Industrial-Security-Auditing-Framework
Industrial-Security-Auditing-Framework copied to clipboard
Update urllib3 requirement from ~=1.26.9 to ~=1.26.12
Updates the requirements on urllib3 to permit the latest version.
Release notes
Sourced from urllib3's releases.
1.26.12
- Deprecated the
urllib3[secure]
extra and theurllib3.contrib.pyopenssl
module. Both will be removed in v2.x. See this GitHub issue for justification and info on how to migrate.
Changelog
Sourced from urllib3's changelog.
1.26.12 (2022-08-22)
- Deprecated the
urllib3[secure]
extra and theurllib3.contrib.pyopenssl
module. Both will be removed in v2.x. See thisGitHub issue <https://github.com/urllib3/urllib3/issues/2680>
_ for justification and info on how to migrate.1.26.11 (2022-07-25)
- Fixed an issue where reading more than 2 GiB in a call to
HTTPResponse.read
would raise anOverflowError
on Python 3.9 and earlier.1.26.10 (2022-07-07)
- Removed support for Python 3.5
- Fixed an issue where a
ProxyError
recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.1.26.9 (2022-03-16)
- Changed
urllib3[brotli]
extra to favor installing Brotli libraries that are still receiving updates likebrotli
andbrotlicffi
instead ofbrotlipy
. This change does not impact behavior of urllib3, only which dependencies are installed.- Fixed a socket leaking when
HTTPSConnection.connect()
raises an exception.- Fixed
server_hostname
being forwarded fromPoolManager
toHTTPConnectionPool
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.1.26.8 (2022-01-07)
- Added extra message to
urllib3.exceptions.ProxyError
when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.- Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
- Added explicit support for Python 3.11.
- Deprecated the
Retry.MAX_BACKOFF
class property in favor ofRetry.DEFAULT_MAX_BACKOFF
to better match the rest of the default parameter names.Retry.MAX_BACKOFF
is removed in v2.0.- Changed location of the vendored
ssl.match_hostname
function fromurllib3.packages.ssl_match_hostname
tourllib3.util.ssl_match_hostname
to ensure Python 3.10+ compatibility after being repackaged by downstream distributors.- Fixed absolute imports, all imports are now relative.
1.26.7 (2021-09-22)
... (truncated)
Commits
a5b29ac
Add outputs.hashes to build actiona0b22f8
Release 1.26.1213f1117
[1.26] Add SLSA generic generator to publish workflowf95b964
Add deprecation warnings for pyOpenSSL and the [secure] extraaa3def7
Release 1.26.116f93b8f
FixOverflowError
when TLS is used on some Python versions0a5f34d
Set GHA token permissions to be read-onlyac61b73
Backport publish workflow and process to 1.26.x1fd77ed
Release 1.26.1037ba002
[1.26] Update paid contributor program with early feedback- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)