Bump urllib3 from 1.25.11 to 1.26.2
Created by: dependabot-preview[bot]
Bumps urllib3 from 1.25.11 to 1.26.2.
Release notes
Sourced from urllib3's releases.
1.26.2
⚠ IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Fixed an issue where
wrap_socket
andCERT_REQUIRED
wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)1.26.1
⚠ IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
- Fixed an issue where two
User-Agent
headers would be sent if aUser-Agent
header key is passed asbytes
(Pull #2047)1.26.0
⚠ IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap
Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting
ssl_version=ssl.PROTOCOL_TLSv1_1
(Pull #2002) Starting in urllib3 v2.0: Connections that receive aDeprecationWarning
will failDeprecated
Retry
optionsRetry.DEFAULT_METHOD_WHITELIST
,Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST
andRetry(method_whitelist=...)
in favor ofRetry.DEFAULT_ALLOWED_METHODS
,Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT
, andRetry(allowed_methods=...)
(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removedAdded default
User-Agent
header to every request (Pull #1750)Added
urllib3.util.SKIP_HEADER
for skippingUser-Agent
,Accept-Encoding
, andHost
headers from being automatically emitted with requests (Pull #2018)Collapse
transfer-encoding: chunked
request data and framing into the samesocket.send()
call (Pull #1906)Send
http/1.1
ALPN identifier with every TLS handshake by default (Pull #1894)Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
Don't emit an
SNIMissingWarning
when passingserver_hostname=None
to SecureTransport (Pull #1903)Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
Suppress
BrokenPipeError
when writing request body after the server has closed the socket (Pull #1524)Wrap
ssl.SSLError
that can be raised from reading a socket (e.g. "bad MAC") into anurllib3.exceptions.SSLError
(Pull #1939)
Changelog
Sourced from urllib3's changelog.
1.26.2 (2020-11-12)
- Fixed an issue where
wrap_socket
andCERT_REQUIRED
wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052)1.26.1 (2020-11-11)
- Fixed an issue where two
User-Agent
headers would be sent if aUser-Agent
header key is passed asbytes
(Pull #2047)1.26.0 (2020-11-10)
- NOTE: urllib3 v2.0 will drop support for Python 2. Read more in the v2.0 Roadmap.
- Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
- Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting
ssl_version=ssl.PROTOCOL_TLSv1_1
(Pull #2002) Starting in urllib3 v2.0: Connections that receive aDeprecationWarning
will fail- Deprecated
Retry
optionsRetry.DEFAULT_METHOD_WHITELIST
,Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST
andRetry(method_whitelist=...)
in favor ofRetry.DEFAULT_ALLOWED_METHODS
,Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT
, andRetry(allowed_methods=...)
(Pull #2000) Starting in urllib3 v2.0: Deprecated options will be removed- Added default
User-Agent
header to every request (Pull #1750)- Added
urllib3.util.SKIP_HEADER
for skippingUser-Agent
,Accept-Encoding
, andHost
headers from being automatically emitted with requests (Pull #2018)- Collapse
transfer-encoding: chunked
request data and framing into the samesocket.send()
call (Pull #1906)- Send
http/1.1
ALPN identifier with every TLS handshake by default (Pull #1894)- Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
- Don't emit an
SNIMissingWarning
when passingserver_hostname=None
to SecureTransport (Pull #1903)- Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
- Suppress
BrokenPipeError
when writing request body after the server has closed the socket (Pull #1524)- Wrap
ssl.SSLError
that can be raised from reading a socket (e.g. "bad MAC") into anurllib3.exceptions.SSLError
(Pull #1939)
Commits
-
dd00949
Release 1.26.2 -
1db71ae
[1.26] Import features from ssl module with more granularity -
969fd39
Release 1.26.1 -
f4464f7
[1.26] Don't send 'User-Agent' twice if header is binary -
d2e3d03
Add back the HTTPHeaderDict import from 1.25.x -
ddb8c96
Release: 1.26.0 -
ec8b438
Remove type stubs from 1.26 branch -
ce16b21
Improve readability on return handling logic. -
6fc17a3
Fix constructor parameter order in SSLTransport. -
6dc3b68
Skip TLS versions if disabled by OpenSSL config - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language -
@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)