://github.com/urllib3/urllib3/issues/2998) <https://github.com/urllib3/urllib3/issues/2998>__)

2.0.0 (2023-04-26)

Read the v2.0 migration guide <https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html>__ for help upgrading to the latest version of urllib3.

Removed

• Removed support for Python 2.7, 3.5, and 3.6 ([#883](https://github.com/urllib3/urllib3/issues/883) <https://github.com/urllib3/urllib3/issues/883>, [#2336](https://github.com/urllib3/urllib3/issues/2336) <https://github.com/urllib3/urllib3/issues/2336>).
• Removed fallback on certificate commonName in match_hostname() function. This behavior was deprecated in May 2000 in RFC 2818. Instead only subjectAltName is used to verify the hostname by default. To enable verifying the hostname against commonName use SSLContext.hostname_checks_common_name = True ([#2113](https://github.com/urllib3/urllib3/issues/2113) <https://github.com/urllib3/urllib3/issues/2113>__).
• Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. Python is moving to require OpenSSL with PEP 644 ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).
• Removed support for OpenSSL versions earlier than 1.1.1 or that don't have SNI support. When an incompatible OpenSSL version is detected an ImportError is raised ([#2168](https://github.com/urllib3/urllib3/issues/2168) <https://github.com/urllib3/urllib3/issues/2168>__).

... (truncated)

Commits

• c9fa144 Release version 2.0.4 (#3084)
• d40d146 Add Illia to CODEOWNERS
• 0a375d1 Raise http.client.connect audit events in HTTPConnection (#2859)
• c056eb3 Bump actions/setup-python from 4.6.0 to 4.7.0
• a1c184b Remove warnings filters fixed in pytest 7.4.0 (#3086)
• 609c546 Add support for union operators to HTTPHeaderDict (#2943)
• 05b21ca Bump cryptography from 41.0.0 to 41.0.2
• 9aa0d4f Bump cryptography from 39.0.1 to 41.0.0 (#3057)
• 326c423 Rely on the standard library for checking hostnames in supported PyPy releases
• d0ac08d Bump gh-action-pypi-publish to v1.8.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)